Customer has created the API username and password to download the access logs and the Audit logs. While there are no issues with the Access logs, there are no audit logs flow.

When trying to manually query for the audit logs we are getting 401 error and cannot get the audit logs.

Clouid SWG

Incorrect/incomplete "curl" command used.

See the correct commands to use below, for both the "web" and the "curl" options. You can modiify your start and end dates, as desired. The csv file(s) will be saved to the current location on the computer. E.g., "C:\" The current location here is the C drive on the computer.

Web:

https://portal.threatpulse.com/api/rest/audit/download?startDate=YYYY-MM-DD&endDate=YYYY-MM-DD&format=CSV. Ensure to enter the API credentials.

Windows:

curl -L -u "[api_username]:[api_password]" ^ -o "audit_up_to_YYYY-MM-DD.csv" ^ "https://portal.threatpulse.com/api/rest/audit/download?startDate=YYYY-MM-DD&endDate=YYYY-MM-DD&format=CSV"

Linux:

curl -L -u "[api_username]:[api_password]" \ -o "audit_up_to_YYYY-MM-DD.csv" \ "https://portal.threatpulse.com/api/rest/audit/download?startDate=YYYY-MM-DD&endDate=YYYY-MM-DD&format=CSV"