About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
post https://{tenanturl}/v1.0/reports/
This endpoint is used to run most of the reports. Provide the report name and request payload in the body section.
Entitlements required: readReports or manageReports.
POST /reporting/v1.0/reports/{report_name} - API is used to get the first batch of events.
POST /reporting/v1.0/reports/{report_name}_search_after - API to get the remaining events.
For example, to get the authentication event attributes that are included in the table for authentication activity, you can use the following payloads:
Report Name | Example Payload Request |
---|---|
auth_audit_trail | { "FROM":"now-24h", "TO":"now", "SIZE":"10", "SORT_BY":"time", "SORT_ORDER":"asc" } |
auth_audit_trail_search_after | { "FROM":"now-24h", "TO":"now", "SIZE":"10", "SORT_BY":"time", "SORT_ORDER":"asc", "SEARCH_AFTER":""1554479231870","30f5a726-0e11-4066-a49f-e1e1d03a62b4"" } The SEARCH_AFTER value is an array of the timestamp and ID of the last response entry from the auth_audit_trail report. |
auth_audit_trail with SUBTYPE filter | { "FROM":"now-24h", "TO":"now", "SIZE":"10", "SUBTYPE":""mfa","federation"", "SORT_BY":"time", "SORT_ORDER":"asc" } |
Note: Filter values must be in a comma separated list that is surrounded by quotation marks and the quotation marks must be escaped.
Responses
400The request is invalid.
403The access token is denied access to the requested resource.
408The Request has been timed out.