1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Audit
    6. Delete audit logs
    End-of-Life (EoL)

    Delete audit logs

    Delete audits from the log using the Prisma Cloud API.

    Delete all access audit events

    Deleting audit log entries is done through API calls only.
    Path
    DELETE /api/v1/audits/access?type=[type]
    Description
    Deletes all access events of a specific type. In case type is not provided all access audits for every type will be removed. The possible 'types' for this command are:
    • docker: Docker access audit
    • kubernetes: Kubernetes access audit (to Kubernetes master)
    • swarm: same as Kubernetes but for Docker Swarm
    • sshd: SSH audit to host
    • sudo: sudo commands audit on host
    Status codes
    • 200 - no error
    • 400 - bad request was provided
    Example request
    curl -X DELETE  -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access?type=docker'
    Example response
    {}

    Delete access audit event

    Deleting audit log entries is done through API calls only.
    Path
    DELETE /api/v1/audits/access/[id]
    Description
    Deletes an access event with specific id.
    Status codes
    • 200 - no error
    • 400 - bad request was provided
    Example request
    curl -X DELETE -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access/580fd342b8aaba1000ec47be'
    Example response
    {}
    The current set up enables user to delete entries at the access layer for each runtime sensor. To learn more on API calls, see the API reference.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo