Source code for tenable.io.audit_log

'''
Audit Log
=========

The following methods allow for interaction into the Tenable Vulnerability Management
:devportal:`audit log <audit-log>` API endpoints.

Methods available on ``io.audit_log``:

.. rst-class:: hide-signature
.. autoclass:: AuditLogAPI
    :members:
'''
from .base import TIOEndpoint

[docs]class AuditLogAPI(TIOEndpoint):
[docs] def events(self, *filters, **kw): ''' Retrieve audit logs from Tenable Vulnerability Management. :devportal:`audit-log: events <audit-log-events>` Args: *filters (tuple, optional): Filters to allow the user to get to a specific subset of data within the audit log. For a more detailed listing of what filters are available, please refer to the API documentation linked above, however some examples are as such: - ``('date', 'gt', '2017-07-05')`` - ``('date', 'lt', '2017-07-07')`` - ``('actor_id', 'match', '6000a811-8422-4096-83d3-e4d44f44b97d')`` - ``('target_id', 'match', '6000a811-8422-4096-83d3-e4d44f44b97d')`` limit (int, optional): The limit of how many events to return. The API will default to 50 unless otherwise specified. Returns: :obj:`list`: List of event records Examples: >>> events = tio.audit_log.events( ... ('date', 'gt', '2018-01-01'), limit=100) >>> for e in events: ... pprint(e) ''' return self._api.get('audit-log/v1/events', params={ 'f': ['{}.{}:{}'.format( self._check('filter_field_name', f[0], str), self._check('filter_operator', f[1], str), self._check('filter_value', f[2], str)) for f in filters], 'limit': self._check('limit', kw['limit'], int) if 'limit' in kw else 50 }).json()['events']