1

I would like to get the audit logs for the Vault using the API, in order to get the audit logs in the API and monitor the logs in the SIEM.

I followed various links, but did not get any useful information.

https://support.google.com/vault/answer/4239060?hl=en
https://googleapis.github.io/google-api-python-client/docs/dyn/vault_v1.html
https://developers.google.com/vault/reference/rest

Is there an API to handle vault audit logs in the first place? If so, can you provide me with API endpoints and instructions or links on how to use them?

Ryo Shindo
  • 11
  • 1
  • The audit trail is an attribute of the Matter object - see https://developers.google.com/vault/guides/matters – compiledweird Nov 11 '20 at 07:26
  • What function should I use to get the audit log for vault using this matters api audit trail? I can't find any mention of doing the above. – Ryo Shindo Nov 11 '20 at 08:42
  • What information exactly are you looking for? Audit reports, for example as shown [in the UI](https://i.ibb.co/sJN3gXL/Screenshot-2020-11-11-at-10-15-03-AM-Display-1.png)? – Iamblichus Nov 11 '20 at 09:18
  • I want to use api to get the same information that I can get by pressing "Download CSV". The reason we want to do this is that we want to programmatically get the vault audit log all the time and monitor the movements of vault users. – Ryo Shindo Nov 11 '20 at 10:29

1 Answers1

1

Audit logs are not currently available in Vault API.

There's currently a feature request in Issue Tracker regarding the implementation of this functionality. I'd suggest you to click the star on the top-left in order to keep track of this request and to help prioritizing its implementation:

Iamblichus
  • 18,540
  • 2
  • 11
  • 27