ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Export WSS Audit log data


Article ID: 169161


Updated On:


Web Security Service - WSS


The Web Security Service logs each time a user signs in/out or performs an action, such as editing, emailing a report. Admin Role users can review these transactions. 

  1. Navigate to: Account Configuration >  Account Auditing.
    Find the related operation.
    Object Type: PolicyRule/Report/User/..
    Operation Type: Delete/Execute/Login/Logout/..


  • Account Auditing data is available for 1 year.
  • There is no alert notification of any operation action from the WSS Portal, however, a notification alert can be created using your SIEM once the data has been ingested.


Exporting Data


The data can be downloaded from the WSS portal under Account Configuration > Account Auditing.

Click Download (.csv) to open or save the list in a comma-separated value (CSV) file, which can be opened by Microsoft Excel or a similar spreadsheet application.


To automate the downloading of Web Security Service Audit Logs for archiving, Symantec provides a REST API you can use with your internal systems.

  • Requires a WSS API Key credentials and basic authentication.
  • The Output format can be CSV or JSON.
  • Filter results based on start date, end date, object type, operation type.

Step 1 - Generate WSS API Credentials

    1. Navigate to  Account Configuration > API Credentials
    2. Click Add API Credentials. The WSS displays the New API Credential dialog, which contains the random characters Username and  Password
    3. Select the API Expiry
      • Time-based —You define the date and time when this token expires
      • Never expires
      • Select Audit Logs
      • (Optional) Enter a comment that defines the token's purpose. A helpful description informs other Admins of the purpose
      • Copy the Username and\ Password to a file for use in the REST API

Step 2 - Use the REST API


Use the API using cURL and outputting to a CSV 
curl -o test.output -u 4da191e3:653a5307 -v ""
Use the API using cURL and outputting to a JSON
curl -o test.output -u 4da191e3:653a5307 -v ""

Where 4da191e3:653a5307 is the username and password, respectively, as generated Step 1 - Generate WSS API Credentials.

Filter Options

You can add one or more of the following filters.

    • objectType=option
    • operationType=option
curl -o test.output -u 4da191e3:653a5307 -v ""

Additional Information

Review Web Security Service User Access

Download Audit Logs with REST API