Skip to content

List recent audits

GET
/v1/audits
curl --request GET \
--url 'http://127.0.0.1:8080/v1/audits?category=egress' \
--header 'Authorization: Bearer <token>'
category

Audit category.

string
Allowed values: egress

Audit category to list. Omit to include all supported categories.

runtime
string

Runtime UUID or display name filter.

limit
integer format: uint32

Maximum number of audits to return.

List response envelope.

Media type application/json

List response envelope.

object
data
required
Array<object>

Audit response object.

object
id
required
string
category
required

Audit category.

string
Allowed values: egress
observed_unix_ms
required
integer format: int64
runtime_id
required
string
payload
required

Externally tagged audit payload. Exactly one category property is present.

object
>= 1 properties <= 1 properties
egress

Egress audit payload. The kind identifies which concrete payload property is present.

object
>= 2 properties <= 2 properties
kind
required

Egress audit kind.

string
Allowed values: tcp_connection http_request icmp_drop
tcp_connection

Redacted egress TCP connection audit payload.

object
src_addr
required
string
dst_addr
required
string
host
required
string
transport
required
string
plugin
required
string
bytes_up
required
integer format: uint64
bytes_down
required
integer format: uint64
duration_ms
required
integer format: uint64
action
required

Egress audit action.

string
Allowed values: allow deny error unknown
outcome
required
string
reason
required
string
error
required
string
http_request

Redacted egress HTTP request audit payload.

object
host
required
string
method
required
string
path
required
string
status
required
integer format: uint32
bytes_up
required
integer format: uint64
bytes_down
required
integer format: uint64
action
required

Egress audit action.

string
Allowed values: allow deny error unknown
outcome
required
string
reason
required
string
query_redacted
required
boolean
icmp_drop

Aggregated ICMP drop audit payload.

object
src_ip
required
string
packets
required
integer format: uint64
bytes
required
integer format: uint64
action
required

Egress audit action.

string
Allowed values: allow deny error unknown
outcome
required
string
reason
required
string
Example
{
"data": [
{
"category": "egress",
"payload": {
"egress": {
"kind": "tcp_connection",
"tcp_connection": {
"action": "allow"
},
"http_request": {
"action": "allow"
},
"icmp_drop": {
"action": "allow"
}
}
}
}
]
}

Missing, malformed, or rejected bearer token

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

The bearer token is not allowed to perform this action

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

The requested resource was not found

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

The request conflicts with current resource state

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

Validation or application error

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

Rate limit exceeded

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

Upstream service is unavailable

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

Upstream request timed out

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}

Error response

Media type application/json
object
error
required
object
code
required
string
Allowed values: already_exists command_failed deadline_exceeded failed_precondition internal invalid_argument not_found permission_denied rate_limited unauthenticated unavailable unimplemented
message
required
string
Example
{
"error": {
"code": "already_exists"
}
}