Run a report.

This endpoint is used to run most of the reports. Provide the report name and request payload in the body section.

Entitlements required: readReports or manageReports.

POST /reporting/v1.0/reports/{report_name} - API is used to get the first batch of events.
POST /reporting/v1.0/reports/{report_name}_search_after - API to get the remaining events.

For example, to get the authentication event attributes that are included in the table for authentication activity, you can use the following payloads:

Report NameExample Payload Request
auth_audit_trail{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SORT_BY":"time",
"SORT_ORDER":"asc"
}
auth_audit_trail_search_after{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SORT_BY":"time",
"SORT_ORDER":"asc",
"SEARCH_AFTER":""1554479231870","30f5a726-0e11-4066-a49f-e1e1d03a62b4""
}
The SEARCH_AFTER value is an array of the timestamp and ID of the last response entry from the auth_audit_trail report.
auth_audit_trail with SUBTYPE filter{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SUBTYPE":""mfa","federation"",
"SORT_BY":"time",
"SORT_ORDER":"asc"
}

Note: Filter values must be in a comma separated list that is surrounded by quotation marks and the quotation marks must be escaped.

Language
URL