GET
/
v1
/
tenant
/
audit-logs
List audit logs in a tenant
curl --request GET \
  --url https://{region}.api.plerion.com/v1/tenant/audit-logs \
  --header 'Authorization: Bearer <token>'
{
  "data": [
    {
      "id": "audit-log-12345",
      "organizationId": "dc16d897-7f52-4b73-be57-96c7c9a853da",
      "tenantId": "42749bc1-c99b-4c2c-a081-a6cda9370081",
      "operation": "UserLogin",
      "operationTime": "2023-02-04T06:02:40.594Z",
      "operatorUserId": "b3b6a8e2-1c2d-4e5f-9a7b-2c3d4e5f6a7b",
      "operatorEmail": "user@example.com",
      "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
      "ip": "192.168.1.1",
      "location": {
        "country": "United States",
        "city": "New York",
        "region": "NY"
      }
    }
  ],
  "meta": {
    "cursor": "k3d83a9b-k3dk-5lkd-2ldk-9kd77c1beb6",
    "perPage": 10
  }
}

Authorizations

Authorization
string
header
required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Headers

Authorization
string
required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Content-Type
string

application/json

Query Parameters

operationTimeStart
string<date-time>

Start of the date range for filtering audit logs based on operation time. Specify the start of the range using a valid ISO 8601 date-time string. If operationTimeStart is provided and operationTimeEnd is omitted, results will include audit logs from this date to the present. Supported formats include:

  • yyyy-MM-ddTHH:mm:ssZ (e.g., 2020-12-18T08:00:00Z)
  • yyyy-MM-ddTHH:mm:ss.SSSZ (e.g., 2020-12-18T08:00:00.000Z)
Example:

"2023-02-01T18:09:07Z"

operationTimeEnd
string<date-time>

End of the date range for filtering audit logs based on operation time. Specify the end of the range using a valid ISO 8601 date-time string. If operationTimeEnd is provided and operationTimeStart is omitted, results will include audit logs up to this date. Supported formats include:

  • yyyy-MM-ddTHH:mm:ssZ (e.g., 2020-12-18T08:00:00Z)
  • yyyy-MM-ddTHH:mm:ss.SSSZ (e.g., 2020-12-18T08:00:00.000Z)
Example:

"2023-02-01T18:09:07Z"

userId
string

Filter audit logs based on operator user ID.

Example:

"b3b6a8e2-1c2d-4e5f-9a7b-2c3d4e5f6a7b"

operation
enum<string>

Filter audit logs based on operation type.

Available options:
ConfiguredServiceAccountRegion,
CreatePleriApiKey,
CreatedApiKey,
CreatedAssetGroup,
CreatedClickUpOutboundIntegration,
CreatedCustomReport,
CreatedDetectionSetting,
CreatedDrataOutboundIntegration,
CreatedEmailOutboundIntegration,
CreatedFramework,
CreatedIntegration,
CreatedJiraOutboundIntegration,
CreatedJiraSecurityOutboundIntegration,
CreatedNotificationRule,
CreatedOutboundIntegration,
CreatedPagerDutyOutboundIntegration,
CreatedPartnerSSO,
CreatedSQSOutboundIntegration,
CreatedSecurityHubOutboundIntegration,
CreatedSentinelOutboundIntegration,
CreatedServiceAccount,
CreatedServiceNowOutboundIntegration,
CreatedSlackOutboundIntegration,
CreatedTeamsOutboundIntegration,
CreatedVantaOutboundIntegration,
CreatedWebhookOutboundIntegration,
CreatedWellArchitectedWorkload,
CreatedWidget,
CreatedWorkflow,
DeleteIntegrationStarted,
DeleteTenantInternalStarted,
DeleteTenantStarted,
DeletedAssetGroup,
DeletedCustomReport,
DeletedDetectionSetting,
DeletedFramework,
DeletedNotification,
DeletedOutboundIntegration,
DeletedPartnerSSO,
DeletedRiskNotificationPreference,
DeletedServiceAccount,
DeletedServiceAccountRegion,
DeletedWidget,
DeletedWorkflow,
DownloadedComplianceSummary,
FlaggedAlert,
LoggedInPartnerSSO,
RevokedApiKey,
ScheduleCustomReport,
SendRiskToOutboundIntegration,
SuppressedFinding,
TriggeredScan,
UpdateAlertAcknowledgement,
UpdatedAlert,
UpdatedApiKey,
UpdatedAssetGroup,
UpdatedClickUpOutboundIntegration,
UpdatedCustomReport,
UpdatedDetectionSetting,
UpdatedDetectionSettingAssignment,
UpdatedEmailOutboundIntegration,
UpdatedFramework,
UpdatedIntegration,
UpdatedIntegrationDetectionConfigs,
UpdatedJiraOutboundIntegration,
UpdatedJiraSecurityOutboundIntegration,
UpdatedNotification,
UpdatedOutboundIntegration,
UpdatedPagerDutyOutboundIntegration,
UpdatedPartnerSSO,
UpdatedPassword,
UpdatedRiskLifecycle,
UpdatedRiskNotificationPreference,
UpdatedSQSOutboundIntegration,
UpdatedSecurityHubOutboundIntegration,
UpdatedSentinelOutboundIntegration,
UpdatedServiceAccount,
UpdatedServiceAccountRegion,
UpdatedServiceNowOutboundIntegration,
UpdatedSlackOutboundIntegration,
UpdatedTeamsOutboundIntegration,
UpdatedVantaOutboundIntegration,
UpdatedWebhookOutboundIntegration,
UpdatedWellArchitectedWorkload,
UpdatedWidget,
UpdatedWorkflow,
UserLoggedOut,
UserLogin,
UserSSOLogin,
VerifiedMFA,
WellArchitectedDeletedWorkload
Example:

"UserLogin"

perPage
number
default:100

Specify the batch size of the list. Used for pagination

Required range: x <= 1000
Example:

100

cursor
string

Get the next batch of audit logs. Used for pagination. When cursor is provided, the response will not include total count.

Example:

"k3d83a9b-k3dk-5lkd-2ldk-9kd77c1beb6"

Response

200
application/json

Audit logs list

The response is of type object.