262-299-4606 • Email us

Auditlog API

This page explains how to get your auditlog data extracted. Note that the example array of audit log entries further down shows only the first entry and a subset of scan results for readability. You can use query parameters to filter your search.


Resources

/auditlogReturns an array of auditlog entriesGET
/auditlog/{id}Returns one auditlog entryGET
/computers/{computername}/auditlogReturns an array of auditlog entries for a certain computerGET
/users/{user}/auditlogReturns an array of auditlog entries for a certain user (user account or full name)GET
Note that the prefix of urls above depend on which data center you belong to. Please log in to see the full url.

Headers

apikeyYour apikey listed in your settings to retrieve the dataint

Filters (query string parameters)

startidThe starting ID you wish to receive. Can be used for incremental offload of data to your own systemint
takeMaximum number of resources to return. Default is 50 to preserve bandwidth, maximum is 1000. For queries with more than 500 records, pagination is mandatoryint
wantscandetailsUse this filter, if you wish to receive detailed lists of scan results. The default is to give you the overall result onlybit
  • Example filtered url to get 10 entries: /auditlog?startid=4050334&take=10&wantscandetails=1
  • Pagination works by using the last id in the list and feeding it as startid in the next query
  • To copy new data to your own system, we recommend to store the highest id (last entry in list) you have retrieved from a previous call and pass this number plus 1 as "startid"
  • Do NOT consistently use a high "take" number or flood the api. We will automatically throttle your account

Fields

idThe unique ID of this entry. This ID can be used to query updated information on this entry by appending it to the url to request this resource onlyint
traceNoThe trace number to find this entry in the portal auditlogint
settingsNameThe name of the matching subsettings or "Global" if no subsetting was matchedint
typeType of request (possible values: Run As Admin, Admin Session, Server Session)string
typeCode0 = Run As Admin, 1 = Admin Session, 2 = Server Sessionint
statusStatus of the request (possible values: Open, Running, Finished, Denied, Pending approval, Quarantined)string
statusCode0 = Open, 1 = Running, 2 = Finished, 3 = Denied, 4 = Pending Approval, 5 = Quarantinedint
reasonReason supplied by end userstring
approvedByName of person that approved the requeststring
deniedReasonReason for denying the request supplied by an administratorstring
deniedByName of person denying the requeststring
requestTimeTime of a request by end userdatetime
startTimeStart time of running the application or starting a sessiondatetime
endTimeTime when the application or session finisheddatetime
auditlogLinkLink to this request in the auditlog on www.adminbyrequest.comstring
user.accountThe user account the end user used to log on to the computerstring
user.fullNameThe full name of the user userstring
user.emailThe user's email address supplied on the request formstring
user.phoneThe user's phone number supplied on the request formstring
computer.nameThe name of the computer executing the requeststring
computer.platformOperating system platform (possible values: Windows, Mac, Server)string
computer.platformCode0 = Windows, 1 = Mac, 2 = Server, int
computer.makeThe vendor of the machine, as it appears in the inventorystring
computer.modelThe model of the machine, as it appears in the inventorystring
application.fileThe file name of the file executed using Run As Adminstring
application.nameThe name of the application (description property of file)string
application.vendorThe vendor of the applicationstring
application.versionThe version of the filestring
application.sha256The checksum of the filestring
application.scanResultMalware scan result (possible values: Clean, Malicious, Suspicious)string
application.scanResultCode0 = Clean, 1 = Malicious, 2 = Suspiciousint
application.threatName of malware, if file is malicious or suspiciousstring
application.virustotalLinkLink to the file (checksum) on virustotal.comstring
application.preapprovedIf the file was pre-approved to runbit
installs[].applicationThe name of the application (description property of file)string
installs[].vendorThe vendor of the applicationstring
installs[].versionThe version of the applicationstring
uninstalls[].applicationThe name of the application (description property of file)string
uninstalls[].vendorThe vendor of the applicationstring
uninstalls[].versionThe version of the applicationstring
elevatedApplications[].fileThe file name of the file executedstring
elevatedApplications[].pathThe file path of the executed applicationstring
elevatedApplications[].nameThe name of the application (description property of file)string
elevatedApplications[].vendorThe vendor of the applicationstring
elevatedApplications[].versionThe version of the filestring
elevatedApplications[].sha256The checksum of the filestring
elevatedApplications[].virustotalLinkLink to the file (checksum) on virustotal.comstring
scanResults[].scanResultMalware scan result (possible values: Clean, Malicious, Suspicious)string
scanResults[].scanResultCode0 = Clean, 1 = Malicious, 2 = Suspiciousint
scanResults[].engineName of the antivirus engine with this resultstring
scanResults[].threatName of malware, if file is malicious or suspiciousstring

Example successful request

[
  {
    "id": 615669,
    "traceNo": "34376579",
    "settingsName": "Global",
    "type": "Run As Admin",
    "typeCode": 0,
    "status": "Finished",
    "statusCode": 2,
    "reason": "Need to update reader. It says out of date when trying to open PDF files from our supplier.",
    "approvedBy": "Jim Kerr",
    "deniedReason": null,
    "deniedBy": null,
    "requestTime": "2020-04-01T12:03:00",
    "startTime": "2020-04-01T12:03:30",
    "endTime": "2020-04-01T12:09:11",
    "auditlogLink": "https://www.adminbyrequest.com/AuditLog?Page=AppElevations&ID=34376579&ShowFilter=false",
    "user": {
      "account": "ACME\\PDH",
      "fullName": "Paul David Hewson",
      "email": "pdh@acme.com",
      "phone": "555.345.6789"
    },
    "computer": {
      "name": "W1005623",
      "platform": "Windows",
      "platformCode": 0,
      "make": "Dell Inc.",
      "model": "XPS 15 9550"
    },
    "application": {
      "file": "readerdc_uk_fb_crd_install.exe",
      "name": "Adobe Download Manager",
      "vendor": "Adobe Inc.",
      "version": "2.0.0.495s",
      "sha256": "9369FB712545F6B6FEC5FBF8B1DD228E57CA7899933BBE354B7C4351C8700C99",
      "scanResult": "Clean",
      "scanResultCode": 0,
      "threat": null,
      "virustotalLink": "https://www.virustotal.com/latest-scan/9369FB712545F6B6FEC5FBF8B1DD228E57CA7899933BBE354B7C4351C8700C99",
      "preapproved": false
    },
    "installs": [
      {
        "application": "Adobe Acrobat Reader DC",
        "version": "20.006.20042",
        "vendor": "Adobe Systems Incorporated"
      }
    ],
    "uninstalls": [
      {
        "application": "Adobe Reader XI (11.0.23)  MUI",
        "version": "11.0.23",
        "vendor": "Adobe Systems Incorporated"
      }
    ],
    "elevatedApplications": [
      {
        "name": "Adobe Download Manager",
        "path": "C:\\Users\\pdh\\Downloads",
        "file": "readerdc_uk_fb_crd_install.exe",
        "version": "2.0.0.495s",
        "vendor": "Adobe Inc.",
        "sha256": "9369FB712545F6B6FEC5FBF8B1DD228E57CA7899933BBE354B7C4351C8700C99",
        "virustotalLink": "https://www.virustotal.com/latest-scan/9369FB712545F6B6FEC5FBF8B1DD228E57CA7899933BBE354B7C4351C8700C99"
      },
      {
        "name": "Adobe Self Extractor",
        "path": "C:\\Users\\pdh\\AppData\\Local\\Adobe\\E1F06F26-140E-4556-A421-788F6C2015BD\\DA1C2141-106A-4BC6-B096-658FCF15DBFC",
        "file": "C12D10CF-96D9-4985-BE1E-00B35267FB0C",
        "version": "20.6.20042.371103",
        "vendor": "Adobe Inc.",
        "sha256": "912525F339CFC46D2CE7402366FC213084D79DEAD70D754F4A73C8BA4AA40650",
        "virustotalLink": "https://www.virustotal.com/latest-scan/912525F339CFC46D2CE7402366FC213084D79DEAD70D754F4A73C8BA4AA40650"
      },
      {
        "name": "Adobe Acrobat Reader DC",
        "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader",
        "file": "AcroRd32.exe",
        "version": "20.6.20042.371103",
        "vendor": "Adobe Inc.",
        "sha256": "DCD82008D913BFB6FA1ACBC209CB113E24042919FBB8C3E4E9431F194C5B3B47",
        "virustotalLink": "https://www.virustotal.com/latest-scan/DCD82008D913BFB6FA1ACBC209CB113E24042919FBB8C3E4E9431F194C5B3B47"
      }
    ],
    "scanResults": [
      {
        "scanResult": "Clean",
        "scanResultCode": 0,
        "engine": "BitDefender",
        "threat": null
      },
      {
        "scanResult": "Clean",
        "scanResultCode": 0,
        "engine": "CrowdStrike",
        "threat": null
      },
      {
        "scanResult": "Clean",
        "scanResultCode": 0,
        "engine": "McAfee",
        "threat": null
      }
    ]
  }
]