Audit the Changes Made by Aternity Users with Rest API (version 2.0)

Use CHANGE_AUDIT_LOG to get audit records of configuration changes that were made by Aternity users via administration screens in the Aternity console.

For example, use CHANGE_AUDIT_LOG REST API to see who removed, added or updated a user in the Aternity > the Gear Icon > Users screen. (More examples: see who changed passwords, who created/changed/removed a remediation script, who added/changed/removed an SDA alert rule, and more.

By default, this view only shows events for the last 24 hours. To see history data, add $filter=relative_time() like, .../API_NAME?$filter=relative_time(last_x_hours) or last_x_days). For example, to get the data for the last 30 days, use the URL http://[Server]/aternity.odata/latest/CHANGE_AUDIT_LOG?$filter=relative_time(last_30_days)

Note

About how long Aternity keeps this data (retention period) and how far back you can go, as well as about how many hours or days of data Aternity returns by default read here.

Before You Begin

To send a REST API query in Excel, PowerBI or a browser, enter the URL of the REST API, your Aternity username (must have the OData REST API role) and its password. You can find this by selecting User icon > REST API Access. SSO users must generate (once) and use a special password, as Aternity's REST API does not authenticate with your enterprise's identity provider.

To view Aternity REST API, enter the base URL from Aternity > User icon > REST API Access, followed by the name of the API into a browser, Excel or PowerBI (learn more). For VIEWING, use <base_url>/latest/API_NAME; for INTEGRATIONS, use <base_url>/<version number>/API_NAME (for example, <base_url>/v1/API_NAME, or <base_url>/v1.0/API_NAME, or <base_url>/v2/API_NAME, or <base_url>/v2.0/API_NAME).

Get the latest REST API version for analyzing in the external app
Tip

Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more.

Examples

To access this API from a browser, Excel or Power BI (learn more), enter <base_url>/CHANGE_AUDIT_LOG

Use change_audit_log?$filter=change_type eq 'REMOVE_USER' to see who removed some user from Aternity.

Supported Parameters

You can view the data by entering the URL into Excel, into a browser, or into or any OData compatible application such as Power BI.

You can add parameters to the URL to filter the returned data, by adding a question mark (?) followed by a parameter and value, such as .../API_NAME?$filter=(USERNAME eq 'jsmith@company.com'), or several parameter-value pairs each separated by an ampersand (&), like .../API_NAME?$format=xml&$top=5.

Query Options Description
$select=

Use $select to return only specific columns (attributes), to make queries more efficient: ...API_NAME?$select=COL1,COL2,COL3

$format=

Use $format to force the returned data to be either in XML or JSON format. This is only useful for testing the raw data in a web browser. For example: .../API_NAME?$format=xml

$orderby=

Use $orderby to sort the returned data according to the value you choose. For example, .../API_NAME?$orderby=LOCATION

$top=

Use $top (lower case only) when you are initially testing the response of the API by returning the first few entries.

Also, use $top to filter the returned data and to return only the first N entries.

For example, to return the first five entries (not sorted), use: ...API_NAME?$top=5

$filter=

Use $filter to insert conditions that narrow down the data, to return only entries where those conditions are true..

To limit the timeframe of a query, add $filter=relative_time() like, .../API_NAME?$filter=relative_time(last_x_hours) or (last_x_days). Learn more.

Create conditions for filtering with any of the following operators:

Query Operators Description
eq

Equal to

For example, COL4 eq 'val4'

ne

Not equal to

For example, COL4 ne 'val4'

gt

Greater than

For example, COL4 gt 'val4'

ge

Greater than or equal

For example, COL4 ge 'val4'

lt

Less than

For example, COL4 lt 'val4'

le

Less than or equal

For example, COL4 le 'val4'

and

Logical and

For example, COL1 eq 'value1' and COL2 ne 'value2'

or

Logical or

For example, COL1 eq 'value1' or COL2 ne 'value2'

not

Logical negation

Create conditions for filtering with any of the following functions:

Query Functions Description
startswith

For example, $filter=startswith(account_name,'Aternity')

endswith

For example, $filter=endswith(account_name,'Aternity')

contains

$filter=contains(COL5,'val5')

For example, $filter=contains(account_name,'Aternity')

in()

Instead of using AND, OR:

$filter=device_name eq ‘adam_covert_wks’ or device_name eq ‘adam_covert_vdi’ or device_name eq ‘adam_covert_tablet’

You can now use:

$filter=in(device_name,‘adam_covert_wks’,‘adam_covert_vdi’,‘adam_covert_tablet’)

Read carefully specific instructions for writing this function:
  • In must be followed directly by the opening parenthesis (no space allowed)

  • The first parameter is the field name (case insensitive)

  • The function requires at least two parameters, the field name and at least one field value

  • The rest of the parameters are the optional values that the field can have (i.e. the values we want to filter in) also case insensitive

  • Values are separated by comma and no spaces allowed

  • The maximum number of values in all clauses is 1,500 (e.g. It is possible to have 1 In() with 1500 values, or 2 In() clauses with 750 each).

  • The last value must be followed by the closing parenthesis (no space allowed)

  • In() can be combined with any other filter using AND or OR

  • There can be more than one in() function in a filter. For example, $filter=in(location,’loc1’,’loc2’) or in(subnet,’sub1’sub2’). Another example, $filter=in(location,’loc1’,’loc2’) and in(subnet,’sub1’sub2’)

relative_time(last_x_hours)

Limit the timeframe of a query.

If no relative_time filter is used to set a specific timeframe, Aternity will return the default last N days worth of data. Default values vary for different APIs. Learn here about specific REST API.

Use operators with parentheses to group conditions logically: .../API_NAME?$filter=(COLUMN1 eq 'value1' or COL2 neq 'val2') and (COL3 gt number) and not (COL4 eq 'val4' or contains(COL5,'val5'))

$search is NOT supported.

Do not use $search in Aternity's REST APIs.

Tip

Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more.

Output

You can access data using this API (retention) going back up to 180 days. If you do not add a relative_time filter, by default Aternity returns data for the past 24 hours.

The returned columns are:

Account_ID,Audit_Action,Audit_Details,Audit_Filter_Num 1-3,Audit_Filter_STR 1-3,Audit_ID,Audit_Type,Account_Name,Time,User_Name