Use this API to search audit log events.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
pageNumber |
Optional |
string |
Provide the page number. The supported values are 0-100. The default value is 0, which indicates the first page. |
|
pageSize |
Optional |
string |
Provide the page size. The default value is 10, and the maximum value you can enter is 200. The number of records in the search result is according to the page size you enter. |
|
qql |
Optional |
string |
Provide the Qualys Query Language (QQL) used to query the audit records. The maximum limit is 500 characters. |
|
startDate |
Optional |
string |
Provide the startDate to narrow down the search scope. |
|
endDate |
Optional |
string |
Provide the endDate to narrow down the search scope. |
API request
curl --location --request POST 'https://<QualysBaseURL>/audit-log/admin/search' \
--header 'Authorization: Bearer <JWT Token> ' \
--header 'Content-Type: application/json' \
--data-raw '{<FilterRequest>}'
Request body
{
"customerUuid":"<customerUuid>",
"endDate":<dateInEpoc>,
"pageNumber":0,
"pageSize":100,
"qql":"<qql>",
"startDate":<Epoc date>,
"userUuid":"<user Uuid>"
}Response
{
"auditRecords": [
{
"id": "eaa0a5b2-1e46-4f43-9dfe-578a88ae01c9",
"auditEnabledAppId": 21,
"applicationName": "pm",
"moduleCode": "PM",
"moduleName": "Patch Management",
"userName": "Jack",
"userRole": "Manager",
"userUuid": "1c9a83aa-20p8-e972-8036-899e5e608855",
"customerUuid": "1c9a83aa-20p8-e972-8036-899e5e608855",
"client": "Chrome-Browser",
"sourceIp": "191.160.45.90",
"createdDate": 1650444199730,
"targetType": "User",
"targetName": "John",
"action": "Add",
"status": "Success",
"auditComment": "Created new User",
"externalChangeLink": "http://masifgw.p04.eng.in03.qualys.com:50164/key"
}
],
"totalCount": 1,
"pageNumber": 0,
"pageSize": 100
}