GET Audit ID

The GET /Audit/{id} method is used to retrieve details for a specified audit entry. This method returns HTTP 200 OK on a success with audit log details.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/auditing/read/

Table 233: GET Audit {id} Input Parameters

Name	In	Description
id	Path	Required. The ID of the audit log entry to retrieve. Use the GET /Audit method (see GET Audit) to retrieve a list of all the audit log entries to determine the audit log entry ID.

Table 234: GET Audit {id} Response Data

Name

Description

The ID of the specified audit log entry.

TimeStamp

The timestamp (UTC) on the audit log entry indicating when the action performed occurred.

Message

XML data on the audit event.

Signature

The signature on the audit entry.

Category

An integer identifying the category of the audit entry. Show audit categories.

Value	Subcategory Name	Description
2001	Certificate	Certificate
2001	Auditing Certificate Scheduled Replacement	Auditing Certificate Scheduled Replacement
2001	Auditing Certificate Request	Certificate Request
2002	ApiApplication	API Application
2003	Template	Template
2004	CertificateQuery	Certificate Collection/Query
2005	ExpirationAlert	Expiration Alert
2005	Expiration Alert Definition Context Model	Expiration Alert
2006	PendingAlert	Pending Alert
2006	Pending Alert Definition Context Model	Pending Alert
2007	ApplicationSetting	Application Setting
2008	IssuedAlert	Issued Alert
2008	Issued Alert Definition Context Model	Issued Alert
2009	DeniedAlert	Denied Alert
2009	Denied Alert Definition Context Model	Denied Alert
2010	ADIdentityModel	Security Identity
2011	SecurityRole	Security Role
2012	AuthorizationFailure	Authorization Failure
2013	CertificateSigningRequest	CSR
2014	ServerGroup	SSH Server Group
2015	Server	SSH Server
2016	DiscoveredKey	Rogue Key for Logon
2016	Key	SSH Key
2017	ServiceAccount	SSH Service Account
2018	Logon	SSH Logon
2019	SshUser	SSH User
2020	Key Rotation Alert Definition Context Model	SSH Key Rotation Alert
2021	CertificateStore	Certificate Store
2022	JobType	Orchestrator Job Type
2023	AgentSchedule	Orchestrator Job
2024	Bulk Agent Schedule	Bulk Orchestrator Job
2025	Certificate Store Container	Store Container
2026	Agent	Orchestrator
2027	Revocation Monitoring	Monitoring
2028	License	License
2029	WorkflowDefinition	Workflow Definition
2030	WorkflowInstance	Workflow Instance
2031	WorkflowInstanceSignal	Workflow Instance Signal
2032	IdentityProvider	Identity Provider
2033	RoleClaimDefinition	Claim Definition
2034	PermissionSet	Permission Set

Tip: To do a query by category, use the subcategory string. For example, the following query would return audit records for categories 2023, 2024, and 2026 since they all contain “Agent" in the subcategory:

category -contains "Agent"

Operations

An integer identifying the operation of the audit entry. Show audit operations.

Value	Description
1	Created
2	Updated
3	Deleted
4	Approved
5	Denied
6	Revoked
7	Downloaded
8	Deleted Private Key
9	Renewed
10	Encountered
11	Scheduled Replacement
12	Recovered
13	Imported
14	Removed from Hold
15	Scheduled Add
16	Scheduled Removal
17	Download with Private Key
18	Scheduled
19	Reset
20	Disapproved
21	Restarted
22	Sent
23	Failed
24	Completed
25	Rejected
26	Revoked from Revoke All Operation
27	Login
28	Logout

Level

The alert level of the audit log entry. Show audit levels.

Value	Description
0	Information
1	Warning
2	Failure

User

The user who performed the audit event in DOMAIN\username format.

EntityType

The category of the object being audited (e.g. Template, Certificate).

AuditIdentifier

An identifier of the object being audited (e.g. the template name for a template, the CN for a certificate). It is important to note that this is a value that is typically used for easy identification of an object, but is not necessarily unique, and is subject to change.

ImmutableIdentifier

The fixed ID of the auditable event in the Keyfactor database.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Version v24.4.1

On this page: