RSA SecurID Access User Event Log API

Document created by RSA Information Design and Development on Sep 14, 2018
Version 1Show Document
  • View in full screen mode

The RSA SecurID Access User Event Log API is a REST-based web services interface that allows user event logs to be retrieved from the Cloud Authentication Service. Customers can use this REST API to import the user event logs into their security information and event management (SIEM) solution, such as RSA NetWitness. Event logs are retrieved in chronological order in batches, and do not contain duplicates.

Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration REST APIs .

You can download the API Software Developer Kit (SDK) from https://community.rsa.com/docs/DOC-94122.

Request Requirements

Use the following information in requests to retrieve user events from the Cloud Authentication Service and deliver them to your SIEM solution.

                        
MethodRequest URLResponse BodyResponse Body TypeResponse Codes
GET/AdminInterface/restapi/v1/usereventlog/exportlogs Metadata, plus array of User Event logs application/json200, 400, 403

Request Parameters

The User Event Log REST API allows the following parameters.

                                             
NameDescriptionTypeDefault ValueExample
startTimeAfterTimestamp limit. User events logged after this timestamp are exported.ISO 8601 Date TimeCurrent time - 1 day2018-05-01T11:22:12.828-05:30
endTimeOnOrBefore Timestamp limit. User events logged before or on this timestamp are exported.ISO 8601 Date TimeCurrent time2018-05-09T21:06:33.125-05:30
pageNumberZero-based index of the page to return.Integer05
pageSizeNumber of records to return in a page (or batch). Value between 1-100. Any value specified outside of this range will be treated as 100.Integer10050

Example Request with No Parameters

The following example returns log data for the previous 24 hours.

GET /AdminInterface/restapi/v1/usereventlog/exportlogs

Accept: application/json

Authorization: Bearer <JWT token>

Example Request with Start Time Specified

The following example shows an API request with a specified start time.

The following example shows a REST API request with a specified start time.

GET /AdminInterface/restapi/v1/adminlog/exportlogs?startTimeAfter=2018-05-01T11:22:12.828-05:30

Accept: application/json

Authorization: Bearer <JWT token>

Response Metadata

The following table shows the name, description, and type used for User Event Log API response metadata.

                                 
NameDescriptionType
totalPagesTotal number of pages (or batches) of results.Integer
totalElements Total number of results.Integer
pageSizeNumber of results returned in a page (or batch).Integer
currentPagePage number associated with the results returned in the response.Integer

The following sample response metadata displays 684 results with a default page size of 100.

{

"totalPages": 7,

"totalElements": 684,

"pageSize": 100,

"elements": [

{

......

}

]

}

Response Data

The following table shows user event names, types, and descriptions for the User Event Log API response data.

                                                                                                                 

 

  
NameDescriptionType
eventIdID of user event log.Long
eventLogDateDate and time of user event log, in UTC timezone. Example: 2018-05-13T16:29:59.000 UTCISO 8601 Date Time
eventTypeAlways set to User. String
eventLevelEvent log level, notice, or error.String
eventCategoryAuthentication or Device Management.String
serverIPAddressIP address of the server where the user event occurs.IP Address in String
tenantIdIdentifies the customer's deployment.UUID in String
customerNameCustomer name, as specified in Company Settings.String
userIdUser identifier.String
sourceIPAddressIP Address of the user who generated user events.IP Address
eventCodeUser event code.String
eventDescriptionUser event description.String
applicationAuthenticated application.String
methodAuthentication method.String
deviceNameAuthentication device name.String
deviceIdAuthentication device identifier.String
policyIdAccess policy identifier.String
policyNameAccess policy name.Boolean
authenticationDetailsAuthentication details.String
assuranceLevelAssurance level used in the access policy.String

 

 

 

You are here
Table of Contents > Cloud Administration REST APIs > RSA SecurID Access User Event Log API

Attachments

    Outcomes