Run a report.

This endpoint is used to run most of the reports. Provide the report name and request payload in the body section.

Entitlements required: readReports or manageReports.

POST /reporting/v1.0/reports/{report_name} - API is used to get the first batch of events.
POST /reporting/v1.0/reports/{report_name}_search_after - API to get the remaining events.

For example, to get the authentication event attributes that are included in the table for authentication activity, you can use the following payloads:

Report NameExample Payload Request
auth_audit_trail{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SORT_BY":"time",
"SORT_ORDER":"asc"
}
auth_audit_trail_search_after{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SORT_BY":"time",
"SORT_ORDER":"asc",
"SEARCH_AFTER":""1554479231870","30f5a726-0e11-4066-a49f-e1e1d03a62b4""
}
The SEARCH_AFTER value is an array of the timestamp and ID of the last response entry from the auth_audit_trail report.
auth_audit_trail with SUBTYPE filter{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SUBTYPE":""mfa","federation"",
"SORT_BY":"time",
"SORT_ORDER":"asc"
}

Note: Filter values must be in a comma separated list that is surrounded by quotation marks and the quotation marks must be escaped.

Path Params
string
required

The name of the report.
Some example report names are

Report NamesDisplay name
auth_audit_trail, auth_audit_trail_search_afterAuthentication activity
app_audit_trail, app_audit_trail_search_afterApplication usage
admin_activity, admin_activity_search_afterAdmin activity
user_activity, user_activity_search_afterUser activity
mfa_activity, mfa_activity_search_afterMFA activity
risk_adaptive_access, risk_adaptive_access_search_afterAdaptive access

Body Params

Report parameters:

The default value of the optional filters is a wildcard ""*"".
For example, to apply a SUBTYPE filter with a single value or a RESULT filter with multiple values, quotes must be escaped. "SUBTYPE":""mfa"" or "RESULT":""failure","success""

NOTE: The default values for the following filters is: SORT_ORDER - desc, SORT_BY- time, FROM - now-24h, TO - now, and SIZE - 10. The range for size is 1 to 10000.

Report NamesOptional FiltersRequest Payload Parameters
auth_audit_trail, auth_audit_trail_search_afterRESULT, USERNAME, REALM, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, SOURCE_TYPE, DEVICE_ID, MDM_COMPLIANT, MDM_MANAGED, PROVIDER_ID, SUBTYPE
app_audit_trail, app_audit_trail_search_afterRESULT, USERNAME, REALM, CLIENT_IP, APP_NAME, COUNTRY_NAME, COUNTRY_CODE, SOURCE_TYPE, DEVICE_ID, MDM_COMPLIANT, MDM_MANAGED, APP_TYPE, PROVIDER_ID, CLIENT_ID, REDIRECT_URL, CAUSEAPPID
admin_activity, admin_activity_search_afterPERFORMED_BY_USERNAME, PERFORMED_BY_REALM, PERFORMED_BY_CLIENTNAME, PERFORMED_BY_TYPE, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, TARGET_ID, ACTION, RESOURCE
user_activity, user_activity_search_afterRESULT, PERFORMED_BY_USERNAME, CLIENT_IP, EVENT_TYPE, COUNTRY_NAME, COUNTRY_CODEUSERID
mfa_activity, mfa_activity_search_afterREALM, RESULT, USERNAME, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, MFA_METHOD, MFA_DEVICE
risk_adaptive_access, risk_adaptive_access_search_afterREALM, USERNAME, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, RISK_LEVEL

Responses

400

The request is invalid.

403

The access token is denied access to the requested resource.

408

The Request has been timed out.

Language
URL
Choose an example:
application/json