Prisma Cloud Administrator’s Guide (Compute)
    : Delete audit logs
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Administrator’s Guide (Compute)
    5. Audit
    6. Delete audit logs
    Download PDF

    Prisma Cloud Administrator’s Guide (Compute)

    Delete audit logs

    Table of Contents

    Delete audit logs

    Delete audits from the log using the Prisma Cloud API.

    Delete all access audit events

    Deleting audit log entries is done through API calls only.
    Path
    DELETE /api/v1/audits/access?type=[type]
    Description
    Deletes all access events of a specific type. In case type is not provided all access audits for every type will be removed. The possible 'types' for this command are:
    • docker: Docker access audit
    • kubernetes: Kubernetes access audit (to Kubernetes master)
    • sshd: SSH audit to host
    • sudo: sudo commands audit on host
    Status codes
    • 200 - no error
    • 400 - bad request was provided
    Example request
    curl -X DELETE  -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access?type=docker'
    Example response
    {}

    Delete access audit event

    Deleting audit log entries is done through API calls only.
    Path
    DELETE /api/v1/audits/access/[id]
    Description
    Deletes an access event with specific id.
    Status codes
    • 200 - no error
    • 400 - bad request was provided
    Example request
    curl -X DELETE -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access/580fd342b8aaba1000ec47be'
    Example response
    {}
    The current set up enables user to delete entries at the access layer for each runtime sensor. To learn more on API calls, see the API reference.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.