Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

DPoD APIs

About the Audit Query API

search

About the Audit Query API

About the Audit Query API

Data Protection on Demand (DPoD) collects audit logs for Luna Cloud HSM Services. Users can generate audit log files and retrieve signed URLs for access to audit log files using the Audit Query API /v1/audit-log-exports endpoint and a set of Platform Credentials. Audit log files contain an array of audit logs which provide a record of the outcome of an action by an actor on a resource in a DPoD tenant.

DPoD provides a default audit log retention policy for all users. This policy retains all audit logs for one year (12 months).

Service Provider Administrators cannot access their tenant's audit logs. Tenant Administrators can access logs for all Luna Cloud HSM Services in their tenant. Application Owners can access logs for Luna Cloud HSM Services in their subscriber group.

Note

Audit logs are supported for Luna Cloud HSM Services using client version 10.2 or newer.

Example requests

See Generate Audit Log File and Retrieve Audit Log File in Using the APIs for example Audit Query API requests.

Tip

You cannot generate an audit log file larger than 1GB. If you are unable to generate an audit log file and are adhering to the maximum 31 day polling period, we recommend reducing the polling period, or filtering, to narrow the scope of your audit and generate smaller audit log files.

Audit logs

Audit logs provide a record of the outcome (status) of an action (action) by an actor (actorID) on a resource (resourceID). The audit log file is a .ZIP that contains a JSON list of audit logs.

The maximum retrievable file size for an audit log file .ZIP is 1mb. If you generate an audit log file .ZIP larger than 1mb you will be unable to download the file. We recommend using filtering when generating your audit log file to narrow the scope of your audit and produce smaller audit log files.

Audit logs have the following format:


{
    "time":"<logTime>", 
    "source":"<logSource>",
    "resourceID":"<logResource>",
    "actorID":"<logActor>",
    "tenantID":"<logTenantId>",
    "action":"<logAction>",
    "status":"<logStatus>",
    "traceID":"<traceID>",
    "meta":{"<logMeta>"}
}

Common values

The following values are common and will appear in all DPoD audit logs:

Value Description
"time" The time of the action. A timestamp in RFC3339 format. If the use case records the audit log time to a fraction of a second DPoD counts those fractions of a second in microseconds. The timestamp takes the format <YYYY>-<MM>-<DD> <hour>:<minute>:<second>.<microsecond> UTC.
"tenantID" The GUID of the tenant that owns the log.
"traceID" A unique identifier for the audit log for tracking audit logs throughout the audit system.

Use case specific values

The source, resourceid, actorid, action, status, and meta values have use case specific descriptions. Please see the use case specific audit log documentation for more information.