NPM Audit Service v1.1

Resource: config

Audit subsystem configuration

http://{device}/api/npm.audit/1.1/config

JSON

{
  "disabled_types": [
    string
  ],
  "retention": {
    "period": integer,
    "records": integer
  },
  "system": {
    "enabled": boolean
  }
}

{
  "disabled_types": [
    string
  ],
  "retention": {
    "period": integer,
    "records": integer
  },
  "system": {
    "enabled": boolean
  }
}

Property Name	Type	Description	Notes
config	<object>	Audit subsystem configuration	Required properties: [system, retention, disabled_types];
config.disabled_types	<array of <string>>	Event types that will not be audited. Any subtypes under the type namespace will also be disabled.
config.disabled_types[items]	<string>	Event type to disable
config.retention	<object>	Audit record retention configuration	Required properties: [period, records];
config.retention.period	<integer>	Number of days to store records before pruning. 0 to disable age-based pruning.	Minimum 0;
config.retention.records	<integer>	Maximum number of event records to keep. 0 to disable maximum record pruning.	Minimum 0;
config.system	<object>	Main audit system configuration	Required properties: [enabled];
config.system.enabled	<boolean>	Globally enable/disable all event auditing

Links

config: get

GET http://{device}/api/npm.audit/1.1/config

Response Body

Returns a config data object.

config: set

PUT http://{device}/api/npm.audit/1.1/config

Request Body

Provide a config data object.

Response Body

Returns a config data object.

Resource: events

Container for event instances

http://{device}/api/npm.audit/1.1/events{?sort,username,success,record_type,limit,sortBy,offset,action}

JSON

{
  "items": [ event ],
  "meta": events_meta
}

{
  "items": [ event ],
  "meta": events_meta
}

Property Name	Type	Description	Notes
events	<object>	Container for event instances	Required properties: [items];
events.items	<array of <event>>	Array of events within the audit subsystem
events.items[items]	<event>	An event within the audit subsystem
events.meta	<events_meta>	Meta data of the data set returned when a list of events are fetched.

Links

events: get

GET http://{device}/api/npm.audit/1.1/events{?sort,username,success,record_type,limit,sortBy,offset,action}

Response Body

Returns an events data object.

Type: event

An event within the audit subsystem

JSON

{
  "action": string,
  "count": integer,
  "details": [
    {
      "field": string,
      "new": string,
      "old": string,
      "value": string,
      <prop>: any
    }
  ],
  "identifier": string,
  "ipaddr": string,
  "module": string,
  "pid": integer,
  "record_type": string,
  "sid": string,
  "success": integer,
  "timestamp": timestamp,
  "uid": integer,
  "username": string,
  <prop>: any
}

{
  "action": string,
  "count": integer,
  "details": [
    {
      "field": string,
      "new": string,
      "old": string,
      "value": string,
      <prop>: any
    }
  ],
  "identifier": string,
  "ipaddr": string,
  "module": string,
  "pid": integer,
  "record_type": string,
  "sid": string,
  "success": integer,
  "timestamp": timestamp,
  "uid": integer,
  "username": string,
  <prop>: any
}

Property Name	Type	Description	Notes
event	<object>	An event within the audit subsystem	Required properties: [timestamp, action, record_type, identifier, uid, username, ipaddr, pid, sid, module, success, details, count];
event.action	<string>	Action that triggered the event (e.g., 'create', 'update').
event.count	<integer>	Number of times the event occurred during a 1-minute window
event.details	<array of <object>>	Specific details about the event as EventDetails, consisting of EventDetail objects field/value - a field, and text about the field field/old/new - a field, its original value, and new
event.details[items]	<object>	Event details	Required properties: [field];
event.details[items].field	<string>	Detail field
event.details[items].new	<string>	New field value for a change record	Optional;
event.details[items].old	<string>	Original field value for a change record	Optional;
event.details[items].value	<string>	Value field	Optional;
event.details[items].<prop>	<any>		Optional;
event.identifier	<string>	Identifier for the record_type object. For example, if action is 'delete', and record_type is 'configuration_change.host_group', the identifier might be 'Boston'
event.ipaddr	<string>	IP from which the event was triggered
event.module	<string>	IP address of the module on a multi-blade system where the event occurred
event.pid	<integer>	Process ID from which the event originated
event.record_type	<string>	The type of event (e.g. 'authentication.login', 'configuration_change.roles')
event.sid	<string>	User session from which the event originated
event.success	<integer>	Whether the attempted event succeeded.
event.timestamp	<timestamp>	Timestamp of audit event	Seconds since January 1, 1970;
event.uid	<integer>	Numeric User ID of the user that triggered the event. Value is -1 if not set.
event.username	<string>	Username of the user that triggered the event.
event.<prop>	<any>		Optional;

Type: events_meta

Meta data of the data set returned when a list of events are fetched.

JSON

{
  "count": integer,
  "limit": integer,
  "offset": integer,
  "total": integer
}

{
  "count": integer,
  "limit": integer,
  "offset": integer,
  "total": integer
}

Property Name	Type	Description	Notes
events_meta	<object>	Meta data of the data set returned when a list of events are fetched.
events_meta.count	<integer>	The actual number of reports returned for this request.	Optional;
events_meta.limit	<integer>	Maximum number report instances to be returned.	Optional;
events_meta.offset	<integer>	Start returning report instances from offset specified.	Optional;
events_meta.total	<integer>	Total number of reports in the system that match the filter criteria.	Optional;