Run a report.

post https://{tenanturl}/v1.0/reports/{name}

This endpoint is used to run most of the reports. Provide the report name and request payload in the body section.

Entitlements required: readReports or manageReports.

POST /reporting/v1.0/reports/{report_name} - API is used to get the first batch of events.
POST /reporting/v1.0/reports/{report_name}_search_after - API to get the remaining events.

For example, to get the authentication event attributes that are included in the table for authentication activity, you can use the following payloads:

Report Name	Example Payload Request
auth_audit_trail	{ "FROM":"now-24h", "TO":"now", "SIZE":"10", "SORT_BY":"time", "SORT_ORDER":"asc" }
auth_audit_trail_search_after	{ "FROM":"now-24h", "TO":"now", "SIZE":"10", "SORT_BY":"time", "SORT_ORDER":"asc", "SEARCH_AFTER":""1554479231870","30f5a726-0e11-4066-a49f-e1e1d03a62b4"" } The SEARCH_AFTER value is an array of the timestamp and ID of the last response entry from the auth_audit_trail report.
auth_audit_trail with SUBTYPE filter	{ "FROM":"now-24h", "TO":"now", "SIZE":"10", "SUBTYPE":""mfa","federation"", "SORT_BY":"time", "SORT_ORDER":"asc" }

Note: Filter values must be in a comma separated list that is surrounded by quotation marks and the quotation marks must be escaped.

Path Params

name

string

required

The name of the report.
Some example report names are

Report Names	Display name
auth_audit_trail, auth_audit_trail_search_after	Authentication activity
app_audit_trail, app_audit_trail_search_after	Application usage
admin_activity, admin_activity_search_after	Admin activity
user_activity, user_activity_search_after	User activity
mfa_activity, mfa_activity_search_after	MFA activity
risk_adaptive_access, risk_adaptive_access_search_after	Adaptive access

Body Params

Report parameters:

The default value of the optional filters is a wildcard ""*"".
For example, to apply a SUBTYPE filter with a single value or a RESULT filter with multiple values, quotes must be escaped. "SUBTYPE":""mfa"" or "RESULT":""failure","success""

NOTE: The default values for the following filters is: SORT_ORDER - desc, SORT_BY- time, FROM - now-24h, TO - now, and SIZE - 10. The range for size is 1 to 10000.

Report Names	Optional Filters	Request Payload Parameters
auth_audit_trail, auth_audit_trail_search_after	RESULT, USERNAME, REALM, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, SOURCE_TYPE, DEVICE_ID, MDM_COMPLIANT, MDM_MANAGED, PROVIDER_ID, SUBTYPE
app_audit_trail, app_audit_trail_search_after	RESULT, USERNAME, REALM, CLIENT_IP, APP_NAME, COUNTRY_NAME, COUNTRY_CODE, SOURCE_TYPE, DEVICE_ID, MDM_COMPLIANT, MDM_MANAGED, APP_TYPE, PROVIDER_ID, CLIENT_ID, REDIRECT_URL, CAUSE	APPID
admin_activity, admin_activity_search_after	PERFORMED_BY_USERNAME, PERFORMED_BY_REALM, PERFORMED_BY_CLIENTNAME, PERFORMED_BY_TYPE, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, TARGET_ID, ACTION, RESOURCE
user_activity, user_activity_search_after	RESULT, PERFORMED_BY_USERNAME, CLIENT_IP, EVENT_TYPE, COUNTRY_NAME, COUNTRY_CODE	USERID
mfa_activity, mfa_activity_search_after	REALM, RESULT, USERNAME, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, MFA_METHOD, MFA_DEVICE
risk_adaptive_access, risk_adaptive_access_search_after	REALM, USERNAME, CLIENT_IP, COUNTRY_NAME, COUNTRY_CODE, RISK_LEVEL

Responses

400

The request is invalid.

403

The access token is denied access to the requested resource.

408

The Request has been timed out.

Language

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://tenant_url/v1.0/reports/name \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json'

Choose an example:

application/json

200Success