1. Overview

Delete audits from the log using the Prisma Cloud API.

2. Delete all access audit events

Deleting audit log entries is done through API calls only.

Path

DELETE /api/v1/audits/access?type=[type]

Description

Deletes all access events of a specific type. In case type is not provided all access audits for every type will be removed. The possible 'types' for this command are:

  • docker: Docker access audit

  • kubernetes: Kubernetes access audit (to Kubernetes master)

  • swarm: same as Kubernetes but for Docker Swarm

  • sshd: SSH audit to host

  • sudo: sudo commands audit on host

Status codes

  • 200 - no error

  • 400 - bad request was provided

Example request

curl -X DELETE  -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access?type=docker'

Example response

{}

3. Delete access audit event

Deleting audit log entries is done through API calls only.

Path

DELETE /api/v1/audits/access/[id]

Description

Deletes an access event with specific id.

Status codes

  • 200 - no error

  • 400 - bad request was provided

Example request

curl -X DELETE -u admin:<Password>  'https://<localhost>:8443/api/v1/audits/access/580fd342b8aaba1000ec47be'

Example response

{}
The current set up enables user to delete entries at the access layer for each runtime sensor. To learn more on API calls, see the API reference.