Skip to main content
GET
/
api
/
v2
/
audit
List audit logs
curl --request GET \
  --url https://bloodhound.specterops.io/openapi.json/api/v2/audit \
  --header 'Authorization: Bearer <token>'
{
  "data": {
    "logs": [
      {
        "id": 123,
        "created_at": "2023-11-07T05:31:56Z",
        "actor_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "actor_name": "<string>",
        "actor_email": "jsmith@example.com",
        "action": "<string>",
        "fields": {},
        "request_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "source_ip_address": "127.0.0.1",
        "commit_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "status": "intent"
      }
    ]
  }
}
Applies to BloodHound Enterprise and CE

Authorizations

Authorization
string
header
required

Authorization: Bearer $JWT_TOKEN

Headers

Prefer
string
default:wait=30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240.

Query Parameters

skip
integer

This query parameter is used for determining the number of objects to skip in pagination. The number of items to skip in a paginated response.

Required range: x >= 0
limit
integer

This query parameter is used for setting an upper limit of objects returned in paginated responses. The limit of results requested by the client.

Required range: x >= 0
created_at
string<date-time>

Filter results by created_at value. See filter schema details for valid predicates. Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

sort_by
string

Sortable columns are id, actor_id, actor_name, actor_email, action, request_id, created_at, source, and status.

Sort by column. Can be used multiple times; prepend a hyphen for descending order. See parameter description for details about which columns are sortable.

before
string<date-time>

Return logs created before the specified time. Value should be in the RFC-3339 format. If not supplied, this will default to the current time.

after
string<date-time>

Return logs created after the specified time. Value should be in the RFC-3339 format. If not supplied, this will default to 1 year before the current time.

id
string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

actor_id
string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

actor_name
string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

actor_email
string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

action
string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

request_id
string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

source
string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

status
string

Filter results by column value. Valid filter predicates are eq, neq. Valid values are success and failure. Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

Response

OK

data
object