Secure Audit Log Config Management API Reference

Base URL

audit.<csp>.<region>.pangea.cloud

• Secure Audit Log Documentation
• OpenAPI Specification

post/v1beta/config

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

Get audit config (Beta)

POST

https://audit.aws.us.pangea.cloud/v1beta/config

required parameters

id

string

id

id

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Configuration options available for audit service

Configuration options available for audit service

id

string

The config ID

The config ID

version

integer

(default: 1)

created_at

string (date-time)

The DB timestamp when this config was created. Ignored when submitted.

The DB timestamp when this config was created. Ignored when submitted.

updated_at

string (date-time)

The DB timestamp when this config was last updated at

The DB timestamp when this config was last updated at

name

string

configuration name

configuration name

retention

Retention window to store audit logs.

Retention window to store audit logs.

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information.

Retention window for cold query result / state information.

hot_storage(default: "14d")

Retention window to keep audit logs in hot storage.

Retention window to keep audit logs in hot storage.

query_result_retention

string

(default: "2d")

Length of time to preserve server-side query result caching.

Length of time to preserve server-side query result caching.

redact_service_config_id

string, null

A redact service config that will be used to redact PII from logs.

A redact service config that will be used to redact PII from logs.

redaction_fields

array<string>

Fields to perform redaction against.

Fields to perform redaction against.

vault_service_config_id

string, null

A vault service config that will be used to sign logs.

A vault service config that will be used to sign logs.

vault_key_id

string

ID of the Vault key used for signing. If missing, use a default Audit key

ID of the Vault key used for signing. If missing, use a default Audit key

vault_sign

boolean

(default: false)

Enable/disable event signing

Enable/disable event signing

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/create

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/create' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Create audit config (Beta)

POST

https://audit.aws.us.pangea.cloud/v1beta/config/create

required parameters

name

string

configuration name

configuration name

schema

Audit log field configuration. Only settable at create time.

Audit log field configuration. Only settable at create time.

client_signable

boolean

If true, records contain fields to support client/vault signing.

If true, records contain fields to support client/vault signing.

save_malformed

string

(default: "reject")

Save (or reject) malformed AuditEvents.

Save (or reject) malformed AuditEvents.

tamper_proofing

boolean

If true, records contain fields to support tamper-proofing.

If true, records contain fields to support tamper-proofing.

vendor_id

string

json_path

string

fields

array<object>

id

string

Prefix name / identity for the field.

• maxLength: 32

Prefix name / identity for the field.

• maxLength: 32

description

string

Human display description of the field.

• maxLength: 255

Human display description of the field.

• maxLength: 255

name

string

Human display name/title of the field.

• maxLength: 64

Human display name/title of the field.

• maxLength: 64

redact

boolean

If true, redaction is performed against this field (if configured.) Only valid for string type.

If true, redaction is performed against this field (if configured.) Only valid for string type.

required

boolean

If true, this field is required to exist in all logged events.

If true, this field is required to exist in all logged events.

partitioned

boolean

If true, this field is used to partition the data in cold storage.

If true, this field is used to partition the data in cold storage.

size

integer

The maximum size of the field. Only valid for strings, which limits number of UTF-8 characters.

The maximum size of the field. Only valid for strings, which limits number of UTF-8 characters.

type

string

The data type for the field.

The data type for the field.

ui_default_visible

boolean

If true, this field is visible by default in audit UIs.

If true, this field is visible by default in audit UIs.

version

integer

Current version: 3

Current version: 3

optional parameters

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information.

Retention window for cold query result / state information.

cold_storage

Retention window for logs in cold storage. Deleted afterwards. Minimum 180d.

Retention window for logs in cold storage. Deleted afterwards. Minimum 180d.

created_at

string (date-time)

The DB timestamp when this config was created. Ignored when submitted.

The DB timestamp when this config was created. Ignored when submitted.

forwarding_configuration

forwarding_enabled

boolean

(default: false)

type

NGSIEM Forwarder type

NGSIEM Forwarder type

event_url

string (uri)

URL where events will be written to. Must use HTTPS

URL where events will be written to. Must use HTTPS

ack_url

string

If indexer acknowledgement is required, this must be provided along with a 'channel_id'.

If indexer acknowledgement is required, this must be provided along with a 'channel_id'.

channel_id

string

An optional splunk channel included in each request if indexer acknowledgement is required for the HEC token along with the 'ack_url'

An optional splunk channel included in each request if indexer acknowledgement is required for the HEC token along with the 'ack_url'

public_cert

string (base64)

Public certificate if a self signed TLS cert is being used

public_cert

public_cert

Public certificate if a self signed TLS cert is being used

index

string

Optional splunk index passed in the record bodies

Optional splunk index passed in the record bodies

vault_config_id

string

The vault config used to store the HEC token

The vault config used to store the HEC token

vault_secret_id

string

The secret ID where the HEC token is stored in vault

The secret ID where the HEC token is stored in vault

hot_storage(default: "14d")

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

id

string

The config ID

The config ID

query_result_retention

string

(default: "2d")

Length of time to preserve server-side query result caching.

Length of time to preserve server-side query result caching.

redact_service_config_id

string, null

A redact service config that will be used to redact PII from logs.

A redact service config that will be used to redact PII from logs.

updated_at

string (date-time)

The DB timestamp when this config was last updated at

The DB timestamp when this config was last updated at

vault_key_id

string

ID of the Vault key used for signing. If missing, use a default Audit key

ID of the Vault key used for signing. If missing, use a default Audit key

vault_service_config_id

string, null

A vault service config that will be used to sign logs.

A vault service config that will be used to sign logs.

vault_sign

boolean

(default: false)

Enable/disable event signing

Enable/disable event signing

warm_storage

Retention window for logs in warm storage. Migrated to cold or deleted afterwards.

Retention window for logs in warm storage. Migrated to cold or deleted afterwards.

partition_overrides

object

Settings overrides for partition-specific configuration

Settings overrides for partition-specific configuration

datastore

string

Use specific datastore. Ex: AIDR uses postgres as datastore.

Use specific datastore. Ex: AIDR uses postgres as datastore.

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Configuration options available for audit service

Configuration options available for audit service

id

string

The config ID

The config ID

version

integer

(default: 1)

created_at

string (date-time)

The DB timestamp when this config was created. Ignored when submitted.

The DB timestamp when this config was created. Ignored when submitted.

updated_at

string (date-time)

The DB timestamp when this config was last updated at

The DB timestamp when this config was last updated at

name

string

configuration name

configuration name

retention

Retention window to store audit logs.

Retention window to store audit logs.

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information.

Retention window for cold query result / state information.

hot_storage(default: "14d")

Retention window to keep audit logs in hot storage.

Retention window to keep audit logs in hot storage.

query_result_retention

string

(default: "2d")

Length of time to preserve server-side query result caching.

Length of time to preserve server-side query result caching.

redact_service_config_id

string, null

A redact service config that will be used to redact PII from logs.

A redact service config that will be used to redact PII from logs.

redaction_fields

array<string>

Fields to perform redaction against.

Fields to perform redaction against.

vault_service_config_id

string, null

A vault service config that will be used to sign logs.

A vault service config that will be used to sign logs.

vault_key_id

string

ID of the Vault key used for signing. If missing, use a default Audit key

ID of the Vault key used for signing. If missing, use a default Audit key

vault_sign

boolean

(default: false)

Enable/disable event signing

Enable/disable event signing

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/update

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/update' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

Update audit config (Beta)

POST

https://audit.aws.us.pangea.cloud/v1beta/config/update

Configurations must be updated using the latest configuration timestamp.

To update your configuration fetch the latest configuration.

required parameters

id

string

The config ID

id

id

The config ID

name

string

configuration name

name

name

configuration name

schema

Audit log field configuration. Only settable at create time.

Audit log field configuration. Only settable at create time.

client_signable

boolean

If true, records contain fields to support client/vault signing.

client_signable

​

client_signable

If true, records contain fields to support client/vault signing.

save_malformed

string

(default: "reject")

Save (or reject) malformed AuditEvents.

save_malformed

​

save_malformed

Save (or reject) malformed AuditEvents.

tamper_proofing

boolean

If true, records contain fields to support tamper-proofing.

tamper_proofing

​

tamper_proofing

If true, records contain fields to support tamper-proofing.

vendor_id

string

vendor_id

vendor_id

json_path

string

json_path

json_path

fields

array<object>

Click 'Save' to use the value

id

string

Prefix name / identity for the field.

• maxLength: 32

id

id

Prefix name / identity for the field.

• maxLength: 32

description

string

Human display description of the field.

• maxLength: 255

description

description

Human display description of the field.

• maxLength: 255

name

string

Human display name/title of the field.

• maxLength: 64

name

name

Human display name/title of the field.

• maxLength: 64

redact

boolean

If true, redaction is performed against this field (if configured.) Only valid for string type.

redact

​

redact

If true, redaction is performed against this field (if configured.) Only valid for string type.

required

boolean

If true, this field is required to exist in all logged events.

required

​

required

If true, this field is required to exist in all logged events.

partitioned

boolean

If true, this field is used to partition the data in cold storage.

partitioned

​

partitioned

If true, this field is used to partition the data in cold storage.

size

integer

The maximum size of the field. Only valid for strings, which limits number of UTF-8 characters.

size

size

The maximum size of the field. Only valid for strings, which limits number of UTF-8 characters.

type

string

The data type for the field.

type

​

type

The data type for the field.

ui_default_visible

boolean

If true, this field is visible by default in audit UIs.

ui_default_visible

​

ui_default_visible

If true, this field is visible by default in audit UIs.

updated_at

string (date-time)

The DB timestamp when this config was last updated at

updated_at

updated_at

The DB timestamp when this config was last updated at

version

integer

Current version: 3

version

version

Current version: 3

optional parameters

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information.

cold_query_result_retention

cold_query_result_retention

Retention window for cold query result / state information.

cold_storage

Retention window for logs in cold storage. Deleted afterwards. Minimum 180d.

cold_storage

cold_storage

Retention window for logs in cold storage. Deleted afterwards. Minimum 180d.

created_at

string (date-time)

The DB timestamp when this config was created. Ignored when submitted.

created_at

created_at

The DB timestamp when this config was created. Ignored when submitted.

forwarding_configuration

forwarding_enabled

boolean

(default: false)

forwarding_enabled

​

forwarding_enabled

type

NGSIEM Forwarder type

type

type

NGSIEM Forwarder type

event_url

string (uri)

URL where events will be written to. Must use HTTPS

event_url

event_url

URL where events will be written to. Must use HTTPS

ack_url

string

If indexer acknowledgement is required, this must be provided along with a 'channel_id'.

ack_url

ack_url

If indexer acknowledgement is required, this must be provided along with a 'channel_id'.

channel_id

string

An optional splunk channel included in each request if indexer acknowledgement is required for the HEC token along with the 'ack_url'

channel_id

channel_id

An optional splunk channel included in each request if indexer acknowledgement is required for the HEC token along with the 'ack_url'

public_cert

string (base64)

Public certificate if a self signed TLS cert is being used

public_cert

public_cert

Public certificate if a self signed TLS cert is being used

index

string

Optional splunk index passed in the record bodies

index

index

Optional splunk index passed in the record bodies

vault_config_id

string

The vault config used to store the HEC token

vault_config_id

vault_config_id

The vault config used to store the HEC token

vault_secret_id

string

The secret ID where the HEC token is stored in vault

vault_secret_id

vault_secret_id

The secret ID where the HEC token is stored in vault

hot_storage(default: "14d")

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

hot_storage

hot_storage

Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards.

query_result_retention

string

(default: "2d")

Length of time to preserve server-side query result caching.

query_result_retention

query_result_retention

Length of time to preserve server-side query result caching.

redact_service_config_id

string, null

A redact service config that will be used to redact PII from logs.

redact_service_config_id

redact_service_config_id

A redact service config that will be used to redact PII from logs.

vault_key_id

string

ID of the Vault key used for signing. If missing, use a default Audit key

vault_key_id

vault_key_id

ID of the Vault key used for signing. If missing, use a default Audit key

vault_service_config_id

string, null

A vault service config that will be used to sign logs.

vault_service_config_id

vault_service_config_id

A vault service config that will be used to sign logs.

vault_sign

boolean

(default: false)

Enable/disable event signing

vault_sign

​

vault_sign

Enable/disable event signing

warm_storage

Retention window for logs in warm storage. Migrated to cold or deleted afterwards.

warm_storage

warm_storage

Retention window for logs in warm storage. Migrated to cold or deleted afterwards.

partition_overrides

object

Settings overrides for partition-specific configuration

Click 'Save' to use the value

Settings overrides for partition-specific configuration

datastore

string

Use specific datastore. Ex: AIDR uses postgres as datastore.

datastore

​

datastore

Use specific datastore. Ex: AIDR uses postgres as datastore.

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Configuration options available for audit service

Configuration options available for audit service

id

string

The config ID

The config ID

version

integer

(default: 1)

created_at

string (date-time)

The DB timestamp when this config was created. Ignored when submitted.

The DB timestamp when this config was created. Ignored when submitted.

updated_at

string (date-time)

The DB timestamp when this config was last updated at

The DB timestamp when this config was last updated at

name

string

configuration name

configuration name

retention

Retention window to store audit logs.

Retention window to store audit logs.

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information.

Retention window for cold query result / state information.

hot_storage(default: "14d")

Retention window to keep audit logs in hot storage.

Retention window to keep audit logs in hot storage.

query_result_retention

string

(default: "2d")

Length of time to preserve server-side query result caching.

Length of time to preserve server-side query result caching.

redact_service_config_id

string, null

A redact service config that will be used to redact PII from logs.

A redact service config that will be used to redact PII from logs.

redaction_fields

array<string>

Fields to perform redaction against.

Fields to perform redaction against.

vault_service_config_id

string, null

A vault service config that will be used to sign logs.

A vault service config that will be used to sign logs.

vault_key_id

string

ID of the Vault key used for signing. If missing, use a default Audit key

ID of the Vault key used for signing. If missing, use a default Audit key

vault_sign

boolean

(default: false)

Enable/disable event signing

Enable/disable event signing

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/delete

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/delete' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

This endpoint cannot be called through the documentation site

Delete audit config (Beta)

POST

https://audit.aws.us.pangea.cloud/v1beta/config/delete

required parameters

id

string

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

Configuration options available for audit service

Configuration options available for audit service

id

string

The config ID

The config ID

version

integer

(default: 1)

created_at

string (date-time)

The DB timestamp when this config was created. Ignored when submitted.

The DB timestamp when this config was created. Ignored when submitted.

updated_at

string (date-time)

The DB timestamp when this config was last updated at

The DB timestamp when this config was last updated at

name

string

configuration name

configuration name

retention

Retention window to store audit logs.

Retention window to store audit logs.

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information.

Retention window for cold query result / state information.

hot_storage(default: "14d")

Retention window to keep audit logs in hot storage.

Retention window to keep audit logs in hot storage.

query_result_retention

string

(default: "2d")

Length of time to preserve server-side query result caching.

Length of time to preserve server-side query result caching.

redact_service_config_id

string, null

A redact service config that will be used to redact PII from logs.

A redact service config that will be used to redact PII from logs.

redaction_fields

array<string>

Fields to perform redaction against.

Fields to perform redaction against.

vault_service_config_id

string, null

A vault service config that will be used to sign logs.

A vault service config that will be used to sign logs.

vault_key_id

string

ID of the Vault key used for signing. If missing, use a default Audit key

ID of the Vault key used for signing. If missing, use a default Audit key

vault_sign

boolean

(default: false)

Enable/disable event signing

Enable/disable event signing

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/list

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/list' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

List audit configs (Beta)

POST

https://audit.aws.us.pangea.cloud/v1beta/config/list

List audit service configs

fields

filter

object

id

string

Only records where id equals this value.

id

id

Only records where id equals this value.

id__contains

array<string>

Only records where id includes each substring.

Click 'Save' to use the value

Only records where id includes each substring.

id__in

array<string>

Only records where id equals one of the provided substrings.

Click 'Save' to use the value

Only records where id equals one of the provided substrings.

created_at

string (date-time)

Only records where created_at equals this value.

created_at

created_at

Only records where created_at equals this value.

created_at__gt

string (date-time)

Only records where created_at is greater than this value.

created_at__gt

created_at__gt

Only records where created_at is greater than this value.

created_at__gte

string (date-time)

Only records where created_at is greater than or equal to this value.

created_at__gte

created_at__gte

Only records where created_at is greater than or equal to this value.

created_at__lt

string (date-time)

Only records where created_at is less than this value.

created_at__lt

created_at__lt

Only records where created_at is less than this value.

created_at__lte

string (date-time)

Only records where created_at is less than or equal to this value.

created_at__lte

created_at__lte

Only records where created_at is less than or equal to this value.

updated_at

string (date-time)

Only records where updated_at equals this value.

updated_at

updated_at

Only records where updated_at equals this value.

updated_at__gt

string (date-time)

Only records where updated_at is greater than this value.

updated_at__gt

updated_at__gt

Only records where updated_at is greater than this value.

updated_at__gte

string (date-time)

Only records where updated_at is greater than or equal to this value.

updated_at__gte

updated_at__gte

Only records where updated_at is greater than or equal to this value.

updated_at__lt

string (date-time)

Only records where updated_at is less than this value.

updated_at__lt

updated_at__lt

Only records where updated_at is less than this value.

updated_at__lte

string (date-time)

Only records where updated_at is less than or equal to this value.

updated_at__lte

updated_at__lte

Only records where updated_at is less than or equal to this value.

last

string

Reflected value from a previous response to obtain the next page of results.

last

last

Reflected value from a previous response to obtain the next page of results.

order

string

Order results asc(ending) or desc(ending).

order

​

order

Order results asc(ending) or desc(ending).

order_by

string

Which field to order results by.

order_by

​

order_by

Which field to order results by.

size

integer

Maximum results to include in the response.

• minimum: 1

size

size

Maximum results to include in the response.

• minimum: 1

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

object

count

integer

The total number of service configs matched by the list request.

The total number of service configs matched by the list request.

last

string

Used to fetch the next page of the current listing when provided in a repeated request's last parameter.

Used to fetch the next page of the current listing when provided in a repeated request's last parameter.

items

Configuration options available for audit service

Configuration options available for audit service

id

string

The config ID

The config ID

version

integer

(default: 1)

created_at

string (date-time)

The DB timestamp when this config was created. Ignored when submitted.

The DB timestamp when this config was created. Ignored when submitted.

updated_at

string (date-time)

The DB timestamp when this config was last updated at

The DB timestamp when this config was last updated at

name

string

configuration name

configuration name

retention

Retention window to store audit logs.

Retention window to store audit logs.

cold_query_result_retention

string

(default: "2d")

Retention window for cold query result / state information.

Retention window for cold query result / state information.

hot_storage(default: "14d")

Retention window to keep audit logs in hot storage.

Retention window to keep audit logs in hot storage.

query_result_retention

string

(default: "2d")

Length of time to preserve server-side query result caching.

Length of time to preserve server-side query result caching.

redact_service_config_id

string, null

A redact service config that will be used to redact PII from logs.

A redact service config that will be used to redact PII from logs.

redaction_fields

array<string>

Fields to perform redaction against.

Fields to perform redaction against.

vault_service_config_id

string, null

A vault service config that will be used to sign logs.

A vault service config that will be used to sign logs.

vault_key_id

string

ID of the Vault key used for signing. If missing, use a default Audit key

ID of the Vault key used for signing. If missing, use a default Audit key

vault_sign

boolean

(default: false)

Enable/disable event signing

Enable/disable event signing

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1beta/config/partition_overrides

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1beta/config/partition_overrides' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

Update retention for a partition value (Beta)

POST

https://audit.aws.us.pangea.cloud/v1beta/config/partition_overrides

Update the retention settings for a specific partitioned value. This beta endpoint accepts an overrides object whose keys are the partition values (for example, individual tenant_ids) and whose values specify custom warm- and cold-storage retention periods. You must first enable partitioning on your audit configuration schema (typically set on the tenant_id field).

required parameters

id

string

The config ID

id

id

The config ID

overrides

object

Partition overrides. The key is the partition name, and the value is the configuration for that partition.

Click 'Save' to use the value

Partition overrides. The key is the partition name, and the value is the configuration for that partition.

Pattern Property: .*

object

warm_storage

Retention window for logs in warm storage. Migrated to cold or deleted afterwards.

Retention window for logs in warm storage. Migrated to cold or deleted afterwards.

cold_storage

Retention window for logs in cold storage. Deleted afterwards. Minimum 180d.

Retention window for logs in cold storage. Deleted afterwards. Minimum 180d.

Response Fields

Response Schema

object

Pangea standard response schema

Pangea standard response schema

result

object

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Status Codes

Status	Status Code	Description
TreeNotFound	200	A tree has not been built for proofs. This is likely due to a lack of audit messages ingested.
BadOffset	400	The offset provided is invalid or out of range.
ForwardingError	400	Forwarder has experienced an error while forwarding messages
InvalidSchema	400	The configured schema is not valid for this endpoint.
NoForwarderConfigured	400	Testing a forwarder requires a forwarder to be configured
ForbiddenFieldValue	403	A field value was supplied that is not allowed by the token's field restrictions.

Was this article helpful?

Contact us