Book a demo

getLogs

Retrieve audit logs based on specified filters and criteria.

Examples

query GetLogs($input: GetLogsInput) {
  getLogs(input: $input) {
    id
    date
    logType
    logName
    userId
    userEmail
    name
    appId
    appName
    registry
    dockerfile
    connector
    credentialsType
    resourceCount
    resources
    branches {
      branch
      reason
    }
    repoName
    reposCount
    hostUrl
    monitorAllResources
    scanId
    enabledConnectors
    loginType
    domain
    memberEmail
    disclaimerType
    memberRoles
    memberScopes
    appNames
    businessPriority
    owners
    ownersWithRoles {
      owner
      email
      roles
    }
    roles
    generatedForOrg
    downloadFormat
    generatedFrom
    comment
    excluded
    removed
    issueName
    issueId
    profileId
    profileName
    activeProfile
    settingsType
    disabled
    configured
    textArr
    policies {
      policyId
      policyName
      categoryName
      enabled
      severity
      oldIssues
      newIssues
      args
    }
    slackUser
    channel
    key
    ticketId
    ticketingVendor
    messagingVendor
    user
    link
    categoryName
    categoryId
    expiredAt
    prId
    prURL
    sourceControlType
    aggItems
    excludedIssues {
      appNames
      issueId
      issueName
      categoryName
      comment
      expiredAt
    }
    fixTitle
    severity
    oldSeverity
    tagsAdded
    tagsRemoved
    workflowType
    workflowName
    nodeName
    nodeType
    workflowId
    description
    enabled
    monitorAllNewlyCreatedRepositories
    monitoredApps
    secretName
    filterName
    pageName
    apiKeyName
    apiKeyType
    createdBy
    apiKeyCreatedAt
    apiKeyExpiredAt
    orgUnitName
    orgUnitId
    tags
    pipelineSettingsV2 {
      isDefaultSettings
      isGithubConnected
      isBitbucketConnected
      isGitlabConnected
      apps
      settings
      branchSettings
    }
    children
    updateSlaSettings
    irrelevantComment
    sla
    emailType
    emailSubject
  }
}

Variables

This is an example input showing all available input fields. Only fields marked as required in the schema are mandatory.

{
  "input": {
    "logTypes": ["Authentication"],
    "logNames": ["AddCredentials"],
    "userEmails": ["example"],
    "limit": 100,
    "skip": 0,
    "orderBy": {
      "field": "example",
      "direction": "ASC"
    },
    "dateRange": {
      "from": "1672531200000",
      "to": "1704067199000"
    }
  }
}

Arguments

You can use the following argument(s) to customize your getLogs query.

Argument
Description
Supported fields

input GetLogsInput

Filter and pagination parameters for retrieving audit logs

logTypes [LogType!] logNames [LogName!] userEmails [String!] limit Float skip Float orderBy LogOrderBy dateRange LogDateRange

Fields

Return type: [AuditLog!]!

You can use the following field(s) to specify what information your getLogs query will return. Please note that some fields may have their own subfields.

Field
Description
Supported fields

id String!

Unique identifier of the audit log entry

date DateTime!

Timestamp when the event occurred. Records are automatically expired after 365 days

logType LogType!

Category of the event (e.g., Authentication, Login, Scan)

logName LogName!

Specific action or event name within the category

userId String!

Unique identifier of the user who performed the action

userEmail String!

Email address of the user who performed the action

name String

Name of the container or organization involved in the event

appId String

Unique identifier of the application associated with the container

appName String

Name of the application associated with the container

registry String

Container registry information

dockerfile String

Path or content of the Dockerfile used

connector String

Name or identifier of the external service connector

credentialsType String

Type of credentials used for authentication

resourceCount Float

Number of resources affected or monitored

resources [String!]

List of resource identifiers being monitored

branches [MultipliedBranchWithReason!]

List of branches selected for scanning with their selection reasons

branch String! reason String!

repoName String

Name of the repository being scanned

reposCount Float

Total number of repositories affected

hostUrl String

URL of the external service or repository host

monitorAllResources Boolean

Whether all available resources are being monitored

scanId String

Unique identifier of the security scan

enabledConnectors [String!]

List of connectors enabled for the scan

loginType String

Authentication method used for login

domain String

Domain associated with the authentication or login event

memberEmail String

Email address of the member involved in the event

disclaimerType String

Type of disclaimer that was accepted

memberRoles [String!]

Roles assigned to the member

memberScopes String

Permission scopes granted to the member

appNames [String]

Names of applications involved in the event

businessPriority Float

Business priority level assigned to the application

owners [String!]

List of application owner identifiers

ownersWithRoles [Owner!]

Detailed information about application owners including their roles

owner String email String roles [String!]

roles [String!]

List of roles associated with the event

generatedForOrg Boolean

Indicates if the file was generated for the entire organization

downloadFormat String

Format of the downloaded file (e.g., JSON, CSV)

generatedFrom String

Source or context from which the file was generated

comment String

User-provided comment or explanation for the action

excluded Boolean

Indicates if an issue was marked as a false positive

removed Boolean

Indicates if a resolved issue was marked as incorrectly resolved

issueName String

Name or title of the security issue

issueId String

Unique identifier of the security issue

profileId String

Identifier of the security policy profile

profileName String

Name of the security policy profile

activeProfile Boolean

Indicates if this is the active security policy profile

settingsType String

Type of system settings being modified

disabled Boolean

Indicates if the feature or setting is disabled

configured Float

Configuration value or count

textArr String

Array of text values in string format

policies [LogPolicy!]

List of security policies affected by the event

policyId String policyName String categoryName String enabled Boolean severity String oldIssues String newIssues String args String

slackUser String

Slack username associated with the event

channel String

Slack channel where the notification was sent

key String

Unique key or identifier in the external system

ticketId String

Ticket identifier in the external ticketing system

ticketingVendor String

Name of the ticketing system vendor (e.g., Jira, ServiceNow)

messagingVendor String

Name of the messaging system vendor

user String

Username in the external system

link String

URL or link to the external resource

categoryName String

Category name of the security issue or code fix

categoryId Float

Numeric identifier of the issue category

expiredAt DateTime

Expiration date of the exclusion

prId String

Pull request identifier

prURL String

URL of the pull request

sourceControlType String

Type of source control system (e.g., GitHub, GitLab)

aggItems String

Aggregated items in string format

excludedIssues [ExcludedIssue!]

List of issues excluded from security scanning

appNames [String!] issueId String! issueName String! categoryName String! comment String expiredAt String

fixTitle String

Title of the applied fix

severity String

Current severity level of the issue

oldSeverity String

Previous severity level of the issue

tagsAdded [String!]

Tags added to the application

tagsRemoved [String!]

Tags removed from the application

workflowType String

Type of the policy workflow

workflowName String

Name of the policy workflow

nodeName String

Name of the workflow node

nodeType String

Type of the workflow node

workflowId String

Unique identifier of the workflow

description String

Description of the workflow

enabled Boolean

Indicates if the workflow is enabled

monitorAllNewlyCreatedRepositories Float

Number of newly created repositories to monitor

monitoredApps [String!]

List of applications being monitored by the workflow

secretName String

Name of the secret

filterName String

Name of the saved filter

pageName String

Page where the filter is applied

apiKeyName String

Name of the API key

apiKeyType String

Type of the API key

createdBy String

User who created the API key

apiKeyCreatedAt DateTime

Creation date of the API key

apiKeyExpiredAt DateTime

Expiration date of the API key

orgUnitName String

Name of the organization unit

orgUnitId ID

Unique identifier of the organization unit

tags [String!]

Tags associated with the organization unit

pipelineSettingsV2 PipelineSettingsV2

Enhanced CI/CD pipeline configuration settings

isDefaultSettings Boolean! isGithubConnected Boolean isBitbucketConnected Boolean isGitlabConnected Boolean apps JSONObject settings JSONObject branchSettings JSONObject

children [ID!]

Child organization unit identifiers

updateSlaSettings String

Changes made to SLA settings

irrelevantComment String

Reason for marking an application as irrelevant

sla Float

SLA time value in hours

emailType String

Type of email notification sent

emailSubject String

Subject line of the email notification

Last updated