List Audit Events
Authentication
Query parameters
Member who sent the request. Depending on actorType, this may be a user ID or a service account ID.
HTTP Origin request header (including scheme, hostname, and port) of the request.
Authentication mode the actor used.
Resources with a specified ID. If a resource matches at least one ID, the associated event is returned. Format is a comma-separated list of “<resourceType>/<resourceID>”. For example, “VAULT/12345, USER/67890”.
Fully-qualified field by which to sort results. Field names should be in camel case (for example, “capitalization.camelCase”).
Timestamp provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.
Change ID provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.