List Audit Events

Bearer authentication of the form Bearer <token>, where token is your auth token.

Authentication mode the actor used.

Resources with a specified ID. If a resource matches at least one ID, the associated event is returned. Format is a comma-separated list of “<resourceType>/<resourceID>”. For example, “VAULT/12345, USER/67890”.

Events with associated tags. If an event matches at least one tag, the event is returned. Comma-separated list. For example, “login, get”.

Fully-qualified field by which to sort results. Field names should be in camel case (for example, “capitalization.camelCase”).

Member who sent the request. Depending on actorType, this may be a user ID or a service account ID.

HTTP Origin request header (including scheme, hostname, and port) of the request.

Timestamp provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.

Change ID provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.