🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Getting Started with the Audits GraphQL API

api guides


Important

Before proceeding, complete the API Authentication steps in order to obtain a working client_id and client_secret.

Regions

The URL to access Taegis™ XDR APIs may differ according to the region your environment is deployed in:

  • US1— https://api.ctpx.secureworks.com
  • US2— https://api.delta.taegis.secureworks.com
  • US3— https://api.foxtrot.taegis.secureworks.com
  • EU— https://api.echo.taegis.secureworks.com

The examples in this Taegis™ XDR API documentation use https://api.ctpx.secureworks.com throughout. If you are in a different region substitute appropriately.

Note

At this time, the Secureworks® Taegis™ XDR Audits API is read-only. There are currently no mutations available that allow you to send or push data.

You can use the audit API to query audit log entries that were created by the internal services. All available Audits API endpoints can be found in the Audits GraphQL API reference.

Query Audits

query allAudits($allAuditsInput: AllAuditsInput = {offset: 0, limit: 1})
{
    allAudits(allAuditsInput: $allAuditsInput)
    {
        totalResults relation offset limit audits { id logType application requestType username email token source targetRn action timestamp eventName eventDesc tenantId traceId metadata responseCode url headers requestParams beforeState afterState extras ccdpStatus }
    }
}

Search Audits

query searchAudits($auditSearchInput: AuditSearchInput! = {offset: 0, limit: 1, email: "name@your-domain.com", application: "alerts"})
{
    searchAudits(auditSearchInput: $auditSearchInput)
    {
        totalResults relation offset limit audits { id logType application requestType username email token source targetRn action timestamp eventName eventDesc tenantId traceId metadata responseCode url headers requestParams beforeState afterState extras ccdpStatus }
    }
}

Next Steps

For more information, see the Audits GraphQL API Documentation.

 

On this page: