API Reference

Security Center

Insights

Audit Logs

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Retrieves account or zone Audit Log

security_center.insights.audit_logs.list(AuditLogListParams**kwargs) -> SyncCursorPagination[AuditLogListResponse]

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/audit-log

Lists audit log entries for all Security Center insights in the account or zone, showing changes to insight status and classification.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

ParametersExpand Collapse

account_id: Optional[str]

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: Optional[str]

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

before: Optional[Union[str, datetime]]

Filter entries changed before this timestamp (RFC 3339).

formatdate-time

changed_by: Optional[str]

Filter by the actor that made the change.

cursor: Optional[str]

Opaque cursor for pagination. Use the cursor value from result_info of the previous response.

field_changed: Optional[Literal["status", "user_classification"]]

Filter by the field that was changed.

One of the following:

"status"

"user_classification"

order: Optional[Literal["asc", "desc"]]

Sort order for results. Use ‘asc’ for oldest first or ‘desc’ for newest first.

One of the following:

"asc"

"desc"

per_page: Optional[int]

Number of results per page.

maximum1000

minimum1

since: Optional[Union[str, datetime]]

Filter entries changed at or after this timestamp (RFC 3339).

formatdate-time

ReturnsExpand Collapse

class AuditLogListResponse: …

id: Optional[str]

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid

changed_at: Optional[datetime]

The timestamp when the change occurred.

formatdate-time

changed_by: Optional[str]

The actor that made the change. ‘system’ for automated changes, or a user identifier.

current_value: Optional[str]

The value of the field after the change. Null if the field was cleared.

field_changed: Optional[Literal["status", "user_classification"]]

The field that was changed.

One of the following:

"status"

"user_classification"

issue_id: Optional[str]

The ID of the insight this audit log entry relates to.