upt_api_audit_logs table

upt_api_audit_logs table

Type : Global

Platform : All


upt_api_audit_logs table maintains an audit of all api calls performed on Uptycs portal.


+----------------------+-------------------------------------------------------------------+

| name                 | description                                                       |

+----------------------+-------------------------------------------------------------------+

| id                   | Unique record identier                        

| api_name             | API Name. Please refer to api documentation for full list

| api_method           | API Method. e.g GET, PUT, POST, DELETE

| api_body             | API Body

| api_query_params     | Query parameters used in the API call

| api_requested_time   | Time API request was submitted

| api_resolved_time    | API resolved time

| passed               | Status of the API call

| error                | API call failure error (in JSON)

| metadata             | API call metadata

| support_user         | Boolean flag to indicate if the API call was made by a support user

| created_by           | uid of the user

| upt_asset_id         | Asset ID                                                           

| created_at           | Time record was created

| response_time        | API call response time in ms

| upt_hostname         | Name of host                                                       

| upt_time             | Time the row of data was created on the endpoint                   

| upt_added            | True = Object was created. False = Object was removed           

| upt_epoch            | Time when last full data set was requested from asset           

| upt_counter          | Number of times the query was run                               

| upt_hash             | Hash used internally by Uptycs                                     

| upt_server_time      | Time the row of data was inserted in backend                       

| upt_asset_group_id   | Id of the asset Group this asset belongs to                     

| upt_asset_group_name | Name of the asset Group this asset belongs to                   

| upt_asset_tags       | Tags Associated with this asset                                 

| upt_ttl              | Retention time for each record. Upon exceeding this limit, record                           is liable for deletion.                       

| upt_gateway_time     | Time the message was first seen on cloud on uptycs gateway         

| api_type             | API Type (aws, NULL)

| upt_tenant_id        | Tenant ID - used internally by Uptycs

| client_type          | AWS service type

| upt_day              | Day of upt_time in integer format YYYYMMDD.

                   *** Always use upt_day for querying this table for better performance

| upt_batch            | Batch ID used internally by Uptycs                                 

+----------------------+-------------------------------------------------------------------+

    • Related Articles

    • Find Realtime queries executed in the last 24 hours

      This article includes the query to find all the real time queries that were executed in the last 24 hours Query WITH queries      AS (SELECT Json_extract_scalar(logs.api_body, '$.query')   AS query, ...

    • Tracing command execution back to a user across an ssh session

      Some IT shops have sysadmins logging into a Jumpbox or Bastion host (with their individual id’s) then logging into production servers as root and running commands. In such a case it can be difficult to trace command execution back to the sysadmin who ...

    • Query: Query for Processes Running on a Set of Machines (and not on Other Machines)

      This article presents a sample Uptycs query to find processes that are running on a set of endpoints but not on a specific set of other endpoints.  TABLE OF CONTENTS No headings available. Use Paragraph Format to add one. In this example we are ...

    • Windows Forensic Analysis queries

      This article includes a  list of queries to conduct forensic analysis on Windows systems.  These are categorized into sections as -      processes,      services,      file system activities,     user login/session activities,     network traffic.   ...

    • High CPU Utilization Alert Query

      Query WITH cpu_incremental AS ( SELECT upt_asset_id, upt_hostname, upt_time, cpu_idle - LAG(cpu_idle) OVER (PARTITION BY upt_asset_id ORDER BY upt_time) AS cpu_idle, cpu_total - LAG(cpu_total) OVER (PARTITION BY upt_asset_id ORDER BY upt_time) AS ...