View activity log

get

https://cloud.tenable.com/audit-log/v1/events

Returns a list of activity log events for all users in your organization's Tenable Vulnerability Management account.

Each event includes details such as the timestamp, action taken, actor, and other relevant metadata. You can apply filters to narrow the results and specify the number of events to return. By default, the response includes up to 50 events.

For more information, see Activity Logs in the developer documentation.

Note: Tenable retains activity log data for three years, after which it is permanently deleted from the database.

Requires the Administrator [64] user role. See Roles.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Query Params

array of strings

A filter condition in the field.operator:value format. Filter conditions can include:

date.gt:<ISO Date/Time>—Returns events only if the timestamp when the events occurred is after the date or time you specify. For example: f=date.gt:2017-12-31, f=date.gt:2017-12-31T13:14:15.678Z
date.gte:<ISO Date/Time>—Returns events only if the timestamp when the events occurred is at or after the date or time you specify. For example: f=date.gte:2017-12-31, f=date.gte:2017-12-31T13:14:15.678Z
date.lt:<ISO Date/Time>—Returns events only if the timestamp when the events occurred is before the date or time you specify. For example: f=date.lt:2017-12-31, f=date.lt:2023-03-04T14:15:16.123-05:30
date.lte:<ISO Date/Time>—Returns events only if the timestamp when the events occurred is at or before the date or time you specify. For example: f=date.lte:2017-12-31, f=date.lte:2023-03-04T14:15:16.123-05:30
actor_id.eq:<UUID>—Returns only the events with a matching actor UUID. For example: f=actor_id.eq:ee512c41-282e-489c-a2cf-8bda1151e630
target_id.eq:<UUID>—Returns only the events with a matching target UUID. For example: f=target_id.eq:ee512c41-282e-489c-a2cf-8bda1151e630
action.eq:<String>—Returns only the events with a matching action. For example: f=action.eq:audit.log.view

You can specify multiple f parameters, separated by ampersand (&) characters. For example: ?f=date.gte:2019-12-30&f=date.lt:2019-12-31&f=actor_id.eq:f54eeec5-84e0-44bb-9ebe-64898bea0e59&limit=5000

string

If multiple f parameters are present, specifies whether an AND or OR condition is applied to the filters. Supported values are and and or. If you omit this parameter when using multiple f parameters, Tenable applies and by default.

limit

int32

The maximum number of records to retrieve per request. If this parameter is omitted, Tenable uses the default value of 50. For offset-based pagination, the maximum number of events that can be retrieved in a single page is 10000. For example: limit=10000. For cursor-based pagination, the maximum number of events that can be retrieved in a single page is 500.

string

For cursor-based pagination, the cursor position for the next page. For the initial request, use a value 0. For subsequent requests, set this parameter to the value found in the pagination.next property of the previous response.

offset

int32

For offset-based pagination, the starting record to retrieve. If this parameter is omitted, Tenable uses the default value of 0.

Note: Offset-based pagination is limited to 10,000 records. Use cursor-based pagination (next) instead if you need to retrieve more than 10,000 records.

sort

string

The field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). For example, received:desc would sort results by the received field in descending order.

Note: Currently, the only field that can be used to sort is received.

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

403

Returned if you do not have permission to view the activity log.

200Returned if the activity log was successfully retrieved.

429Returned if you attempt to send too many requests in a specific period of time. For more information, see Rate Limiting.