This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID® Access Cloud Authentication Service Documentation

Browse the official RSA SecurID Access Cloud Authentication Service documentation for helpful resources for the product, step-by-step instructions, and other valuable resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Versions
Collections
All Downloads

Table of Contents

Product Resources

Cloud Administration Event Log API

The Cloud Administration Event Log API is a REST-based web services interface that allows audit log events to be retrieved from the Cloud Authentication Service.

The Cloud Administration Event Log API is a REST-based web services interface that allows audit log events to be retrieved from the Cloud Authentication Service. You can use this REST API to import the audit log events into your security information and event management (SIEM) solution, such as RSA NetWitness. Events are retrieved in chronological order in batches, and do not contain duplicates. They can be filtered by date range. Events are retained for 90 days and then purged.

The endpoint, which can be either the SIEM or another client, uses the Administration API Key to call the Administration Event Log API. The Super Admin generates this key and provides it to the Client Developer, as described in Manage the Cloud Administration API Keys.

For information on audit log messages that describe Super Admin activities, see Administration Log Messages for the Cloud Authentication Service .

Authentication

Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs .

Administrative Roles

This API can use an API key that is associated with either the Super Administrator or Help Desk Administrator role. For more information, see Manage the Cloud Administration API Keys.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following method, request URL, body response, response body type, and response codes to retrieve audit log events from the Cloud Authentication Service and deliver them to your SIEM solution.

MethodRequest URLResponse BodyResponse Body TypeResponse Codes
GET/AdminInterface/restapi/v1/adminlog/exportlogs Metadata plus array of Admin log eventsapplication/json 200, 400, 403

Request Parameters

The Administration Log Event API allows the following optional parameters.

NameDescriptionTypeDefault ValueExample
startTimeAfterStart time of log events.ISO 8601 Date TimeCurrent time - 1 day2018-05-01T11:22:12.828-05:30
endTimeOnOrBefore End time of log events.ISO 8601 Date TimeCurrent time2018-05-09T21:06:33.125-05:30
pageNumberZero-based index of the page to return.Integer05
pageSizeNumber of records to return in a page (or batch). Value between 1-100. Any value specified outside of this range will be treated as 100.Integer10050

Request Examples

The following example displays a REST API request with no parameters.

GET /AdminInterface/restapi/v1/adminlog/exportlogs

Accept: application/json

Authorization: Bearer <JWT token>

The following example shows a REST API request with a specified start time.

GET /AdminInterface/restapi/v1/adminlog/exportlogs?startTimeAfter=2018-05-01T11:22:12.828-05:30

Accept: application/json

Authorization: Bearer <JWT token>

Responses

The following table shows response metadata.

ParameterDescriptionType
totalPages Total number of pages (or batches) of results. Integer
totalElements Total number of resultsInteger
pageSize Number of results returned in a page (or batch)Integer

The following example shows sample response metadata with 684 total results and a default page size of 100.

{

"totalPages": 7,

"totalElements": 684,

"pageSize": 100,

"elements": [

{

......

}

]

}

The following table shows API response data.

ParameterDescriptionType
eventIdIdentifies the event.String
eventLogDateDate and time of the log event, in UTC timezone. Example: 2018-05-13T16:29:59.000 UTCISO 8601 Date Time
eventTypeAlways set to Administration.String
serverURLThe Administration Server URL.
Example: https://access.securid.com/AdminInterface		String
serverIPAddress

Public load balancer IP address of the Cloud Authentication Service.

IP Address
applicationRSA SecurID Access.String
customerIdInternal company specifier.String
customerNameCompany name, as specified in Company Settings.String
sourceIPAddressIP address used by the Super Admin account that performed the operation.IP Address
adminUserNameUsername or email address used by the Super Admin who performed the operation.String
adminUserRoleRole of the administrator who performed the operation. Values are Super Administrator, Help Desk Administrator, and Support Administrator.String
activityKeyActivity key of the administration operation. See Administration Log Messages for the Cloud Authentication Service .String
activityCodeUnique activity code of the administration operation. See Administration Log Messages for the Cloud Authentication Service .Integer
resultResult of the administration operation. (SUCCESS or FAILURE)String
reasonKeyReason for failure.String
messageDescribes the administration operation.String
requiresPublishAdministration operation requires a publish. Values are true or false.Boolean

targetObject1Id

targetObject1Name

targetObject1Type

targetObject2Id

targetObject2Name

targetObject2Type

Identifies the target object of the administrative activity. Examples of administrative activity are ADD_POLICY and DELETE_POLICY. Publishing does not have a target object.String

Example Response

{

"totalPages": 1,

"totalElements": 2,

"pageSize": 100,

"elements": [

{

"eventId": 767,

"eventLogDate": "2018-05-13T16:29:59.000 UTC",

"eventType": "Administration",

"serverURL": "https://access.securid.com/AdminInterface/",

"serverIPAddress": "191.237.22.167",

"application": "RSA SecurID Access",

"customerId": 3,

"customerName": "mycompanyname",

"sourceIPAddress": "1.2.3.4",

"adminUserName": "admin@mycompany.com",

"adminUserRole": "Super Administrator",

"activityKey": "SIGNIN_SUCCESS",

"activityCode": 80001,

"result": "SUCCESS",

"reasonKey": "",

"message": "admin@mycompany.com successfully signed in",

"requiresPublish": false

"targetObject1Id": null,

"targetObject1Name": null,

"targetObject1Type": null,

"targetObject2Id": null,

"targetObject2Name": null,

"targetObject2Type": null

},

{

"eventId": 768,

"eventLogDate": "2018-05-13T16:32:09.000 UTC",

"eventType": "Administration",

"serverURL": "https://access.securid.com/AdminInterface/",

"serverIPAddress": "191.237.22.167", ,

"application": "RSA SecurID Access",

"customerId": 3,

"customerName": "mycompanyname",

"sourceIPAddress": "1.2.3.4",

"adminUserName": "admin@mycompany.com",

"adminUserRole: "Super Administrator",

"activityKey": "ADD_ADMIN_API_KEY",

"activityCode": 80400,

"result": "SUCCESS",

"reasonKey": "",

"message": "admin@mycompany.com added an

Admin API Key 139f6495-e447-4a26-a765-5c01b6152d5",

"requiresPublish": false,

"targetObject1Id": 18,

"targetObject1Name": "139f6495-e447-4a26-a765-5c01b6b152d5",

"targetObject1Type": "ADMIN_API_KEY",

"targetObject2Id": null,

"targetObject2Name": null,

"targetObject2Type": null

}

]

}

 

 

 

You are here
Table of Contents > Cloud Administration APIs > Cloud Administration Event Log API
Labels (1)
Labels:
0 Likes
Was this article helpful? Yes No
No ratings

On this page

© 2021 RSA Security LLC or its affiliates.
All rights reserved.