Delete audit logs

Delete audits from the log using the Prisma Cloud API.

Delete all access audit events

Deleting audit log entries is done through API calls only.
Path
DELETE /api/v1/audits/access?type=[type]
Code copied to clipboard
Unable to copy due to lack of browser support.
Description
Deletes all access events of a specific type. In case type is not provided all access audits for every type will be removed. The possible 'types' for this command are:
  • docker: Docker access audit
  • kubernetes: Kubernetes access audit (to Kubernetes master)
  • swarm: same as Kubernetes but for Docker Swarm
  • sshd: SSH audit to host
  • sudo: sudo commands audit on host
Status codes
  • 200 - no error
  • 400 - bad request was provided
Example request
curl -X DELETE -u admin:<Password> 'https://<localhost>:8443/api/v1/audits/access?type=docker'
Code copied to clipboard
Unable to copy due to lack of browser support.
Example response
{}
Code copied to clipboard
Unable to copy due to lack of browser support.

Delete access audit event

Deleting audit log entries is done through API calls only.
Path
DELETE /api/v1/audits/access/[id]
Code copied to clipboard
Unable to copy due to lack of browser support.
Description
Deletes an access event with specific id.
Status codes
  • 200 - no error
  • 400 - bad request was provided
Example request
curl -X DELETE -u admin:<Password> 'https://<localhost>:8443/api/v1/audits/access/580fd342b8aaba1000ec47be'
Code copied to clipboard
Unable to copy due to lack of browser support.
Example response
{}
Code copied to clipboard
Unable to copy due to lack of browser support.
The current set up enables user to delete entries at the access layer for each runtime sensor. To learn more on API calls, see the API reference.

Recommended For You