from

string <date-time>

Optional

Information about user actions from the date and time specified according to RFC 3339 standards will be obtained. For example, 2018-10-20T15:04:05Z or 2018-10-30T15:04:05%2B03:00 with specified time zone (here %2B is the percent-encoded '+' character).

If this parameter is not specified, information about all user actions that occurred starting from Kaspersky Research Sandbox installation will be obtained.

to

string <date-time>

Optional

Information about user actions until the date and time specified according to RFC 3339 standards will be obtained. For example, 2018-10-20T15:04:05Z or 2018-10-30T15:04:05%2B03:00 with specified time zone (here %2B is the percent-encoded '+' character).

If this parameter is not specified, information about all user actions that occurred until the audit method execution will be obtained.

action

string

Optional

User actions, for which you want to obtain audit information.

If this parameter is not specified, information about all user actions will be obtained.

Available values:

• login—User attempted to sign in to Kaspersky Research Sandbox.
• logout—User signed out from Kaspersky Research Sandbox or session expired.
• eula_agree—User accepted the End User License Agreement.
• account_add—User created a new Kaspersky Research Sandbox account.
• account_del—User deleted Kaspersky Research Sandbox account.
• account_edit—User changed Kaspersky Research Sandbox account settings.
• account_pwd_change—User changed the account password.
• create_task—User created a sample execution task.
• rescan_task—User rescanned a sample.
• export_task_results—User exported sample execution results (using web interface and RESTful API).
• export_task_section—User exported a certain section results (using web interface and RESTful API).
• download_task_results—User downloaded file execution results from Kaspersky Research Sandbox web interface.
• create_image—User created an image.
• import_image—User imported an image.
• export_image—User exported an image.
• update_image—User updated an image.
• delete_image—User deleted an image.
• activate_image—User activated an image.
• export_image_manifest—User exported an image manifest.
• deploy_snapshot—User deployed an execution environment.
• delete_snapshot—User deleted an execution environment.
• update_snapshot—User updated an execution environment.
• upload_storage_media—User uploaded a storage media.
• update_storage_media—User updated a storage media.
• delete_storage_media—User deleted a storage media.

limit

integer

Optional

Number of records to obtain.

Available values: 0-10000.

Default value: 10000.

If this parameter is not specified or limit=0 is specified, information about all records will be displayed.

ascending

boolean

Optional

Sorts entries in ascending or descending order:

• true—Sorts entries in ascending order.
• false—Sorts entries in descending order.

cURL command example:

$ curl -u <user name> --request GET https://<server name>/api/v1/audit?from=2018-10-30T15:04:05%2B03:00

You will be asked to enter your password. The password is not displayed while you type it.

Id

string

Audit record ID.

Ts

string <date-time>

Date and time when the audit information was saved, according to RFC 3339 standard.

Action

string

User action type (for example, login).

Username

string

User name (login) of the Kaspersky Research Sandbox user account, for which the audit information is obtained.

Data

array of objects

Specific data for each type (action) of audit record.

200 OK response example:

[

{

"Id": "string",

"Ts": "2018-10-20T15:04:05Z",

"Action": "string",

"Username": "string",

"Data": {

"AuthResult": "success",

"Login": "string",

"PassHash": "*"

}

]

code

string

Error ID.

message

string

Error description.

meta

string

Additional information, if available.

Error examples:

Incorrect username parameter:

{"code":42,"message":"invalid value","meta":"username"}

Incorrect limit parameter:

{"code":42,"message":"invalid value","meta":"limit"}