API Guide - AuditLogs - Banyan Security Documentation

API Guide - AuditLogs

Updated on Apr 27, 2022

Get Audit Logs

Get Audit Logs

Banyan records system activity related to your organization to provide an audit trail. This endpoint returns admin audit logs according to your specific filters and parameters.

HTTP Request

GET /v1/audit_logs

URL Parameters

N/A

Query Parameters

Parameter	Format	Description	Default
`action`	String	Filters by action (such as `create`, `update`, `delete`,`enable`, and `disable`)	n/a
`admin_email`	String	Filters by Admin email address	n/a
`end_time`	Int	Filters records that occurred before a specific epoch timestamp (in nanoseconds)	n/a
`limit`	Int	Used in Pagination. Specifies the maximum number of records to return	25
`skip`	Int	Used in Pagination. Specifies the number of records to skip	0
`start_time`	Int	Filters records that occurred after a specific epoch timestamp (in nanoseconds)	n/a
`type`	String	Filters by type of Admin activity type (such as `admin_sign_on`, `security_attach_policy`, `idp_settings`, et al.)	n/a
`org_id`	String	orgid should be passed to get auditlogs for specific logs when token is super admin	n/a
`order`	String	Filters records in given order based on created_at timestamp (e.g `asc`, `desc`)	`desc`

Supported Admin Activity Types

The table below lists possible Admin activity types.

Type	Related to
`admin_sign_on`	Admin Sign-on method settings (such as Banyan-local or SAML)
`idp_settings`	Identity Provider settings (such as Okta, Cognito, OneLogin, or Other)
`mdm_settings`	Enterprise Device Manager settings
`policy`	Banyan Policies
`registered_service`	Managed Services
`role`	Banyan Roles
`security_attach_policy`	Policies attached to or removed from a service
`trustscore_factors`	Device Scoring settings
`unknown_device`	Unregistered Devices settings (such as access to services and/or HTTP responses)
`device_registration_idp_settings`
`admin_user`	CRUD on admin user
`mdm_deploy_otp_skip_role`	changes to mdm deploy otp skip role
`mdm_deploy_key`	changes to MDM deploy key
`invitation_code`	changes to Invitation code
`trustscore_ttl`	changes to trustscore profile ttl
`enduser_device`	changes to enduser device
`preferred_applications`	Preferred Applications
`latest_os_config`	changes to latest os config
`trust_config`	changes to trust config
`root_certs`	changes to root cert
`saas_applications`	SAAS Applications
`idp_routed_applications`	IDP Routed
`access_tier`	Access Tier
`satellite`	Connector
`access_tier_tunnel`	CRUD on access tier tunnel
`api_key`	CRUD on api key
`enduser`	when endusers get archieved due to inactivity
`device`	changes to device
`service_tunnel`	Service Tunnel
`refresh_token`	when new refresh token issued or existing refresh token is revoked
`org`	CRUD on org

Supported Actions

The table below lists possible actions for each Admin activity type.

type	create	update	delete	enable	disable
`admin_sign_on`		yes
`idp_settings`		yes
`mdm_settings`		yes
`policy`	yes	yes	yes
`role`	yes	yes	yes	yes	yes
`security_attach_policy`	yes		yes
`registered_service`	yes	yes	yes	yes	yes
`trustscore_factors`		yes
`unknown_device`		yes
`device_registration_idp_settings`	yes	yes	yes
`admin_user`	yes	yes	yes
`mdm_deploy_otp_skip_role`	yes		yes
`mdm_deploy_key`	yes		yes
`invitation_code`		yes	yes
`trustscore_ttl`		yes
`enduser_device`		yes
`preferred_applications`	yes		yes
`latest_os_config`		yes
`trust_config`		yes
`root_certs`		yes	yes
`saas_applications`	yes	yes	yes	yes	yes
`idp_routed_applications`	yes	yes	yes	yes	yes
`access_tier`	yes	yes	yes
`satellite`	yes	yes	yes
`access_tier_tunnel`	yes	yes	yes
`api_key`	yes	yes	yes
`enduser`			yes
`device`			yes
`service_tunnel`	yes	yes	yes
`refresh_token`	yes		yes
`org`	yes	yes	yes

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

Status Codes and Errors

Value	Description
200	OK
400	Bad request
401	Unauthorized
404	Not found
500	Internal Server Error

Response Headers

N/A

HTTP Response Body

Example audit log from IDP settings update

{
    "auditlogs": [
        {
            "id": "f744e29e-65fc-4874-8f02-820223e03962",
            "org_id": "b549352a-ea76-403a-ab35-f4a1e29e1110",
            "created_at": 1623165783224130697,
            "message": "IDP settings updated",
            "type": "idp_settings",
            "action": "update",
            "admin_email": "mahesh.dere@joshsoftware.com",
            "changes_new": {
                "config": {
                    "ClientID": "c71b8e8c264406664decd4d1f320fc6e692673bbd3f4ec20f23ae576b49ea584",
                    "ClientSecret": "cb50e2fb42df24ba83788b28d1c55648aad705d515091a314fea4cdac6bd0b09",
                    "IssuerURL": "https://dev-6021221.okta.com",
                    "RedirectURL": "https://dev03josh.trust-dev03.bnntest.com/v2/callback"
                },
                "name": "OKTA",
                "protocol": "OIDC"
            },
            "changes_old": {
                "config": {
                    "ClientID": "f1c396a3b281a87a3d7839702d4a8f5e3c85196562e02784f230da291f4d2f71",
                    "ClientSecret": "a392838b7bd6cb595e9714554b4640fa376148a7fccbf40ed92f60d313308e24",
                    "IssuerURL": "https://dev-6021221.okta.com",
                    "RedirectURL": "https://dev03josh.trust-dev03.bnntest.com/v2/callback"
                },
                "name": "OKTA",
                "protocol": "OIDC"
            },
            "token_unique_id": "",
            "token_iat": 1641917404,
            "token_auth_issuer": "LOCAL",
            "client_ip_address": "49.15.183.84, 34.98.107.12",
            "client_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
        }
    ],
    "count": 1
}