Get Logs

API version3.3
Last Update04/19/2023
AuthenticationYES
HTTP MethodPOST
Content Typeapplication/json
Rate limitedYES
Requests per rate limit10/min
Response FormatJSON
Changes

Changes compared with v3.2

  • add new filter deleted_api for filter.events

MetaDefender IT-OT Access records events on your account. There are 3 types of event logs: admin event logs, device event logs, and webhook event logs. To retrieve event logs on your account, you can use this API. You can set filters in parameters to filter event logs you concern.

API URL

https://gears.opswat.com/o/api/v3.3/logs

Request Parameters

KeyDatatypeParameter TypeRequiredDescriptionDefault
access_tokenstringURLYesaccess token which archived from OAuth authentication step
event_categorystringBodyYes

Specify what event logs you want to retrieve. Possible values can be:

  • device: Device event logs
  • admin: Admin event logs
  • webhook: webhook's event logs
  • device_report: Device report event log
limitintBodyOptionalSpecify a maximum number of event logs will be returned in the response. The value should be in [1,100]. If there are more event logs than what the limit asks for, HTTP code in a response will be 406. Event logs in the response are sorted by timestamp.20
tokenstringBodyOptionalSpecify a pagination token that event logs will be returned in. It can be used to return the next set of items in the list.
ageintBodyOptionalSpecify age of the information in seconds. Maximum value is 86400 (1 day) For example: if you want to query event logs in last 5 minutes, you need set the "age" parameter to 300.3600
start_timelongBodyOptionalSpecify a start time of the query's duration. The format should be Unix epoch time in milliseconds
end_timelongBodyOptionalSpecify an end time of the query's duration. The format should be Unix epoch time in milliseconds
filterobjectBodyOptionalSpecify filter criteria (does not apply to device_report event_category)
filter.eventsstringBodyOptional

Specify which events you want to retrieve. Values for admin event logs (event_category = admin) can be:

  • cac_change: an admin changed configuration for Secure Access module
  • config: an admin changed configuration
  • failed_auth: an admin failed authenticate with OPSWAT SSO.
  • login: an admin logged into MetaDefender IT-OT Access console
  • rev_mobile_code: an admin revoked a registration code
  • submit_ticket: an admin summited a support ticket to OPSWAT through MetaDefender IT-OT Access console
  • whitelist: an admin updated allowlist settings for CVEs
  • changed_password: an admin changed password with OPSWAT SSO

Values for device event logs (event_category=device) can be:

  • access_granted: a device was granted temporary access to a protected app
  • access_revoked: a device was revoked a temporary access to a protected app
  • added: a device was enrolled to an account
  • added_duplicate_mac: a device was enrolled to an account with a duplicated MAC address.
  • compliance_check: an admin performed an on-demand compliance check on the device
  • compliant: a device was considered as COMPLIANT
  • deleted: a device was deleted by an admin
  • deleted_user: MetaDefender Endpoint was uninstalled by a local user on a device
  • deleted_api: a device was deleted via API
  • exempt_all: an admin exempted a device
  • fetch_log: an admin fetched the MetaDefender Endpoint's log remotely
  • noncompliant: a device was considered as NON-COMPLIANT
  • scan_threat: an admin requested an on-demand malware scan on a device
  • unexempt: an admin unexempted a device
  • unseen: a device was deleted by Lost Devices feature

Values for category webhook can be:

  • added: a device was enrolled to an account
  • deleted: a device was deleted
  • status_changed_to_compliant: a device was considered as COMPLIANT
  • status_changed_to_exempted: a device was exempted
  • status_changed_to_non_compliant: a device was considered as NON-COMPLIANT
filter.agent_typesarray<int>BodyOptional

Only valid for device event logs (event_category = device). To filter event logs by an agent type. Values can be:

  • 0: MetaDefender Endpoint
  • 2: OPSWAT Domain Controller Client
filter.searchstringBodyOptionalOnly valid for device event logs (event_category = device or event_category=device_report) or webhook event logs (event_category = webhook) Search by device name, device id.

Response HTTP Code

See APIs

Response Parameters for admin event logs (event_category = admin):

KeyDataTypeDescription
dataarray<object>Admin event logs
data.timestampstringtimestamp when the event occurs
data.eventstringEvent text
data.detailsstringEvent details
data.admin_namestringName of an admin who is related to the event
data.admin_emailstringEmail of an admin who is related to the event
tokenstringA pagination token

Response Parameters for Device event logs (event_category = device):

KeyDataTypeDescription
dataarray<object>Device event logs
data.timestampstringtimestamp when the event occurs
data.eventstringEvent text
data.detailsstringEvent details
data.device_idstringDevice id of a device that the event occurred on
data.device_namestringDevice name that the event occurred on
data.device_usernamestringUser logged-in ID who logged into a device when the event occurred
data.device_groupstringA device's group name
tokenstringA pagination token

Response Parameters for Device event logs (event_category = device_report):

KeyDataTypeDescription
dataarray<object>Device event logs
data.timestampstringTimestamp when the event occurs
data.eventstringEvent text
data.detailsstringEvent details
data.device_idstringDevice id of a device that the event occurred on
data.device_namestringDevice name that the event occurred on
data.device_usernamestringUser logged-in ID who logged into a device when the event occurred
data.device_groupstringA device's group name
data.statusstringStatus of device
data.severitystringSeverity level
data.policy_namestringPolicy name which a device is assigned to
data.last_seenstringThe last timestamp in GMT format when the agent reports data to the Cloud
data.public_ipstringPublic IP of the device in the last report
tokenstringA pagination token

Response Parameters for Webhook event logs (event_category = webhook):

KeyDataTypeDescription
dataarray<object>Webhook event logs
data.timestampstringtimestamp when the event log occurs
data.eventstringEvent text
data.detailsstringEvent details
data.device_idstringDevice id of a device that the event occurred on
data.device_namestringDevice name that the event occurred on
data.response_codestringResponse code from a webhoook API
data.response_bodystringResponse body from a webhoook API
tokenstringA pagination token

Example

Example Request

Copy

Example Response

Copy

Example Request

Copy

Example Response

Copy

Example Request

Copy

Example Response

Copy

Example Request

Copy

Example Response

Copy

History

VersionURL
v3.2Get Logs v3.2
v3.1Get Logs v3.1
v3.0Get Logs v3.0
v2.0Get Logs v2.0
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Get applications
On This Page
Get LogsAPI URLRequest ParametersResponse HTTP CodeResponse Parameters for admin event logs (event_category = admin):Response Parameters for Device event logs (event_category = device):Response Parameters for Device event logs (event_category = device_report):Response Parameters for Webhook event logs (event_category = webhook):ExampleHistory