Skip to content
Cloudflare API
Start here
API Reference
Security Center
Insights
Audit Logs

Retrieves account or zone Audit Log

client.SecurityCenter.Insights.AuditLogs.List(ctx, params) (*CursorPagination[InsightAuditLogListResponse], error)
GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/audit-log

Lists audit log entries for all Security Center insights in the account or zone, showing changes to insight status and classification.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
params InsightAuditLogListParams
AccountID param.Field[string]Optional

Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

ZoneID param.Field[string]Optional

Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Before param.Field[Time]Optional

Query param: Filter entries changed before this timestamp (RFC 3339).

formatdate-time
ChangedBy param.Field[string]Optional

Query param: Filter by the actor that made the change.

Cursor param.Field[string]Optional

Query param: Opaque cursor for pagination. Use the cursor value from result_info of the previous response.

FieldChanged param.Field[InsightAuditLogListParamsFieldChanged]Optional

Query param: Filter by the field that was changed.

const InsightAuditLogListParamsFieldChangedStatus InsightAuditLogListParamsFieldChanged = "status"
const InsightAuditLogListParamsFieldChangedUserClassification InsightAuditLogListParamsFieldChanged = "user_classification"
Order param.Field[InsightAuditLogListParamsOrder]Optional

Query param: Sort order for results. Use ‘asc’ for oldest first or ‘desc’ for newest first.

const InsightAuditLogListParamsOrderAsc InsightAuditLogListParamsOrder = "asc"
const InsightAuditLogListParamsOrderDesc InsightAuditLogListParamsOrder = "desc"
PerPage param.Field[int64]Optional

Query param: Number of results per page.

maximum1000
minimum1
Since param.Field[Time]Optional

Query param: Filter entries changed at or after this timestamp (RFC 3339).

formatdate-time
ReturnsExpand Collapse
type InsightAuditLogListResponse struct{…}
ID stringOptional

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid
ChangedAt TimeOptional

The timestamp when the change occurred.

formatdate-time
ChangedBy stringOptional

The actor that made the change. ‘system’ for automated changes, or a user identifier.

CurrentValue stringOptional

The value of the field after the change. Null if the field was cleared.

FieldChanged InsightAuditLogListResponseFieldChangedOptional

The field that was changed.

One of the following:
const InsightAuditLogListResponseFieldChangedStatus InsightAuditLogListResponseFieldChanged = "status"
const InsightAuditLogListResponseFieldChangedUserClassification InsightAuditLogListResponseFieldChanged = "user_classification"
IssueID stringOptional

The ID of the insight this audit log entry relates to.

PreviousValue stringOptional

The value of the field before the change. Null if the field was not previously set.

Rationale stringOptional

Optional rationale provided for the change.

ZoneID int64Optional

The zone ID associated with the insight. Only present for zone-level insights.

formatint64

Retrieves account or zone Audit Log

package main

import (
  "context"
  "fmt"

  "github.com/stainless-sdks/cloudflare-go"
  "github.com/stainless-sdks/cloudflare-go/option"
  "github.com/stainless-sdks/cloudflare-go/security_center"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  page, err := client.SecurityCenter.Insights.AuditLogs.List(context.TODO(), security_center.InsightAuditLogListParams{

  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", page)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "changed_at": "2019-12-27T18:11:19.117Z",
      "changed_by": "system",
      "current_value": "current_value",
      "field_changed": "status",
      "issue_id": "issue_id",
      "previous_value": "previous_value",
      "rationale": "rationale",
      "zone_id": 0
    }
  ],
  "result_info": {
    "count": 25,
    "cursor": "cursor",
    "per_page": 25
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "changed_at": "2019-12-27T18:11:19.117Z",
      "changed_by": "system",
      "current_value": "current_value",
      "field_changed": "status",
      "issue_id": "issue_id",
      "previous_value": "previous_value",
      "rationale": "rationale",
      "zone_id": 0
    }
  ],
  "result_info": {
    "count": 25,
    "cursor": "cursor",
    "per_page": 25
  }
}