Delete audit logs

Delete audits from the log using the Prisma Cloud API.

Delete all access audit events

Deleting audit log entries is done through API calls only.
Path
DELETE /api/v1/audits/access?type=[type]
Description
Deletes all access events of a specific type. In case type is not provided all access audits for every type will be removed. The possible 'types' for this command are:
  • docker: Docker access audit
  • kubernetes: Kubernetes access audit (to Kubernetes master)
  • swarm: same as Kubernetes but for Docker Swarm
  • sshd: SSH audit to host
  • sudo: sudo commands audit on host
Status codes
  • 200 - no error
  • 400 - bad request was provided
Example request
curl -X DELETE -u admin:<Password> 'https://<localhost>:8443/api/v1/audits/access?type=docker'
Example response
{}

Delete access audit event

Deleting audit log entries is done through API calls only.
Path
DELETE /api/v1/audits/access/[id]
Description
Deletes an access event with specific id.
Status codes
  • 200 - no error
  • 400 - bad request was provided
Example request
curl -X DELETE -u admin:<Password> 'https://<localhost>:8443/api/v1/audits/access/580fd342b8aaba1000ec47be'
Example response
{}
The current set up enables user to delete entries at the access layer for each runtime sensor. To learn more on API calls, see the API reference.

Recommended For You