Get security events
This method returns all PTA Security Events.
URL
-
Make sure there are no spaces in the URL.
-
The following characters are not supported in URL values: + & %
-
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/
|
The following (optional) parameters can be used in the query string in the URL:
Parameter |
Description |
---|---|
fromUpdateDate |
The starting date to get the security events from (calculated by the number of seconds since 1970) Type: Number |
status |
The status of the security event (open or closed). If you do not use this parameter, the method will return both open and closed security events. Valid values: open or closed Type: Enum |
accountID |
The unique account identifier of the account that is referred to in the Security Event. The account identifier is the CyberArk PAM - Self-Hosted ID, written in the convention Type: String |
Resource information
HTTP method |
GET |
Content type |
application/json |
Header parameter
Parameter |
Authorization |
Type |
String |
Description |
The JWT token that identifies the session. |
Valid values |
A session token that was returned from the “Logon” method. |
Body parameters
None
Result
This is an example of the result for an array of events. |
|
Parameter |
id |
Type |
String |
Description |
Event ID |
Parameter |
type |
Type |
String |
Description |
Event type |
Parameter |
score |
Type |
Integer |
Description |
Event score |
Parameter |
createTime |
Type |
Double |
Description |
The creation date of the event (represented in milliseconds) |
Parameter |
lastUpdateTime |
Type |
Double |
Description |
The last time the event was updated (represented in milliseconds) |
Parameter |
audits |
Type |
Array |
Description |
Array of audits for the event |
audits |
|
Parameter |
id |
Type |
String |
Description |
Audit ID |
Parameter |
type |
Type |
String |
Description |
Audit type |
Parameter |
sensorType |
Type |
String |
Description |
The type of the sensor that sent the audit |
Parameter |
action |
Type |
String |
Description |
The action of the audit. For example, Vault retrieve password, Vault logon, PSM suspicious activity, and so on |
Parameter |
psmCommand |
Type |
String |
Description |
The suspicious activity |
Parameter |
createTime |
Type |
Double |
Description |
The creation date of the audit |
Parameter |
vaultUser |
Type |
String |
Description |
The Vault user who triggered the session |
Parameter |
account |
Type |
|
Description |
The account used in the session |
account |
|
Parameter |
accountAsStr |
Type |
String |
Description |
String representation of the account used in the session |
Parameter |
type |
Description |
String |
Description |
Account type |
Parameter |
account |
Type |
|
Description |
Detailed account information |
Parameter |
mtarget |
Type |
String |
Description |
Detailed target account information |
mtarget |
|
Parameter |
mOriginalAddress |
Type |
String |
Description |
The original address of the target machine |
Parameter |
mResolvedAddress |
Type |
|
Description |
The resolved address obof the target machineject |
mResolvedAddress |
|
Parameter |
mAddress |
Type |
String |
Description |
The address of the target machine |
Parameter |
mHostName |
Type |
String |
Description |
The host name of the target machine |
Parameter |
mFqdn |
Type |
String |
Description |
The Fqdn of the target machine |
account |
|
Parameter |
source |
Type |
String |
Description |
The source of the audit |
source |
|
Parameter |
mOriginalAddress |
Type |
String |
Description |
The original address that was sent as a source |
Parameter |
mResolvedAddress |
Type |
|
Description |
The resolved address object |
mResolvedAddress |
|
Parameter |
mAddress |
Type |
String |
Description |
The original address |
Parameter |
mHostName |
Type |
String |
Description |
The host name representation of the source address |
Parameter |
mFqdn |
Type |
String |
Description |
The Fqdn representation of the source address |
account |
|
Parameter |
target |
Type |
String |
Description |
The target address of the audit |
target |
|
Parameter |
mOriginalAddress |
Type |
String |
Description |
The original target address of the audit |
Parameter |
mResolvedAddress |
Type |
|
Description |
The resolved target address as an object |
mResolvedAddress |
|
Parameter |
mAddress |
Type |
String |
Description |
The original target address |
Parameter |
mHostName |
Type |
String |
Description |
The host name of the target address |
Parameter |
mFqdn |
Type |
String |
Description |
The Fqdn representation of the target address |
additionalData |
|
Parameter |
mitigationAction |
Type |
String |
Description |
The mitigation action of the session, either terminate or suspend |
Parameter |
sessionIsLive |
Type |
String |
Description |
True or false indicator of whether the session is live |
Parameter |
matchPatterns |
Type |
String |
Description |
The matching patterns of the suspicious activity audit |
Parameter |
sessionIDs |
Type |
Array of strings |
Description |
The session ID |
Parameter |
accountID |
Type |
String |
Description |
The unique identifier of a managed account |
Parameter |
mStatus |
Type |
String |
Description |
The status of the security event (open or closed) |