Audit Log

The following methods allow for interaction into the Tenable Vulnerability Management audit log API endpoints.

Methods available on io.audit_log:

class AuditLogAPI(api: APISession)[source]
events(*filters: Tuple[str, str, str], limit: int = 1000, filter_type: Literal['and', 'or'] = 'and', sort: str | None = None, token: str | None = '0', return_json: bool = False)[source]

Retrieve audit logs from Tenable Vulnerability Management.

audit-log: events

Parameters:
  • *filters (tuple, optional) –

    Filters to allow the user to get to a specific subset of data within the audit log. For a more detailed listing of what filters are available, please refer to the API documentation linked above, however some examples are as such:

    • ('date', 'gt', '2017-07-05')

    • ('date', 'lt', '2017-07-07')

    • ('actor_id', 'match', '6000a811-8422-4096-83d3-e4d44f7d')

    • ('target_id', 'match', '6000a811-8422-4096-83d3-e4d447d')

  • limit (int, optional) – The limit of how many events to return. The API will default to 50 unless otherwise specified.

  • filter_type (str, optional) – if multiple filters are present, how should we combine the filters? Supported values are and or or. If left unspecified, the default is and.

  • sort (str, optional) – Should any soerting be performed on the resulting data? The format is FIELD_NAME:DIRECTION. For example, supplying received:desc would sort the results by the received field in descencing order.

  • token (str, optional) – The next token to request the next page.

  • return_json (bool, optional) – Should we return the JSON response instead of iterable?

Returns:

List of event records

Return type:

AuditLogIterator

Examples

>>> events = tio.audit_log.events(('date', 'gt', '2018-01-01'))
>>> for e in events:
...     pprint(e)