See the OCSF Schema Overview for more information on the schema, and OCSF Class Events for more information on event classification. Also, check out this blog on how to use the Audit Trail API.
The filled OCSF schema for the corresponding Automox event
Bad Request
Access token is missing or invalid
You do not have permission to perform this action.
Entity not found
Too many requests
Service Unavailable
$apiKey = 'your_automox_api_key' $axOrgUUID = 'your_automox_organization_uuid' $headers = @{ "Authorization" = "Bearer $apiKey" "Content-Type" = "application/json" "x-ax-organization-uuid" = "$axOrgUUID" } $url = "https://console.automox.com/audit-service/v1/orgs/{orgUuid}/events" $response = (Invoke-WebRequest -Method Get -Uri $url -Headers $headers).Content
[- {
- "_id": {
- "$oid": "6669d991ba9a2536b8158f17"
}, - "activity": "Logon",
- "activity_id": 99,
- "category_uid": 3,
- "class_uid": 3002,
- "count": 1,
- "message": "User Log In Success",
- "metadata": {
- "tenant_uid": "7ee9f975-6cb7-44e9-afc3-3adbece95d74",
- "uid": "9f8896c3-e042-42de-ae41-eaef8a2a667b",
- "correlation_uid": "e92ae537-ea35-42d9-b6d4-92335f91a3db",
- "product": {
- "version": "1.0.0-dev",
- "vendor_name": "Automox"
}, - "version": "1.1.0"
}, - "severity": "Informational",
- "severity_id": 1,
- "status": "Other",
- "status_code": 200,
- "status_id": 1,
- "time": 1718213009419,
- "timezone_offset": 0,
- "type_name": "Authentication: Logon",
- "type_uid": 300201,
- "actor": {
- "user": {
- "email_addr": "readonly@mailinator.com",
- "org": {
- "uid": "e92ae537-ea35-42d9-b6d4-92335f91a3db",
- "name": "Automation Testing Zone"
}, - "uid": "21968d73-38b9-4c55-8b10-a854a5fa6a36"
}
}, - "user": {
- "uid": "115998",
- "email_addr": "readonly@mailinator.com"
}, - "auth_protocol_id": 99,
- "logon_type_id": 99,
- "status_details": "success"
}
]