search

API calls required to collect an audit trail

This article looks at the API calls required to collect an audit trail detailing the SQL commands executed against a datasource.

The dataSource API call required to build up a list of dataSources you may be interested in.

https://<immuta-url>/dataSource?determinePolicyConflicts=false&collectionExclude=false

This produces a JSON record or records containing the datasource ID('s). In this case the target data source is 212 and auditing of SQL executed against this is required.

{ "hits": [ 
{ "name": "Tags Plb Fake People",
 "id": 212, "recordFormat": "Not Provided",
 "deleted": false,
 "description": null,
 "createdAt": "2024-05-02T03:15:38.941Z",
 "subscriptionPolicy": null,
 "schemaEvolutionId": 48,
 "recordCount": 0,
 "blobHandlerType": "Databricks",
 "subscriptionType": "manual",
 "sqlSchemaName": "plb_dbx_tags",
 "status": "passed",
 "statusPriority": 6,
 "subscriptionStatus": "owner",
 "connectionString": ":443/plb_data2",
 "remoteTable": "plb_fake_people",
 "remoteSchema": "tags" } 
],
 "facets": { "statuses": [ { "name": "passed", "count": 0 } ] }, "count": 1 }

Collecting the audit information required around SQL executed against a datasource requires two API calls.

  • The following API call will allow you pull out all audit records for datasource 212 generated between two dates. This provides as its output a record in the format shown below. Each record will need to be examined to identify those of a recordType "nativeQuery".

The "id" found for each audit record can then be used to pull out more detail for the specific audit record.

  • A second API call can be made using the "id" from the record above to obtain details for the specific audit record itself.

This will provide details around who executed SQL against the datasource, what the sql was and when it was executed.

PreviousAltering the default audit trail record types and collection durationNextAzure Gov Backups fail due to incorrect Azure API URL

Last updated