IntegrationServices Audit Log v3 API Migration

Overview

This is to assist in migrating integrations from integrationServices/v3/auditlogs API to Audit Logs API.

In this document, you will find

Brief overview of the key differences and new features with the Audit Log API
A mapping of deprecated v3 Audit Log API endpoint to related new Audit Log endpoint including schema changes

Guides and Resources

Audit Log API Documentation
After migrating, learn how to increase security by removing unused API keys.
Syslog Connector 2.0

Key Differences

The new Audit Log API provides the following new endpoints:

The expanded functionality enables you to filter to exactly what you want to monitor or export data to perform quarter/annual audits of your organization.

The Audit Log schema maintains the same information through the description with a few modified field names and update timestamp to meet our standard ISO 8601 UTC format. See Schema Changes below.

API Endpoints

Operation	Legacy v3 Audit Log Endpoint	New Audit Log API Endpoint
Get Audit Logs	`GET /integrationServices/v3/auditlogs`	`GET /audit_log/v1/orgs/{org_key}/logs/_queue`

Examples

HTTP

Request

GET https://defense.conferdeploy.net/audit_log/v1/orgs/ABCD1234/logs/_queue

Request Headers

X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"

Response Body

{
    "num_found": 2,
    "num_available": 2,
    "results": [
        {
            "org_key": "ABCD1234",
            "actor_ip": "50.215.71.123",
            "actor": "user1@mydomain.com",
            "request_url": null,
            "description": "Logged in successfully",
            "create_time": "2023-11-02T18:13:44.276Z"
        },
        {
            "org_key": "ABCD1234",
            "actor_ip": "50.215.71.123",
            "actor": "user1@mydomain.com",
            "request_url": null,
            "description": "Logged in successfully",
            "create_time": "2023-11-02T16:29:59.793Z"
        }
    ]
}

To download or review the Carbon Black Cloud Postman collection, click here.

Schema Changes

The following tables contains the fields to be substituted when migrating to the Audit Log API.

Fields that are marked DEPRECATED do not have an equivalent in the Alert v7 API or Alert Forwarder Schema v2.

Legacy Field	New Field
`clientIp`	`actor_ip`
`description`	`description`
`eventId`	`DEPRECATED`
`eventTime`	`create_time`
`flagged`	`DEPRECATED`
`loginName`	`actor`
`orgName`	`org_key`
`requestUrl`	`request_url`
`verbose`	`DEPRECATED`

Carbon Black Cloud Python SDK Migration

Coming Soon!

Give Feedback

New survey coming soon!

Last modified on March 18, 2024

Carbon Black Cloud

Page Contents