Skip to main content

Audit Trail API

Notice

A comprehensive Checkmarx One API Reference Guide is now available here.

Introduction

This API enables users to get a complete log of events that occurred in their account over a specified period of time. Events are stored for user management, such as creation or deletion of users and roles. In addition, events are stored for several other Checkmarx One services.

Notice

Event info is stored in CloudEvents format.

Events for the current day are given as a json object with a record for each event. Events for previous days are given as links that are used to download the json for that day's events.

Notice

Events are available for the previous 365 days.

List of Logged Events

The following list shows the events that are currently logged by this service.

Workflow

  1. Use GET /api/audit to get the events for the current day as well as URL links for events on previous days.

  2. For each previous day, use GET <URL> to get the events for that day.

    Note

    You need to submit your JWT token with each request.

Audit Trail Endpoints

The URL for Audit Trail endpoints is <base_url>/api/audit

Swagger

To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Audit Trail in the definition field.

GET Audit Trail

Authentication

Authentication for all Checkmarx One endpoints is done using JWT (JSON Web Token) access token. Access tokens are generated using the Authentication API.

Media Type (header)

Authorization: Bearer <access_token>

Accept: application/json

Curl Sample

curl -X GET "https://eu.ast.checkmarx.net/api/audit" -H "accept: application/json"

Parameters

None

Success Response

Code: 200 OK

Attributes:

Attribute

Type

Description

links[ ]

Returns a record that includes a link to access the events for each date that was included in the request, prior to the current date. The following info is returned for each link:

links/eventDate

Date

The date of the event.

links/url

string

The link to retreive the events for this date.

links/crc

string

A checksum for verifying the authenticity of the downloaded file.

events

Returns a record for each event that occurred on the current date. The following data is returned for each event:

events/eventDate

datetime

The date and time that the event occurred (UTC time).

events/eventType

string

The resource (service) that reported the event.

events/auditResource

string

The type of system entity for which the event occurred. For example, if an application was created, the auditResource will be "application".

events/actionType

string

The type of event that occurred. For example, if an application was created, the actionType will be "created".

events/actionUserId

string

The ID of the user who took the action.

events/ipAddress

string

The public IP address of the user who initiated the event.

events/data

json

Additional data about the event.

Sample Success Response:

{
	"links": [{
		"eventDate": "2022-12-18T00:00:00Z",
		"url": "https://eu.ast.checkmarx.net/storage/audit.checkmarx-ast/audit/12345fe35-965a-4506-b226-e0155ec81234/2022/ast-audit-2022-12-18.json?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ast%2F20221225%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20221225T110608Z&X-Amz-Expires=3600&X-Amz-Signature=233e60417bf21781b915d9ba84ad3c0e6af878c78a01d25b01582e30f12345f&X-Amz-SignedHeaders=host",
		"crc": "52c16c34e5206228881a294593781307ec7f7795409b7b7e91b962786b412345"
	}],
	"events": [{
			"eventDate": "2022-12-19T10:04:30.900264Z",
			"eventType": "events.cxiam.user-group.account.created",
			"auditResource": "user-group.account",
			"actionType": "create",
			"actionUserId": "f6374e40-3d56-4c2e-b0f7-9b5e1e9ec4ab",
			"ipAddress": "",
			"data": {
				"groupId": "b1de5cfe-ae0e-42bd-b2a5-7b9e5a6b266d",
				"userId": "f6374e40-3d56-4c2e-b0f7-9b5e1e9ec4ab"
			}
		},
		{
			"eventDate": "2022-12-19T10:04:30.876611Z",
			"eventType": "events.cxiam.user.account.login",
			"auditResource": "user.account",
			"actionType": "login",
			"actionUserId": "f6374e40-3d56-4c2e-b0f7-9b5e1e9ec4ab",
			"ipAddress": "",
			"data": {
				"id": "f6374e40-3d56-4c2e-b0f7-9b5e1e9ec4ab",
				"status": "OK",
				"username": "org_admin"
			}
		}
	]
}
In this section: