GET Audit ID

The GET /Audit/{id} method is used to retrieve details for a specified audit entry. This method returns HTTP 200 OK on a success with audit log details.

Tip:  The following permissions (see Security Overview) are required to use this feature:

Auditing: Read

Table 178: GET Audit {id} Input Parameters

Name In Description
id Path Required. The ID of the audit log entry to retrieve.

Use the GET /Audit method (see GET Audit) to retrieve a list of all the audit log entries to determine the audit log entry ID.

Table 179: GET Audit {id} Response Data

Name Description
Id The ID of the specified audit log entry.
TimeStamp The timestamp (UTC) on the audit log entry indicating when the action performed occurred.
Message XML data on the audit event.
Signature The signature on the audit entry.
Category

An integer identifying the category of the audit entry. ClosedShow audit categories.

Value

 Subcategory Name

Description

2001

 Certificate

Certificate

2001

 AuditingCertificateScheduledReplacement

Auditing Certificate Scheduled Replacement

2001

 AuditingCertificateRequest

Certificate Request

2002

 ApiApplication

APIClosed A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. Application

2003

 TemplateClosed A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.

Template

2004

 CertificateQuery

Certificate CollectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports)./Query

2005

 ExpirationAlert

Expiration Alert

2005

 ExpirationAlertDefinitionContextModel

Expiration Alert

2006

 PendingAlert

Pending Alert

2006

 PendingAlertDefinitionContextModel

Pending Alert

2007

 ApplicationSetting

Application Setting

2008

 IssuedAlert

Issued Alert

2008

 IssuedAlertDefinitionContextModel

Issued Alert

2009

 DeniedAlert

Denied Alert

2009

 DeniedAlertDefinitionContextModel

Denied Alert

2010

 ADIdentityModel

Security Identity

2011

 SecurityRole

Security Role

2012

 AuthorizationFailure

Authorization Failure

2013

 CertificateSigningRequest

CSRClosed A CSR or certificate signing request is a block of encoded text that is submitted to a CA when enrolling for a certificate. When you generate a CSR within Keyfactor Command, the matching private key for it is stored in Keyfactor Command in encrypted format and will be married with the certificate once returned from the CA.

2014

 ServerGroup

SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. Server Group

2015

 Server

SSH Server
2016 DiscoveredKey Rogue KeyClosed A rogue key, in the context of Keyfactor Command, is an SSH public key that appears in an authorized_keys file on a server managed by the SSH orchestrator without authorization. for Logon
2016 Key SSH Key

2017

 ServiceAccount

SSH Service Account

2018

 Logon

SSH Logon

2019

 SshUser

SSH User

2020

 KeyRotationAlertDefinitionContextModel

SSH Key Rotation Alert
2021 CertificateStore Certificate Store
2022 JobType OrchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. Job Type
2023 AgentSchedule Orchestrator Job
2024 BulkAgentSchedule Bulk Orchestrator Job
2025 CertificateStoreContainer Store Container
2026 Agent Orchestrator
2027 RevocationMonitoring Monitoring
2028 License License
2029 WorkflowDefinition WorkflowClosed A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. Definition
2030 WorkflowInstance Workflow Instance
2031 WorkflowInstanceSignal Workflow Instance Signal
Tip:  To do a query by category, use the subcategory string. For example, the following query would return audit records for categories 2023, 2024, and 2026 since they all contain "Agent" in the subcategory:
category -contains "Agent"
Operations

An integer identifying the operation of the audit entry. ClosedShow audit operations.
Level

The alert level of the audit log entry. ClosedShow audit levels.
User The user who performed the audit event in DOMAIN\username format.
EntityType The category of the object being audited (e.g. Template, Certificate).
AuditIdentifier An identifier of the object being audited (e.g. the template name for a template, the CNClosed A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). for a certificate). It is important to note that this is a value that is typically used for easy identification of an object, but is not necessarily unique, and is subject to change.
ImmutableIdentifier The fixed ID of the auditable event in the Keyfactor database.