API Guide - AuditLogs
- Updated on Apr 27, 2022
Get Audit Logs
Banyan records system activity related to your organization to provide an audit trail. This endpoint returns admin audit logs according to your specific filters and parameters.
HTTP Request
GET /v1/audit_logs
URL Parameters
N/A
Query Parameters
Parameter | Format | Description | Default |
---|---|---|---|
action |
String | Filters by action (such as create , update , delete ,enable , and disable ) |
n/a |
admin_email |
String | Filters by Admin email address | n/a |
end_time |
Int | Filters records that occurred before a specific epoch timestamp (in nanoseconds) | n/a |
limit |
Int | Used in Pagination. Specifies the maximum number of records to return | 25 |
skip |
Int | Used in Pagination. Specifies the number of records to skip | 0 |
start_time |
Int | Filters records that occurred after a specific epoch timestamp (in nanoseconds) | n/a |
type |
String | Filters by type of Admin activity type (such as admin_sign_on , security_attach_policy , idp_settings , et al.) |
n/a |
org_id |
String | orgid should be passed to get auditlogs for specific logs when token is super admin | n/a |
order |
String | Filters records in given order based on created_at timestamp (e.g asc , desc ) |
desc |
Supported Admin Activity Types
The table below lists possible Admin activity types.
Type | Related to |
---|---|
admin_sign_on |
Admin Sign-on method settings (such as Banyan-local or SAML) |
idp_settings |
Identity Provider settings (such as Okta, Cognito, OneLogin, or Other) |
mdm_settings |
Enterprise Device Manager settings |
policy |
Banyan Policies |
registered_service |
Managed Services |
role |
Banyan Roles |
security_attach_policy |
Policies attached to or removed from a service |
trustscore_factors |
Device Scoring settings |
unknown_device |
Unregistered Devices settings (such as access to services and/or HTTP responses) |
device_registration_idp_settings |
|
admin_user |
CRUD on admin user |
mdm_deploy_otp_skip_role |
changes to mdm deploy otp skip role |
mdm_deploy_key |
changes to MDM deploy key |
invitation_code |
changes to Invitation code |
trustscore_ttl |
changes to trustscore profile ttl |
enduser_device |
changes to enduser device |
preferred_applications |
Preferred Applications |
latest_os_config |
changes to latest os config |
trust_config |
changes to trust config |
root_certs |
changes to root cert |
saas_applications |
SAAS Applications |
idp_routed_applications |
IDP Routed |
access_tier |
Access Tier |
satellite |
Connector |
access_tier_tunnel |
CRUD on access tier tunnel |
api_key |
CRUD on api key |
enduser |
when endusers get archieved due to inactivity |
device |
changes to device |
service_tunnel |
Service Tunnel |
refresh_token |
when new refresh token issued or existing refresh token is revoked |
org |
CRUD on org |
Supported Actions
The table below lists possible actions for each Admin activity type.
type | create | update | delete | enable | disable |
---|---|---|---|---|---|
admin_sign_on |
yes | ||||
idp_settings |
yes | ||||
mdm_settings |
yes | ||||
policy |
yes | yes | yes | ||
role |
yes | yes | yes | yes | yes |
security_attach_policy |
yes | yes | |||
registered_service |
yes | yes | yes | yes | yes |
trustscore_factors |
yes | ||||
unknown_device |
yes | ||||
device_registration_idp_settings |
yes | yes | yes | ||
admin_user |
yes | yes | yes | ||
mdm_deploy_otp_skip_role |
yes | yes | |||
mdm_deploy_key |
yes | yes | |||
invitation_code |
yes | yes | |||
trustscore_ttl |
yes | ||||
enduser_device |
yes | ||||
preferred_applications |
yes | yes | |||
latest_os_config |
yes | ||||
trust_config |
yes | ||||
root_certs |
yes | yes | |||
saas_applications |
yes | yes | yes | yes | yes |
idp_routed_applications |
yes | yes | yes | yes | yes |
access_tier |
yes | yes | yes | ||
satellite |
yes | yes | yes | ||
access_tier_tunnel |
yes | yes | yes | ||
api_key |
yes | yes | yes | ||
enduser |
yes | ||||
device |
yes | ||||
service_tunnel |
yes | yes | yes | ||
refresh_token |
yes | yes | |||
org |
yes | yes | yes |
Request Headers
Authorization: Bearer $AUTHTOKEN
Request Body
NA
Status Codes and Errors
Value | Description |
---|---|
200 | OK |
400 | Bad request |
401 | Unauthorized |
404 | Not found |
500 | Internal Server Error |
Response Headers
N/A
HTTP Response Body
Example audit log from IDP settings update
{
"auditlogs": [
{
"id": "f744e29e-65fc-4874-8f02-820223e03962",
"org_id": "b549352a-ea76-403a-ab35-f4a1e29e1110",
"created_at": 1623165783224130697,
"message": "IDP settings updated",
"type": "idp_settings",
"action": "update",
"admin_email": "mahesh.dere@joshsoftware.com",
"changes_new": {
"config": {
"ClientID": "c71b8e8c264406664decd4d1f320fc6e692673bbd3f4ec20f23ae576b49ea584",
"ClientSecret": "cb50e2fb42df24ba83788b28d1c55648aad705d515091a314fea4cdac6bd0b09",
"IssuerURL": "https://dev-6021221.okta.com",
"RedirectURL": "https://dev03josh.trust-dev03.bnntest.com/v2/callback"
},
"name": "OKTA",
"protocol": "OIDC"
},
"changes_old": {
"config": {
"ClientID": "f1c396a3b281a87a3d7839702d4a8f5e3c85196562e02784f230da291f4d2f71",
"ClientSecret": "a392838b7bd6cb595e9714554b4640fa376148a7fccbf40ed92f60d313308e24",
"IssuerURL": "https://dev-6021221.okta.com",
"RedirectURL": "https://dev03josh.trust-dev03.bnntest.com/v2/callback"
},
"name": "OKTA",
"protocol": "OIDC"
},
"token_unique_id": "",
"token_iat": 1641917404,
"token_auth_issuer": "LOCAL",
"client_ip_address": "49.15.183.84, 34.98.107.12",
"client_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
}
],
"count": 1
}