audit.export¶
Generate an audit report based on the specified query-filters and query-options for the specified services in the specified export_format.
Supported export_formats are CSV, JSON, and YAML. The endpoint returns a local filesystem path where the resulting audit report is located.
No Additional Items
Tuple Validation
Parameter 1: data
data
Type: objectNo Additional Properties
Services
Type: array of enum (of string) Default: ["MIDDLEWARE", "SUDO"]No Additional Items
Each item of this array must be:
Must be one of:
- "MIDDLEWARE"
- "SMB"
- "SUDO"
- "SYSTEM"
Query-Filters
Type: array Default: []List of filters for query results. See API documentation for "Query Methods" for more guidance.
No Additional ItemsEach item of this array must be:
[
[
"name",
"=",
"bob"
]
]
[
[
"OR",
[
[
[
"name",
"=",
"bob"
]
],
[
[
"name",
"=",
"larry"
]
]
]
]
]
QueryOptions
Type: objectIf the query-option force_sql_filters is true, then the query will be converted into a more efficient form for
better performance. This will not be possible if filters use keys within svc_data and event_data.
Relationships
Type: boolean Default: trueExtend
Default: nullExtend Fk
Type: array of string Default: []No Additional Items
Each item of this array must be:
Extend Context
Default: nullPrefix
Default: nullExtra
Type: object Default: {}Extra options are defined on a per-endpoint basis and are described in the documentation for the associated
query method.
Order By
Type: array of string Default: []An array of field names describing the manner in which query results should be ordered. The field names may
also have one of more of the following special prefixes: - (reverse sort direction), nulls_first: (place
any null values at the head of the results list), nulls_last: (place any null values at the tail of the
results list).
Each item of this array must be:
[
"size",
"-devname",
"nulls_first:-expiretime"
]
Select
Type: array Default: []An array of field names specifying the exact fields to include in the query return. The dot character .
may be used to explicitly select only subkeys of the query result.
Each item of this array must be:
No Additional Items
Each item of this array must be:
[
"username",
"Authentication.status"
]
Count
Type: boolean Default: falseReturn a numeric value representing the number of items that match the specified query-filters.
Get
Type: boolean Default: falseReturn the JSON object of the first result matching the specified query-filters. The query fails
if there specified query-filters return no results.
Offset
Type: integer Default: 0This specifies the beginning offset of the results array. When combined with the limit query-option
it may be used to implement pagination of large results arrays. WARNING: some query methods provide
volatile results and the onus is on the developer to understand whether pagination is appropriate
for a particular query API method.
Limit
Type: integer Default: 0This specifies the maximum number of results matching the specified query-filters to return. When
combined wtih the offset query-option it may be used to implement pagination of large results arrays.
WARNING: some query methods provide volatile results and the onus is on the developer to understand whether
pagination is appropriate for a particular query API method.
Force Sql Filters
Type: boolean Default: falseRemote Controller
Type: boolean Default: falseHA systems may direct the query to the 'remote' controller by including 'remote_controller=True'. The default
is the 'current' controller.
Export Format
Type: enum (of string) Default: "JSON"Must be one of:
- "CSV"
- "JSON"
- "YAML"
Result
Type: stringRequired roles: SYSTEM_AUDIT_READ