GET Audit ID

The GET /Audit/{id} method is used to retrieve details for a specified audit entry. This method returns HTTP 200 OK on a success with audit log details.

Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:

/auditing/read/

Table 271: GET Audit {id} Input Parameters

Name In Description
id Path Required. The ID of the audit log entry to retrieve.

Use the GET /Audit method (see GET Audit) to retrieve a list of all the audit log entries to determine the audit log entry ID.

Table 272: GET Audit {id} Response Data

Name

Description
Id The ID of the specified audit log entry.
TimeStamp The timestamp (UTC) on the audit log entry indicating when the action performed occurred.
Message XML data on the audit event. Also known as the XMLMessage in some interfaces.
Signature The signature on the audit entry.
Category

An integer identifying the category of the audit entry. ClosedShow audit categories.

Value

 Subcategory Name

Description

2001

 Certificate

Certificate

2001

 Auditing Certificate Scheduled Replacement

Auditing Certificate Scheduled Replacement

2001

 Auditing Certificate Request

Certificate Request

2002

 ApiApplication

API Application

2003

 Template

Template

2004

 CertificateQuery

Certificate Collection/Query

2005

 ExpirationAlert

Expiration Alert

2005

 Expiration Alert Definition Context Model

Expiration Alert

2006

 PendingAlert

Pending Alert

2006

 Pending Alert Definition Context Model

Pending Alert

2007

 ApplicationSetting

Application Setting

2008

 IssuedAlert

Issued Alert

2008

 Issued Alert Definition Context Model

Issued Alert

2009

 DeniedAlert

Denied Alert

2009

 Denied Alert Definition Context Model

Denied Alert

2010

 ADIdentityModel

Security Identity

2011

 SecurityRole

Security Role

2012

 AuthorizationFailure

Authorization Failure

2013

 CertificateSigningRequest

CSR

2014

 ServerGroup

SSH Server Group

2015

 Server

SSH Server
2016 DiscoveredKey Rogue Key for Logon
2016 Key SSH Key

2017

 ServiceAccount

SSH Service Account

2018

 Logon

SSH Logon

2019

 SshUser

SSH User

2020

 Key Rotation Alert Definition Context Model

SSH Key Rotation Alert
2021 CertificateStore Certificate Store
2022 JobType Orchestrator Job Type
2023 AgentSchedule Orchestrator Job
2024 Bulk Agent Schedule Bulk Orchestrator Job
2025 Certificate Store Container Store Container
2026 Agent Orchestrator
2027 Revocation Monitoring Monitoring
2028 License License
2029 WorkflowDefinition Workflow Definition
2030 WorkflowInstance Workflow Instance
2031 WorkflowInstanceSignal Workflow Instance Signal
2032 IdentityProvider Identity Provider
2033 RoleClaimDefinition Claim Definition
2034 PermissionSet Permission Set
2035 EnrollmentPatterns Enrollment Pattern
Tip:  To do a query by category, use the subcategory string. For example, the following query would return audit records for categories 2023, 2024, and 2026 since they all contain “Agent" in the subcategory:
category -contains "Agent"
Operation

An integer identifying the operation of the audit entry. ClosedShow audit operations.
Level

An integer indicating the alert level of the audit log entry. ClosedShow audit levels.
User The user who performed the audit event in DOMAIN\username format.
EntityType The category of the object being audited (e.g. Template, Certificate).
AuditIdentifier An identifier of the object being audited (e.g. the template name for a template, the CN for a certificate). It is important to note that this is a value that is typically used for easy identification of an object, but is not necessarily unique, and is subject to change.
ImmutableIdentifier The fixed ID of the auditable event in the Keyfactor database.
Tip:  See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflowClosed A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon () at the top of the Management Portal page next to the Log Out button.