GET Audit Related Entities

The GET /Audit/RelatedEntities method returns a list of all audit entries and all audit entries related to those audit entries. Query parameters enable filtering using defined criteria, control over pagination by specifying the page number and return limit, and customization of sorting based on specified fields and order. This method returns HTTP 200 OK on a success with the information requested.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/auditing/read/

Table 303: GET Audit Related Entities Input Parameters

Name	In	Description
QueryString	Query	A string containing a query to limit the results (e.g., field1 -eq value1 AND field2 -gt value2). The default is to return all records. Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns for the same feature. For querying guidelines, refer to: Using the Audit Log Search Feature. The query fields supported for this endpoint are: Name (EntityIdentifier) Category (EntityType) (see Table 300: GET Audit Response Data for codes) ImmutableIdentifier Level (see Table 300: GET Audit Response Data for codes) Operation (see Table 300: GET Audit Response Data for codes) PropertyChanged Timestamp ActingUser Tip: In order to return related entries, your queryString needs to query for the specific immutable identifier of the audit record for which you wish to see related entries. For example: ImmutableIdentifier -eq 707662
PageReturned	Query	An integer that specifies how many multiples of the returnLimit to skip and offset by before returning results, to enable paging. The default is 1.
ReturnLimit	Query	An integer that specifies how many results to return per page. The default is 50. Very large values can result in long processing time.
SortField	Query	A string containing the property by which the results should be sorted. Fields available for sorting through the API include: Category ImmutableIdentifier Level Operation Timestamp Available sort fields are affected by the query provided in QueryString. The default sort field is Timestamp.
SortAscending	Query	An integer that sets the sort order on the returned results. A value of 0 sorts results in ascending order while a value of 1 sorts results in descending order. The default is ascending.

Table 304: GET Audit Related Entities Response Data

Name

Description

The ID of the specified audit log entry.

TimeStamp

The timestamp (UTC) on the audit log entry indicating when the action performed occurred.

Message

XML data on the audit event. Also known as the XMLMessage in some interfaces.

Signature

The signature on the audit entry.

Category

An integer identifying the category of the audit entry. Show audit categories.

Value	Subcategory Name	Description
2001	Certificate	Certificate
2001	Auditing Certificate Scheduled Replacement	Auditing Certificate Scheduled Replacement
2001	Auditing Certificate Request	Certificate Request
2002	ApiApplication	API Application
2003	Template	Template
2004	CertificateQuery	Certificate Collection/Query
2005	ExpirationAlert	Expiration Alert
2005	Expiration Alert Definition Context Model	Expiration Alert
2006	PendingAlert	Pending Alert
2006	Pending Alert Definition Context Model	Pending Alert
2007	ApplicationSetting	Application Setting
2008	IssuedAlert	Issued Alert
2008	Issued Alert Definition Context Model	Issued Alert
2009	DeniedAlert	Denied Alert
2009	Denied Alert Definition Context Model	Denied Alert
2010	ADIdentityModel	Security Identity
2011	SecurityRole	Security Role
2012	AuthorizationFailure	Authorization Failure
2013	CertificateSigningRequest	CSR
2014	ServerGroup	SSH Server Group
2015	Server	SSH Server
2016	DiscoveredKey	Rogue Key for Logon
2016	Key	SSH Key
2017	ServiceAccount	SSH Service Account
2018	Logon	SSH Logon
2019	SshUser	SSH User
2020	Key Rotation Alert Definition Context Model	SSH Key Rotation Alert
2021	CertificateStore	Certificate Store
2022	JobType	Orchestrator Job Type
2023	AgentSchedule	Orchestrator Job
2024	Bulk Agent Schedule	Bulk Orchestrator Job
2025	Certificate Store Container	Store Container
2026	Agent	Orchestrator
2027	Revocation Monitoring	Monitoring
2028	License	License
2029	WorkflowDefinition	Workflow Definition
2030	WorkflowInstance	Workflow Instance
2031	WorkflowInstanceSignal	Workflow Instance Signal
2032	IdentityProvider	Identity Provider
2033	RoleClaimDefinition	Claim Definition
2034	PermissionSet	Permission Set
2035	EnrollmentPatterns	Enrollment Pattern

Tip: To do a query by category, use the subcategory string. For example, the following query would return audit records for categories 2023, 2024, and 2026 since they all contain “Agent" in the subcategory:

category -contains "Agent"

Operation

An integer identifying the operation of the audit entry. Show audit operations.

Value	Description
1	Created
2	Updated
3	Deleted
4	Approved
5	Denied
6	Revoked
7	Downloaded
8	Deleted Private Key
9	Renewed
10	Encountered
11	Scheduled Replacement
12	Recovered
13	Imported
14	Removed from Hold
15	Scheduled Add
16	Scheduled Removal
17	Download with Private Key
18	Scheduled
19	Reset
20	Disapproved
21	Restarted
22	Sent
23	Failed
24	Completed
25	Rejected
26	Revoked from Revoke All Operation
27	Login
28	Logout

Level

An integer indicating the alert level of the audit log entry. Show audit levels.

Value	Description
0	Information
1	Warning
2	Failure

User

The user who performed the audit event in DOMAIN\username format.

EntityType

The category of the object being audited (e.g., Template, Certificate).

AuditIdentifier

An identifier of the object being audited (e.g., the template name for a template, the CN for a certificate). It is important to note that this is a value that is typically used for easy identification of an object, but is not necessarily unique, and is subject to change.

ImmutableIdentifier

The fixed ID of the auditable event in the Keyfactor database.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Was this page helpful? Provide Feedback

Version v25.3

On this page: