Get Started with Cygna Auditor API

Cygna Auditor's RESTful API is a great way to communicate with the product without actually opening its interface.

Leveraging API, you can retrieve audit data collected by the product, configure data collection, or integrate Cygna Auditor into your in-house auditing or compliance solution.

Cygna Auditor API is REST-based. It means the services interact with Cygna Auditor through HTTP requests sent to designated URLs. You can send and receive JSON objects containing data (single object or an array).

API Request Structure

Depending on your task, you'll be sending HTTP requests to one of available endpoints, for example:

METHOD ENDPOINT
POST /api/v{version}/events

With a header and body containing data, for example:

HEADER

Authorization: Bearer YOUR-TOKEN

Session-Id: YOUR-ID

Content-Type: application/json

BODY

{

"Clauses":[

{

"FieldName":"user",

"Comparison":1,

"Values":[

{

"Value":"Cygna Auditor"

}

]

}

],

"Columns":[

{

"Name":"When",

"Header":"When",

"Sources":[

-1

],

"Type":"date",

"Position":null,

"Visible":true,

"Width":{

"Value":210,

"Default":210,

"Minimum":210

},

"Hover":null,

"IsIntersecting":false

},

{

"Name":"Module",

"Header":"Source",

"Sources":[

-1

],

"Type":"string",

"Position":"center",

"Visible":true,

"Width":{

"Value":140,

"Default":140,

"Minimum":140

},

"Hover":{

"Field":"Module",

"AddAction":13,

"RemoveAction":14,

"Position":"center"

},

"IsIntersecting":false

},

{

"Name":"EventName",

"Header":"What",

"Sources":[

-1

],

"Type":"string",

"Position":null,

"Visible":true,

"Width":{

"Value":419,

"Default":null,

"Minimum":130

},

"Hover":{

"Field":"EventName",

"AddAction":1,

"RemoveAction":2,

"Position":null

},

"IsIntersecting":false

},

{

"Name":"User",

"Header":"Who",

"Sources":[

-1

],

"Type":"string",

"Position":null,

"Visible":true,

"Width":{

"Value":419,

"Default":null,

"Minimum":130

},

"Hover":{

"Field":"User",

"AddAction":1,

"RemoveAction":2,

"Position":null

},

"IsIntersecting":false

},

{

"Name":"ObjectName",

"Header":"Item",

"Sources":[

-1

],

"Type":"string",

"Position":null,

"Visible":true,

"Width":{

"Value":420,

"Default":null,

"Minimum":130

},

"Hover":{

"Field":"ObjectName",

"AddAction":1,

"RemoveAction":2,

"Position":null

},

"IsIntersecting":false

}

]

}

API Response Structure

Depending on the API call, you will receive an HTTP response with the status (200 OK or error status), a header and body. While the header is standard for HTTP specification, the body will typically contain data from returned by server or an error message. For example:

BODY

[

{

"Id": 10000,

"Module": 4,

"When": "2021-10-19T09:15:03Z",

"User": "Cygna Auditor",

"Server": null,

"EventName": "User Sign-In",

"ObjectName": "Office 365 Exchange Online",

"Success": 1,

"FromAgent": null,

"WorkstationId": 15,

"NativeEventId": 3779,

"ActionId": 0,

"Attribute": null,

"ObjectDN": null,

"ObjectClass": null,

"Location": null,

"IsRisky": null,

"Client": null,

"CrossMailboxOperations": false,

"MailboxUPN": null,

"MailboxFolder": null,

"SourceFileName": null,

"Path": null,

"ItemType": 0,

"Workload": null,

"ValueAdded": null,

"ValueAddedDisplay": null,

"ValueRemoved": null,

"VmHost": null,

"VmType": null,

"DataCenter": null,

"DataStore": null,

"Vm": null,

"VmCategory": null,

"TeamName": null,

"TeamRole": null,

"TeamMember": null,

"Tenant": null,

"External": null,

"IdentityName": null,

"ResourceGroup": null,

"EventCategory": null,

"Status": null,

"Operation": null,

"ResourceType": null,

"Level": null,

"Subscription": null,

"AccountSid": null,

"Workstation": null,

"ADsType": 0,

"Opn": 0

}

]

To learn more about data structures, endpoints, and error codes, proceed to the next topics.