Get Started with Cygna Auditor API
Cygna Auditor's RESTful API is a great way to communicate with the product without actually opening its interface.
Leveraging API, you can retrieve audit data collected by the product, configure data collection, or integrate Cygna Auditor into your in-house auditing or compliance solution.
Cygna Auditor API is REST-based. It means the services interact with Cygna Auditor through HTTP requests sent to designated URLs. You can send and receive JSON objects containing data (single object or an array).
API Request Structure
Depending on your task, you'll be sending HTTP requests to one of available endpoints, for example:
METHOD | ENDPOINT |
---|---|
POST
|
/api/v{version}/events
|
With a header and body containing data, for example:
HEADER |
|
BODY |
{ "Clauses":[ { "FieldName":"user", "Comparison":1, "Values":[ { "Value":"Cygna Auditor" } ] } ], "Columns":[ { "Name":"When", "Header":"When", "Sources":[ -1 ], "Type":"date", "Position":null, "Visible":true, "Width":{ "Value":210, "Default":210, "Minimum":210 }, "Hover":null, "IsIntersecting":false }, { "Name":"Module", "Header":"Source", "Sources":[ -1 ], "Type":"string", "Position":"center", "Visible":true, "Width":{ "Value":140, "Default":140, "Minimum":140 }, "Hover":{ "Field":"Module", "AddAction":13, "RemoveAction":14, "Position":"center" }, "IsIntersecting":false }, { "Name":"EventName", "Header":"What", "Sources":[ -1 ], "Type":"string", "Position":null, "Visible":true, "Width":{ "Value":419, "Default":null, "Minimum":130 }, "Hover":{ "Field":"EventName", "AddAction":1, "RemoveAction":2, "Position":null }, "IsIntersecting":false }, { "Name":"User", "Header":"Who", "Sources":[ -1 ], "Type":"string", "Position":null, "Visible":true, "Width":{ "Value":419, "Default":null, "Minimum":130 }, "Hover":{ "Field":"User", "AddAction":1, "RemoveAction":2, "Position":null }, "IsIntersecting":false }, { "Name":"ObjectName", "Header":"Item", "Sources":[ -1 ], "Type":"string", "Position":null, "Visible":true, "Width":{ "Value":420, "Default":null, "Minimum":130 }, "Hover":{ "Field":"ObjectName", "AddAction":1, "RemoveAction":2, "Position":null }, "IsIntersecting":false } ] } |
API Response Structure
Depending on the API call, you will receive an HTTP response with the status (200 OK
or error status), a header and body. While the header is standard for HTTP specification, the body will typically contain data from returned by server or an error message. For example:
BODY |
---|
[ { "Id": 10000, "Module": 4, "When": "2021-10-19T09:15:03Z", "User": "Cygna Auditor", "Server": null, "EventName": "User Sign-In", "ObjectName": "Office 365 Exchange Online", "Success": 1, "FromAgent": null, "WorkstationId": 15, "NativeEventId": 3779, "ActionId": 0, "Attribute": null, "ObjectDN": null, "ObjectClass": null, "Location": null, "IsRisky": null, "Client": null, "CrossMailboxOperations": false, "MailboxUPN": null, "MailboxFolder": null, "SourceFileName": null, "Path": null, "ItemType": 0, "Workload": null, "ValueAdded": null, "ValueAddedDisplay": null, "ValueRemoved": null, "VmHost": null, "VmType": null, "DataCenter": null, "DataStore": null, "Vm": null, "VmCategory": null, "TeamName": null, "TeamRole": null, "TeamMember": null, "Tenant": null, "External": null, "IdentityName": null, "ResourceGroup": null, "EventCategory": null, "Status": null, "Operation": null, "ResourceType": null, "Level": null, "Subscription": null, "AccountSid": null, "Workstation": null, "ADsType": 0, "Opn": 0 } ] |
To learn more about data structures, endpoints, and error codes, proceed to the next topics.