Secure Audit Log Config Management API Reference

Base URL

audit.<csp>.<region>.pangea.cloud

• Secure Audit Log Documentation
• OpenAPI Specification

post/v1beta/config

cURL

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

Get Secure Audit Log config

POST

https://audit.aws.us.pangea.cloud/v1beta/config

Retrieve an Secure Audit Log service configuration by its ID.

required parameters

id

string

ID of a Secure Audit Log configuration

​

ID of a Secure Audit Log configuration

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Properties of a Secure Audit Log service configuration

Properties of a Secure Audit Log service configuration

id

string

ID of a Secure Audit Log configuration

ID of a Secure Audit Log configuration

name

string

Human-readable name of the Secure Audit Log service configuration

Human-readable name of the Secure Audit Log service configuration

version

integer

(default: 1)

created_at

string (date-time)

Database timestamp when the configuration was created. Automatically assigned.

Database timestamp when the configuration was created. Automatically assigned.

updated_at

string (date-time)

Database timestamp when the configuration was last updated. Automatically assigned.

Database timestamp when the configuration was last updated. Automatically assigned.

retention

string

Retention window for audit logs

Retention window for audit logs

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

Retention window for cold query result / state information

hot_storage

string

(default: "14d")

Retention window for keeping audit logs in hot storage

Retention window for keeping audit logs in hot storage

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

ID of the Redact service configuration used to remove sensitive data from logs

redaction_fields

array<string>

List of audit log fields to redact using the configured Redact service

List of audit log fields to redact using the configured Redact service

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

ID of the Vault service configuration used for cryptographic signing of logs

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

Indicates whether cryptographic signing of audit logs using Vault is enabled

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/create

cURL

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/create' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Create Secure Audit Log config

POST

https://audit.aws.us.pangea.cloud/v1beta/config/create

Create a new Secure Audit Log service configuration.

required parameters

name

string

Human-readable name of the Secure Audit Log service configuration

Human-readable name of the Secure Audit Log service configuration

schema

object

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

version

integer

Current version: 3

Current version: 3

optional parameters

schema

object

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

client_signable

boolean

If true, audit records will include fields required for cryptographic signing using a Vault-managed key. This ensures record integrity by allowing verification that the content has not been modified after creation.

Learn more in the Secure Audit Log Log Signing documentation.

If true, audit records will include fields required for cryptographic signing using a Vault-managed key. This ensures record integrity by allowing verification that the content has not been modified after creation.

Learn more in the Secure Audit Log Log Signing documentation.

save_malformed

string

(default: "reject")

Specifies how to handle malformed audit events:

• reject (default): Reject the event with a 400 error.
• all: Log all events regardless of structure or redaction issues.
• unredacted: Log all events, but omit values that would have been redacted.

Specifies how to handle malformed audit events:

• reject (default): Reject the event with a 400 error.
• all: Log all events regardless of structure or redaction issues.
• unredacted: Log all events, but omit values that would have been redacted.

tamper_proofing

boolean

If true, audit records will include fields required to support tamperproofing using Merkle Trees. This ensures that records cannot be modified, deleted, or inserted without detection.

Learn more in the Secure Audit Log Tamperproofing documentation.

If true, audit records will include fields required to support tamperproofing using Merkle Trees. This ensures that records cannot be modified, deleted, or inserted without detection.

Learn more in the Secure Audit Log Tamperproofing documentation.

vendor_id

string

Identifier for the third-party service streaming log events to Secure Audit Log. Used in vendor-specific schemas to indicate the source provider, such as auth0.

Learn more in the Secure Audit Log Third-party Log Events documentation.

Identifier for the third-party service streaming log events to Secure Audit Log. Used in vendor-specific schemas to indicate the source provider, such as auth0.

Learn more in the Secure Audit Log Third-party Log Events documentation.

json_path

string

JSON path used to extract the log records from the incoming event payload. For example, $.logs[*].data selects all log entries under the logs array in a typical Auth0 stream.

Learn more in the Secure Audit Log Third-party Log Events documentation.

JSON path used to extract the log records from the incoming event payload. For example, $.logs[*].data selects all log entries under the logs array in a typical Auth0 stream.

Learn more in the Secure Audit Log Third-party Log Events documentation.

fields

array<object>

List of defined fields for this audit schema.

List of defined fields for this audit schema.

id

string

Unique identifier for the field in lowercase with underscores.

Cannot be received_at, which is reserved.

• maxLength: 32

Unique identifier for the field in lowercase with underscores.

Cannot be received_at, which is reserved.

• maxLength: 32

name

string

Human-readable name of the field. Used as Displayed name in the UI

• maxLength: 64

Human-readable name of the field. Used as Displayed name in the UI

• maxLength: 64

type

string

Data type of the field.

Use string-unindexed for fields that should not be indexed for search, which improves query performance and allows storing structured values like JSON.

Use text for full-text indexed fields that support single-word search but do not support multi-word queries.

Data type of the field.

Use string-unindexed for fields that should not be indexed for search, which improves query performance and allows storing structured values like JSON.

Use text for full-text indexed fields that support single-word search but do not support multi-word queries.

description

string

Optional description of the field's purpose or contents

• maxLength: 255

Optional description of the field's purpose or contents

• maxLength: 255

redact

boolean

If true, this field will be processed by the redaction service (if configured). Only valid for string-type fields.

Learn more in the Secure Audit Log Redact log events documentation.

If true, this field will be processed by the redaction service (if configured). Only valid for string-type fields.

Learn more in the Secure Audit Log Redact log events documentation.

required

boolean

If true, this field must be present in every audit event

If true, this field must be present in every audit event

partitioned

boolean

If true, this field is used to partition data in cold storage (for example, by tenant_id)

If true, this field is used to partition data in cold storage (for example, by tenant_id)

size

integer

Maximum number of UTF-8 characters allowed in the field. Applicable only to string-type fields.

Maximum number of UTF-8 characters allowed in the field. Applicable only to string-type fields.

ui_default_visible

boolean

If true, this field is shown by default in the Secure Audit Log Viewer UI

If true, this field is shown by default in the Secure Audit Log Viewer UI

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

Retention window for cold query result / state information

cold_storage

string

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

forwarding_configuration

Configuration for forwarding audit logs to an external system, such as a Splunk HEC endpoint or a Next-Gen SIEM destination. Forwarding is authenticated using a secret stored in Vault, and can optionally include TLS settings and acknowledgement support.

Learn more in the Secure Audit Log Forwarding documentation.

Configuration for forwarding audit logs to an external system, such as a Splunk HEC endpoint or a Next-Gen SIEM destination. Forwarding is authenticated using a secret stored in Vault, and can optionally include TLS settings and acknowledgement support.

Learn more in the Secure Audit Log Forwarding documentation.

forwarding_enabled

boolean

(default: false)

Indicates whether audit log forwarding is enabled for this configuration

Indicates whether audit log forwarding is enabled for this configuration

type

Forwards logs to a Crowdstrike Next-Gen SIEM destination

Forwards logs to a Crowdstrike Next-Gen SIEM destination

event_url

string (uri)

HTTPS URL of the endpoint where audit events will be forwarded

HTTPS URL of the endpoint where audit events will be forwarded

ack_url

string

URL used for HEC indexer acknowledgement. Required with channel_id when indexer acknowledgement is enabled.

URL used for HEC indexer acknowledgement. Required with channel_id when indexer acknowledgement is enabled.

channel_id

string

Channel ID used to correlate acknowledgements. Required with ack_url when indexer acknowledgement is enabled.

Channel ID used to correlate acknowledgements. Required with ack_url when indexer acknowledgement is enabled.

public_cert

string (base64)

Optional base64-encoded public TLS certificate used to validate self-signed HTTPS endpoints for log forwarding

public_cert

public_cert

Optional base64-encoded public TLS certificate used to validate self-signed HTTPS endpoints for log forwarding

index

string

Optional index name included in the HEC payload to route events within the external system

Optional index name included in the HEC payload to route events within the external system

vault_config_id

string

ID of the Vault service configuration used to store the HEC authentication token

ID of the Vault service configuration used to store the HEC authentication token

vault_secret_id

string

ID of the Vault secret that contains the HEC authentication token

ID of the Vault secret that contains the HEC authentication token

hot_storage

string

(default: "14d")

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

ID of the Redact service configuration used to remove sensitive data from logs

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

ID of the Vault service configuration used for cryptographic signing of logs

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

Indicates whether cryptographic signing of audit logs using Vault is enabled

warm_storage

string

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

partition_overrides

object

Custom retention settings for specific tenants when tenant partitioning is enabled. Allows overriding warm and cold storage durations on a per-tenant basis.

Custom retention settings for specific tenants when tenant partitioning is enabled. Allows overriding warm and cold storage durations on a per-tenant basis.

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Properties of a Secure Audit Log service configuration

Properties of a Secure Audit Log service configuration

id

string

ID of a Secure Audit Log configuration

ID of a Secure Audit Log configuration

name

string

Human-readable name of the Secure Audit Log service configuration

Human-readable name of the Secure Audit Log service configuration

version

integer

(default: 1)

created_at

string (date-time)

Database timestamp when the configuration was created. Automatically assigned.

Database timestamp when the configuration was created. Automatically assigned.

updated_at

string (date-time)

Database timestamp when the configuration was last updated. Automatically assigned.

Database timestamp when the configuration was last updated. Automatically assigned.

retention

string

Retention window for audit logs

Retention window for audit logs

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

Retention window for cold query result / state information

hot_storage

string

(default: "14d")

Retention window for keeping audit logs in hot storage

Retention window for keeping audit logs in hot storage

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

ID of the Redact service configuration used to remove sensitive data from logs

redaction_fields

array<string>

List of audit log fields to redact using the configured Redact service

List of audit log fields to redact using the configured Redact service

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

ID of the Vault service configuration used for cryptographic signing of logs

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

Indicates whether cryptographic signing of audit logs using Vault is enabled

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/update

cURL

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/update' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

Update Secure Audit Log config

POST

https://audit.aws.us.pangea.cloud/v1beta/config/update

Update a Secure Audit Log service configuration.

To update a configuration, first retrieve the current version, apply your changes, and submit the updated configuration to this endpoint.

For a full example using a Project Admin management client, see the Service Configuration APIs documentation.

Configurations must be updated using the latest configuration timestamp.

To update your configuration fetch the latest configuration.

required parameters

id

string

ID of a Secure Audit Log configuration

​

ID of a Secure Audit Log configuration

name

string

Human-readable name of the Secure Audit Log service configuration

name

name

Human-readable name of the Secure Audit Log service configuration

schema

object

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

updated_at

string (date-time)

Database timestamp when the configuration was last updated. Automatically assigned.

updated_at

updated_at

Database timestamp when the configuration was last updated. Automatically assigned.

version

integer

Current version: 3

version

version

Current version: 3

optional parameters

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

cold_query_result_retention

cold_query_result_retention

Retention window for cold query result / state information

cold_storage

string

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

cold_storage

cold_storage

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

created_at

string (date-time)

Database timestamp when the configuration was created. Automatically assigned.

created_at

created_at

Database timestamp when the configuration was created. Automatically assigned.

forwarding_configuration

Configuration for forwarding audit logs to an external system, such as a Splunk HEC endpoint or a Next-Gen SIEM destination. Forwarding is authenticated using a secret stored in Vault, and can optionally include TLS settings and acknowledgement support.

Learn more in the Secure Audit Log Forwarding documentation.

Configuration for forwarding audit logs to an external system, such as a Splunk HEC endpoint or a Next-Gen SIEM destination. Forwarding is authenticated using a secret stored in Vault, and can optionally include TLS settings and acknowledgement support.

Learn more in the Secure Audit Log Forwarding documentation.

forwarding_enabled

boolean

(default: false)

Indicates whether audit log forwarding is enabled for this configuration

forwarding_enabled

​

forwarding_enabled

Indicates whether audit log forwarding is enabled for this configuration

type

Forwards logs to a Crowdstrike Next-Gen SIEM destination

type

type

Forwards logs to a Crowdstrike Next-Gen SIEM destination

event_url

string (uri)

HTTPS URL of the endpoint where audit events will be forwarded

event_url

event_url

HTTPS URL of the endpoint where audit events will be forwarded

ack_url

string

URL used for HEC indexer acknowledgement. Required with channel_id when indexer acknowledgement is enabled.

ack_url

ack_url

URL used for HEC indexer acknowledgement. Required with channel_id when indexer acknowledgement is enabled.

channel_id

string

Channel ID used to correlate acknowledgements. Required with ack_url when indexer acknowledgement is enabled.

channel_id

channel_id

Channel ID used to correlate acknowledgements. Required with ack_url when indexer acknowledgement is enabled.

public_cert

string (base64)

Optional base64-encoded public TLS certificate used to validate self-signed HTTPS endpoints for log forwarding

public_cert

public_cert

Optional base64-encoded public TLS certificate used to validate self-signed HTTPS endpoints for log forwarding

index

string

Optional index name included in the HEC payload to route events within the external system

index

index

Optional index name included in the HEC payload to route events within the external system

vault_config_id

string

ID of the Vault service configuration used to store the HEC authentication token

vault_config_id

vault_config_id

ID of the Vault service configuration used to store the HEC authentication token

vault_secret_id

string

ID of the Vault secret that contains the HEC authentication token

vault_secret_id

vault_secret_id

ID of the Vault secret that contains the HEC authentication token

hot_storage

string

(default: "14d")

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

hot_storage

hot_storage

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

query_result_retention

query_result_retention

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

redact_service_config_id

redact_service_config_id

ID of the Redact service configuration used to remove sensitive data from logs

schema

object

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

Defines the structure and field behavior of audit logs for a specific schema configuration. The overall schema can only be defined at creation time and must include at least one required field with a specified identifier and type. Field descriptions, required status, and default UI visibility can be updated later.

Learn more in the Enable and Configure Secure Audit Log documentation.

client_signable

boolean

If true, audit records will include fields required for cryptographic signing using a Vault-managed key. This ensures record integrity by allowing verification that the content has not been modified after creation.

Learn more in the Secure Audit Log Log Signing documentation.

client_signable

​

client_signable

If true, audit records will include fields required for cryptographic signing using a Vault-managed key. This ensures record integrity by allowing verification that the content has not been modified after creation.

Learn more in the Secure Audit Log Log Signing documentation.

save_malformed

string

(default: "reject")

Specifies how to handle malformed audit events:

• reject (default): Reject the event with a 400 error.
• all: Log all events regardless of structure or redaction issues.
• unredacted: Log all events, but omit values that would have been redacted.

save_malformed

​

save_malformed

Specifies how to handle malformed audit events:

• reject (default): Reject the event with a 400 error.
• all: Log all events regardless of structure or redaction issues.
• unredacted: Log all events, but omit values that would have been redacted.

tamper_proofing

boolean

If true, audit records will include fields required to support tamperproofing using Merkle Trees. This ensures that records cannot be modified, deleted, or inserted without detection.

Learn more in the Secure Audit Log Tamperproofing documentation.

tamper_proofing

​

tamper_proofing

If true, audit records will include fields required to support tamperproofing using Merkle Trees. This ensures that records cannot be modified, deleted, or inserted without detection.

Learn more in the Secure Audit Log Tamperproofing documentation.

vendor_id

string

Identifier for the third-party service streaming log events to Secure Audit Log. Used in vendor-specific schemas to indicate the source provider, such as auth0.

Learn more in the Secure Audit Log Third-party Log Events documentation.

vendor_id

vendor_id

Identifier for the third-party service streaming log events to Secure Audit Log. Used in vendor-specific schemas to indicate the source provider, such as auth0.

Learn more in the Secure Audit Log Third-party Log Events documentation.

json_path

string

JSON path used to extract the log records from the incoming event payload. For example, $.logs[*].data selects all log entries under the logs array in a typical Auth0 stream.

Learn more in the Secure Audit Log Third-party Log Events documentation.

json_path

json_path

JSON path used to extract the log records from the incoming event payload. For example, $.logs[*].data selects all log entries under the logs array in a typical Auth0 stream.

Learn more in the Secure Audit Log Third-party Log Events documentation.

fields

array<object>

List of defined fields for this audit schema.

Click 'Save' to use the value

List of defined fields for this audit schema.

id

string

Unique identifier for the field in lowercase with underscores.

Cannot be received_at, which is reserved.

• maxLength: 32

id

id

Unique identifier for the field in lowercase with underscores.

Cannot be received_at, which is reserved.

• maxLength: 32

name

string

Human-readable name of the field. Used as Displayed name in the UI

• maxLength: 64

name

name

Human-readable name of the field. Used as Displayed name in the UI

• maxLength: 64

type

string

Data type of the field.

Use string-unindexed for fields that should not be indexed for search, which improves query performance and allows storing structured values like JSON.

Use text for full-text indexed fields that support single-word search but do not support multi-word queries.

type

type

Data type of the field.

Use string-unindexed for fields that should not be indexed for search, which improves query performance and allows storing structured values like JSON.

Use text for full-text indexed fields that support single-word search but do not support multi-word queries.

description

string

Optional description of the field's purpose or contents

• maxLength: 255

description

description

Optional description of the field's purpose or contents

• maxLength: 255

redact

boolean

If true, this field will be processed by the redaction service (if configured). Only valid for string-type fields.

Learn more in the Secure Audit Log Redact log events documentation.

redact

​

redact

If true, this field will be processed by the redaction service (if configured). Only valid for string-type fields.

Learn more in the Secure Audit Log Redact log events documentation.

required

boolean

If true, this field must be present in every audit event

required

​

required

If true, this field must be present in every audit event

partitioned

boolean

If true, this field is used to partition data in cold storage (for example, by tenant_id)

partitioned

​

partitioned

If true, this field is used to partition data in cold storage (for example, by tenant_id)

size

integer

Maximum number of UTF-8 characters allowed in the field. Applicable only to string-type fields.

size

size

Maximum number of UTF-8 characters allowed in the field. Applicable only to string-type fields.

ui_default_visible

boolean

If true, this field is shown by default in the Secure Audit Log Viewer UI

ui_default_visible

​

ui_default_visible

If true, this field is shown by default in the Secure Audit Log Viewer UI

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_key_id

vault_key_id

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

vault_service_config_id

vault_service_config_id

ID of the Vault service configuration used for cryptographic signing of logs

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

vault_sign

​

vault_sign

Indicates whether cryptographic signing of audit logs using Vault is enabled

warm_storage

string

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

warm_storage

warm_storage

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

partition_overrides

object

Custom retention settings for specific tenants when tenant partitioning is enabled. Allows overriding warm and cold storage durations on a per-tenant basis.

The settings are defined as a map of partition identifiers to retention values:

• Each key is a partition value (for example, a tenant ID) specified in the Tenant Retention Settings in the Pangea User Console and referenced in the tenant_id field of a log event.

• Each value is an object defining warm_storage and cold_storage durations.

For example:

{
  "tenant1_id": {
    "warm_storage": "90d",
    "cold_storage": "16month"
  },
  "tenant2_id": {
    "warm_storage": "90d",
    "cold_storage": "0day"
  }
}

Click 'Save' to use the value

Custom retention settings for specific tenants when tenant partitioning is enabled. Allows overriding warm and cold storage durations on a per-tenant basis.

The settings are defined as a map of partition identifiers to retention values:

• Each key is a partition value (for example, a tenant ID) specified in the Tenant Retention Settings in the Pangea User Console and referenced in the tenant_id field of a log event.

• Each value is an object defining warm_storage and cold_storage durations.

For example:

{
  "tenant1_id": {
    "warm_storage": "90d",
    "cold_storage": "16month"
  },
  "tenant2_id": {
    "warm_storage": "90d",
    "cold_storage": "0day"
  }
}

Pattern Property: .*

object

warm_storage

string

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

cold_storage

string

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Properties of a Secure Audit Log service configuration

Properties of a Secure Audit Log service configuration

id

string

ID of a Secure Audit Log configuration

ID of a Secure Audit Log configuration

name

string

Human-readable name of the Secure Audit Log service configuration

Human-readable name of the Secure Audit Log service configuration

version

integer

(default: 1)

created_at

string (date-time)

Database timestamp when the configuration was created. Automatically assigned.

Database timestamp when the configuration was created. Automatically assigned.

updated_at

string (date-time)

Database timestamp when the configuration was last updated. Automatically assigned.

Database timestamp when the configuration was last updated. Automatically assigned.

retention

string

Retention window for audit logs

Retention window for audit logs

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

Retention window for cold query result / state information

hot_storage

string

(default: "14d")

Retention window for keeping audit logs in hot storage

Retention window for keeping audit logs in hot storage

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

ID of the Redact service configuration used to remove sensitive data from logs

redaction_fields

array<string>

List of audit log fields to redact using the configured Redact service

List of audit log fields to redact using the configured Redact service

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

ID of the Vault service configuration used for cryptographic signing of logs

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

Indicates whether cryptographic signing of audit logs using Vault is enabled

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/delete

cURL

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/delete' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Delete Secure Audit Log config

POST

https://audit.aws.us.pangea.cloud/v1beta/config/delete

Delete a Secure Audit Log service configuration.

required parameters

id

string

ID of a Secure Audit Log configuration

ID of a Secure Audit Log configuration

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Properties of a Secure Audit Log service configuration

Properties of a Secure Audit Log service configuration

id

string

ID of a Secure Audit Log configuration

ID of a Secure Audit Log configuration

name

string

Human-readable name of the Secure Audit Log service configuration

Human-readable name of the Secure Audit Log service configuration

version

integer

(default: 1)

created_at

string (date-time)

Database timestamp when the configuration was created. Automatically assigned.

Database timestamp when the configuration was created. Automatically assigned.

updated_at

string (date-time)

Database timestamp when the configuration was last updated. Automatically assigned.

Database timestamp when the configuration was last updated. Automatically assigned.

retention

string

Retention window for audit logs

Retention window for audit logs

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

Retention window for cold query result / state information

hot_storage

string

(default: "14d")

Retention window for keeping audit logs in hot storage

Retention window for keeping audit logs in hot storage

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

ID of the Redact service configuration used to remove sensitive data from logs

redaction_fields

array<string>

List of audit log fields to redact using the configured Redact service

List of audit log fields to redact using the configured Redact service

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

ID of the Vault service configuration used for cryptographic signing of logs

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

Indicates whether cryptographic signing of audit logs using Vault is enabled

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/list

cURL

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/list' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

List Secure Audit Log configs

POST

https://audit.aws.us.pangea.cloud/v1beta/config/list

Retrieve a paginated list of Secure Audit Log service configurations.

fields

filter

object

id

string

Only records where id equals this value.

id

id

Only records where id equals this value.

id__contains

array<string>

Only records where id includes each substring.

Click 'Save' to use the value

Only records where id includes each substring.

id__in

array<string>

Only records where id equals one of the provided substrings.

Click 'Save' to use the value

Only records where id equals one of the provided substrings.

created_at

string (date-time)

Only records where created_at equals this value.

created_at

created_at

Only records where created_at equals this value.

created_at__gt

string (date-time)

Only records where created_at is greater than this value.

created_at__gt

created_at__gt

Only records where created_at is greater than this value.

created_at__gte

string (date-time)

Only records where created_at is greater than or equal to this value.

created_at__gte

created_at__gte

Only records where created_at is greater than or equal to this value.

created_at__lt

string (date-time)

Only records where created_at is less than this value.

created_at__lt

created_at__lt

Only records where created_at is less than this value.

created_at__lte

string (date-time)

Only records where created_at is less than or equal to this value.

created_at__lte

created_at__lte

Only records where created_at is less than or equal to this value.

updated_at

string (date-time)

Only records where updated_at equals this value.

updated_at

updated_at

Only records where updated_at equals this value.

updated_at__gt

string (date-time)

Only records where updated_at is greater than this value.

updated_at__gt

updated_at__gt

Only records where updated_at is greater than this value.

updated_at__gte

string (date-time)

Only records where updated_at is greater than or equal to this value.

updated_at__gte

updated_at__gte

Only records where updated_at is greater than or equal to this value.

updated_at__lt

string (date-time)

Only records where updated_at is less than this value.

updated_at__lt

updated_at__lt

Only records where updated_at is less than this value.

updated_at__lte

string (date-time)

Only records where updated_at is less than or equal to this value.

updated_at__lte

updated_at__lte

Only records where updated_at is less than or equal to this value.

last

string

Reflected value from a previous response to obtain the next page of results.

last

last

Reflected value from a previous response to obtain the next page of results.

order

string

Order results asc(ending) or desc(ending).

order

​

order

Order results asc(ending) or desc(ending).

order_by

string

Which field to order results by.

order_by

​

order_by

Which field to order results by.

size

integer

Maximum results to include in the response.

• minimum: 1

size

size

Maximum results to include in the response.

• minimum: 1

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

object

count

integer

Number of service configs matched by the list request

Number of service configs matched by the list request

last

string

Base64-encoded pagination cursor from the previous response, used to retrieve the next page of results

Base64-encoded pagination cursor from the previous response, used to retrieve the next page of results

items

Properties of a Secure Audit Log service configuration

Properties of a Secure Audit Log service configuration

id

string

ID of a Secure Audit Log configuration

ID of a Secure Audit Log configuration

name

string

Human-readable name of the Secure Audit Log service configuration

Human-readable name of the Secure Audit Log service configuration

version

integer

(default: 1)

created_at

string (date-time)

Database timestamp when the configuration was created. Automatically assigned.

Database timestamp when the configuration was created. Automatically assigned.

updated_at

string (date-time)

Database timestamp when the configuration was last updated. Automatically assigned.

Database timestamp when the configuration was last updated. Automatically assigned.

retention

string

Retention window for audit logs

Retention window for audit logs

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

Retention window for cold query result / state information

hot_storage

string

(default: "14d")

Retention window for keeping audit logs in hot storage

Retention window for keeping audit logs in hot storage

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

ID of the Redact service configuration used to remove sensitive data from logs

redaction_fields

array<string>

List of audit log fields to redact using the configured Redact service

List of audit log fields to redact using the configured Redact service

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

ID of the Vault service configuration used for cryptographic signing of logs

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

Indicates whether cryptographic signing of audit logs using Vault is enabled

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/partition_overrides

cURL

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/partition_overrides' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

Update retention for a partition value

POST

https://audit.aws.us.pangea.cloud/v1beta/config/partition_overrides

Update the retention settings for specific partition values. This beta endpoint accepts an overrides object, where each key is a partition name (such as a tenant ID), and the corresponding value specifies custom warm and cold storage retention periods.

Partitioning must be enabled in the Audit Schema configuration typically using the tenant_id field.

required parameters

id

string

ID of the Secure Audit Log service configuration to update

id

id

ID of the Secure Audit Log service configuration to update

overrides

object

Custom retention settings for specific tenants when tenant partitioning is enabled. Allows overriding warm and cold storage durations on a per-tenant basis.

The settings are defined as a map of partition identifiers to retention values:

• Each key is a partition value (for example, a tenant ID) specified in the Tenant Retention Settings in the Pangea User Console and referenced in the tenant_id field of a log event.

• Each value is an object defining warm_storage and cold_storage durations.

For example:

{
  "tenant1_id": {
    "warm_storage": "90d",
    "cold_storage": "16month"
  },
  "tenant2_id": {
    "warm_storage": "90d",
    "cold_storage": "0day"
  }
}

Click 'Save' to use the value

Custom retention settings for specific tenants when tenant partitioning is enabled. Allows overriding warm and cold storage durations on a per-tenant basis.

The settings are defined as a map of partition identifiers to retention values:

• Each key is a partition value (for example, a tenant ID) specified in the Tenant Retention Settings in the Pangea User Console and referenced in the tenant_id field of a log event.

• Each value is an object defining warm_storage and cold_storage durations.

For example:

{
  "tenant1_id": {
    "warm_storage": "90d",
    "cold_storage": "16month"
  },
  "tenant2_id": {
    "warm_storage": "90d",
    "cold_storage": "0day"
  }
}

Pattern Property: .*

object

warm_storage

string

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

Retention window for logs in warm storage. Logs are migrated to cold storage or deleted after this period.

cold_storage

string

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

Retention window for logs in cold storage. Logs are deleted after this period.

A value of 0 disables cold storage. When enabled, the minimum allowed duration is 180 days.

Learn more in the Secure Audit Log Retention Policy and Request Cold Export documentation.

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Properties of a Secure Audit Log service configuration

Properties of a Secure Audit Log service configuration

id

string

ID of a Secure Audit Log configuration

ID of a Secure Audit Log configuration

name

string

Human-readable name of the Secure Audit Log service configuration

Human-readable name of the Secure Audit Log service configuration

version

integer

(default: 1)

created_at

string (date-time)

Database timestamp when the configuration was created. Automatically assigned.

Database timestamp when the configuration was created. Automatically assigned.

updated_at

string (date-time)

Database timestamp when the configuration was last updated. Automatically assigned.

Database timestamp when the configuration was last updated. Automatically assigned.

retention

string

Retention window for audit logs

Retention window for audit logs

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information

Retention window for cold query result / state information

hot_storage

string

(default: "14d")

Retention window for keeping audit logs in hot storage

Retention window for keeping audit logs in hot storage

query_result_retention

string

(default: "2d")

Retention window for retaining cached query results on the server

Retention window for retaining cached query results on the server

redact_service_config_id

string, null

ID of the Redact service configuration used to remove sensitive data from logs

ID of the Redact service configuration used to remove sensitive data from logs

redaction_fields

array<string>

List of audit log fields to redact using the configured Redact service

List of audit log fields to redact using the configured Redact service

vault_service_config_id

string, null

ID of the Vault service configuration used for cryptographic signing of logs

ID of the Vault service configuration used for cryptographic signing of logs

vault_key_id

string

ID of the Vault key used for signing logs. If not provided, a default key is used.

ID of the Vault key used for signing logs. If not provided, a default key is used.

vault_sign

boolean

(default: false)

Indicates whether cryptographic signing of audit logs using Vault is enabled

Indicates whether cryptographic signing of audit logs using Vault is enabled

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Status Codes

Status	Status Code	Description
TreeNotFound	200	A tree has not been built for proofs. This is likely due to a lack of audit messages ingested.
BadOffset	400	The offset provided is invalid or out of range.
ForwardingError	400	Forwarder has experienced an error while forwarding messages
InvalidSchema	400	The configured schema is not valid for this endpoint.
NoForwarderConfigured	400	Testing a forwarder requires a forwarder to be configured
ForbiddenFieldValue	403	A field value was supplied that is not allowed by the token's field restrictions.

Was this article helpful?

Contact us