Get Access Activities

API version3.0
Last Update05/22/2018
AuthenticationYES
HTTP MethodPOST
Content Typeapplication/json
Rate limitedYES
Requests per rate limit10/min
Response FormatJSON

MetaDefender IT-OT Access records access activities when a device accesses to SaaS applications. To retrieve access activities on your account, you can use this API. You can filter access activities you concern.

API URL

Copy

Request Parameters

KeyDatatypeParameter TypeRequiredDescriptionDefault
access_tokenstringURLYesaccess token which archived from OAuth authentication step
limitintBodyOptionalSpecific maximum number of access activities will be returned in the response. The value should be in [1,50]. If there are more event logs than what the limit asks for, error code will be 406. Access activities in response is ordered by date.50
pageintBodyOptionalSpecific page number which access activities will be returned in. If the requested page exceeds the number of pages of access activities, error code will be 413. It means that the requested page number is too large, no devices will be returned in this case.1
start_datestringBodyOptionalSpecific the start date for the query duration. Starting date of the query. Format: MM/DD/YYYY in UTC timezone
end_datestringBodyOptionalSpecific the end date for the query duration. It must be greater than start_date. Format: MM/DD/YYYY in UTC timezone
ageintBodyOptionalSpecify age of the information in last hours. This parameter will be skipped if start_date and end_date parameters are set in the json input For example: if you want to query event access activities in last 5 hours, you need to pass age as 5.24
actionarray<string>BodyOptional

Specify what access activities you want to retrieve. Options can be:

  • blocked: activities are blocked from accessing a SaaS application.
  • allowed: activities are allowed to access a SaaS application.
  • monitored_block: activities are monitored and they will be blocked from accessing a SaaS application if you change an access mode of the application to Enforce mode.
  • monitored_allow: activities are monitored and they will be allowed to access a SaaS application if you change an access mode of the application to Enforce mode.
  • temporary_allowed: activities are temporary allowed to access a SaaS application. It's temporary granted by an administrator
searchstringBodyOptionala keyword to search. In which, the keyword can be a device name, group name, application user, device id, application name, access control rule name, device status

Response HTTP Code

See APIs

Response Parameters

KeyData TypeDescription
timestampstringtimestamp when the access activity occurs
actionstring

Action taken by MetaDefender IT-OT Access. Values can be:

  • blocked: activities are blocked from accessing a SaaS application.
  • allowed: activities are allowed to access a SaaS application.
  • monitored_block: activities are monitored and they will be blocked from accessing a SaaS application if you change an access mode of the application to Enforce mode.
  • monitored_allow: activities are monitored and they will be allowed to access a SaaS application if you change an access mode of the application to Enforce mode.
  • temporary_allowed: activities are temporary allowed to access a SaaS application. It's temporary granted by an administrator
device_idstringdevice id of a device which is accessing an application
device_namestringDevice name of a device which is accessing an application
device_statusstringDevice status of a device which is accessing an application
device_groupstringgroup name of a device which is accessing an application
app_userstringapplication user who is using a device to access an application
access_rulestringaccess control rule which is applied to this activity
app_namestringapplication name which a device is accessing

Example

Example Request:

Copy

Example Response

Copy
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Get Logs
On This Page
Get Access ActivitiesRequest ParametersResponse HTTP CodeResponse ParametersExample