Skip to content
Cloudflare API
Start here
API Reference
Security Center
Insights
Audit Logs

Retrieves Issue Audit Log

security_center.insights.audit_logs.list_by_insight(strissue_id, AuditLogListByInsightParams**kwargs) -> SyncCursorPagination[AuditLogListByInsightResponse]
GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/audit-log

Lists audit log entries for a specific Security Center insight, showing changes to its status and classification over time.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
issue_id: str
account_id: Optional[str]

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: Optional[str]

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

before: Optional[Union[str, datetime]]

Filter entries changed before this timestamp (RFC 3339).

formatdate-time
changed_by: Optional[str]

Filter by the actor that made the change.

cursor: Optional[str]

Opaque cursor for pagination. Use the cursor value from result_info of the previous response.

field_changed: Optional[Literal["status", "user_classification"]]

Filter by the field that was changed.

One of the following:
"status"
"user_classification"
order: Optional[Literal["asc", "desc"]]

Sort order for results. Use ‘asc’ for oldest first or ‘desc’ for newest first.

One of the following:
"asc"
"desc"
per_page: Optional[int]

Number of results per page.

maximum1000
minimum1
since: Optional[Union[str, datetime]]

Filter entries changed at or after this timestamp (RFC 3339).

formatdate-time
ReturnsExpand Collapse
class AuditLogListByInsightResponse:
id: Optional[str]

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid
changed_at: Optional[datetime]

The timestamp when the change occurred.

formatdate-time
changed_by: Optional[str]

The actor that made the change. ‘system’ for automated changes, or a user identifier.

current_value: Optional[str]

The value of the field after the change. Null if the field was cleared.

field_changed: Optional[Literal["status", "user_classification"]]

The field that was changed.

One of the following:
"status"
"user_classification"
issue_id: Optional[str]

The ID of the insight this audit log entry relates to.

previous_value: Optional[str]

The value of the field before the change. Null if the field was not previously set.

rationale: Optional[str]

Optional rationale provided for the change.

zone_id: Optional[int]

The zone ID associated with the insight. Only present for zone-level insights.

formatint64

Retrieves Issue Audit Log

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.security_center.insights.audit_logs.list_by_insight(
    issue_id="issue_id",
    account_id="account_id",
)
page = page.result[0]
print(page.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "changed_at": "2019-12-27T18:11:19.117Z",
      "changed_by": "system",
      "current_value": "current_value",
      "field_changed": "status",
      "issue_id": "issue_id",
      "previous_value": "previous_value",
      "rationale": "rationale",
      "zone_id": 0
    }
  ],
  "result_info": {
    "count": 25,
    "cursor": "cursor",
    "per_page": 25
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "changed_at": "2019-12-27T18:11:19.117Z",
      "changed_by": "system",
      "current_value": "current_value",
      "field_changed": "status",
      "issue_id": "issue_id",
      "previous_value": "previous_value",
      "rationale": "rationale",
      "zone_id": 0
    }
  ],
  "result_info": {
    "count": 25,
    "cursor": "cursor",
    "per_page": 25
  }
}