diff --git a/docs/platform/maintain/log.mdx b/docs/platform/maintain/log.mdx index ddc7604e5..600fc818f 100644 --- a/docs/platform/maintain/log.mdx +++ b/docs/platform/maintain/log.mdx @@ -35,6 +35,123 @@ Mondoo tracks administrative events, such as organization and access management 3. Select **Audit Log**. +## Using the Audit Log API + +Organization audit logs are available via our GraphQL API. To access the API, you must have created an [API key](/platform/maintain/access/api-keys). + +The GraphQL query to get the audit log for an organization is: + +``` +{ + "variables": { + "first": 25, + "resourceMrn": "//captain.api.mondoo.app/organizations/" + }, + "query": "query AuditLogForwardPagination($first: Int, $after: String, $orderBy: AuditLogOrder = {direction: DESC, field: TIMESTAMP}, $resourceMrn: String!) { + auditlog( + first: $first + after: $after + orderBy: $orderBy + resourceMrn: $resourceMrn + ) { + totalCount + edges { + cursor + node { + identity { + name + mrn + } + resource + action + timestamp + msg + } + } + pageInfo { + startCursor + endCursor + hasNextPage + } + } + }" +} +``` + +To test this using cURL, store the query in file named "query.json" and execute like so, being sure to have sepcified your organization ID in the query: + +``` +$ cat query.json +{ + "variables": { + "first": 25, + "resourceMrn": "//captain.api.mondoo.app/organizations/" + }, + "query": "query AuditLogForwardPagination($first: Int, $after: String, $orderBy: AuditLogOrder = {direction: DESC, field: TIMESTAMP}, $resourceMrn: String!) { + auditlog( + first: $first + after: $after + orderBy: $orderBy + resourceMrn: $resourceMrn + ) { + totalCount + edges { + cursor + node { + identity { + name + mrn + } + resource + action + timestamp + msg + } + } + pageInfo { + startCursor + endCursor + hasNextPage + } + } +}" +} + +$ curl -g -X POST -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" -d @query.json https://api.edge.mondoo.com/query | jq +{ + "data": { + "auditlog": { + "totalCount": 36, + "edges": [ + { + "cursor": "172213", + "node": { + "identity": { + "name": "Jane Doe", + "mrn": "//captain.api.mondoo.app/users/26OR1GOGsqmfjXOOO8joxgJDdtM" + }, + "resource": "//agents.api.mondoo.app/organizations/mondoo-organization-1/serviceaccounts/2e3NzLkD73yQe7MTJZLw3", + "action": "mondoo.agents.AgentManager.CreateServiceAccount", + "timestamp": "2024-03-22T17:46:03Z", + "msg": "created service account" + } + }, + { + "cursor": "143156", + "node": { + "identity": { + "name": "John Smith", + "mrn": "//captain.api.mondoo.app/users/1zYNjiRERS59LsS8iCloxPxbxLo" + }, + "resource": "//captain.api.mondoo.app/users/2AdPauBAGEqnOjIFXx6AIyWrhxh", + "action": "mondoo.captain.Captain.SetOrganizationMembership", + "timestamp": "2024-01-30T00:01:04Z", + "msg": "owner added" + } + }, +... +``` + ## Get help Can't find what you need? Join our community Slack channel to chat with us and other Mondoo users.