API Keys
API Specification
This page features our API explorer which provides a detailed view of all the available APIv2 endpoints with detailed information for each endpoint.
Using the API explorer, you can test our APIs by sending requests and reviewing the responses in real-time.
To begin using the explorer, you must authenticate with the APIv2 endpoints. Read more for detailed instructions. APIAuthentication
For detailed documentation about our APIs, see API Documentation.
© 2023 Cyberhaven Inc. All Rights Reserved. | https://www.cyberhaven.com/ Page: 461 of 1120
Audit Logs
On this page, you can review historical activity and audit user actions within the platform. With audit logs, you can assess the current state of the platform and ensure your security practices meet compliance requirements. To view the audit logs, sign into the Cyberhaven Console and navigate to Administration > Audit Logs.
You can also configure the Console to send audit logs to external destinations.
Read more: Add a new Configuration
Audit Log Generating Events
Audit logs are generated for events associated with the following user actions performed in the Console.
| User Action | Event Type | Console Location |
|---|---|---|
| Read, Created, Updated, or Deleted | Dataset | Overview tab of the Risks Overview page. |
| Read, Created, Updated, or Deleted | Policy | |
| Read or Export | Event | Events tab on the Risks Overview page. |
| Read, Created, Updated, or Deleted | User group | User risk groups on the Insider Risk page. |
| Read, User assigned, Resolved, Unresolved, Export | Incident | Incidents on the Incidents page or through external API v2. |
| Read, Link opened | File content | File links within an incident on the Incidents page. |
| Read, Created, Updated, or Deleted | List | Lists page. |
| Read or Export | Endpoint | Endpoint Sensors page. |
| Read, Created, Updated, or Deleted | Deployment group | Deployment group settings on the Endpoint Sensors page. |
| Read or Export | Audit log | Audit logs page under Administration. |
| Read, Login, User invites, Role assigned, Scope assigned, or Deleted | User | Users tab under Preferences > Users and API keys. |
| Read, Created, Updated, or Deleted | API key | API Keys tab under Preferences > Users and API keys. |
| Created, Updated, or Deleted | Role | Roles tab under Preferences > Roles and Scopes. |
| Created, Updated, or Deleted | Scope | Scopes tab under Preferences > Roles and Scopes. |
| Read | User directory | Directory Integrations tab under Preferences > Directories and user mapping. |
| Read, Created, Updated, or Deleted | Content rule | Rules tab under Preferences > Content matching rules > Content Identifiers. |
| Read, Created, Updated, Deleted, or Disabled | Content policy | Content Identification Policies under Preferences > Content matching rules > Content Identifiers. |
| Read, Updated, or Deleted | Content attribute | Content Attribute Rules (Deprecated) under Preferences > Content matching rules > Content Identifiers. |
| Read, Created, Updated, or Deleted | EDM Rule | Exact data matching rules under Preferences > Content matching rules. |
| Read, Created, Updated, or Deleted | Document tag | Document tags under Preferences > Content matching rules. |
| Updated, or Deleted | Endpoint logo | Logo Settings under Preferences. |
| Read, Created, Updated, Deleted, Enabled, or Disabled | External storage | External Storage under Preferences. |
| Read | Destination | Integrations under Preferences. |
| Read | Profile |
Audit Log Attributes
The audit logs table includes the attributes captured during a user action. The following are the attributes included in the table.
© 2023 Cyberhaven Inc. All Rights Reserved. | https://www.cyberhaven.com/ Page: 463 of 1120
| Attribute Name | Description |
|---|---|
| Actor | The email address of the user account that generated an event. |
| Actor id | Aunique identifier that Cyberhaven assigns to the user account. |
| Actor ip | The IP address used by the device to connect the user to the Console. |
| Actor type | Specifies whether the actor is a user or an API. |
| Actor user agent | Provides device information such as operating system, browser type, and version used to access the Console. |
| Event | The type of user action that was performed. |
| Event id | Aunique identifier for the event. |
| Object id | Aunique identifier of the event or action related to the UI page that the user interacted with in the Console. |
| Object name | This field represents the event or action related to the UI page. For example, it could indicate a “Successful login” or “Failed login”, the nameof an external storage configured in the Console, or the domain name of the web server running the Console. |
| Object type | The UI page that the user interacted with in the Console. |
| Severity | The severity of the event as defined in the policy. The following are the possible values. Critical High Medium Low Informational |
| Severity id | The value associated with the severity type. |
| Timestamp | The time in UTC when the event occurred. |
Deprecation of Old Audit Logs on the Risks Overview Page
With the introduction of a dedicated Audit Logs page, Cyberhaven has officially deprecated the previous audit logging functionality available under the Risks Overview page.
If you need access to the old audit logs, contact Cyberhave Support for assistance.