Support Open Console

Events

Managing Conformity events.

List All Events

get/events

This endpoint allows you to collect events that you have access to.

IMPORTANT:    Some guidelines about using this endpoint:

  1. If accountIds are not provided, events are returned from all accounts you have access to. If you are ADMIN, organisation-level events are also returned.
  2. If you provide an accountId to an account you do not have at least ReadOnly access to, you will receive a 403 Forbidden error.
  3. You can pull 3 types of events from this endpoint. By defuault, you will receive all events if you don't provide the any event type.
    • aws=true&azure=false&cc=false or azure=false&cc=false will only return AWS events;
    • aws=false&azure=false&cc=true or aws=false&azure=false will only return Cloud Conformity activity-events;
    • aws=true&azure=true&cc=false or cc=false will return AWS and Azure events. For more information, see example below.
  4. All events have a name attribute. Some important Cloud Conformity events are listed in the Event Names Table.
    Using the filter[name] as part of your query will get a history of that specific event. filter[name] also supports wildcards.
    • Asterisk at the end: filter[name]=account.bot.update* will get all events where the name starts with account.bot.update.
    • Asterisk in the middle:filter[name]=account.*.update* will match all account updating events like account.bot.update and account.rule.update.
    • Use of question marks: filter[name]=a??.check.create will match api.check.created and not account.check.created. Each ? is a character wildcard.

Filtering

The filter query parameter is reserved to be used as the basis for filtering. Any plural filter parameters (e.g. filter[region s]) accepts a comma-separated list. E.g. filter[regions]=us-east-1,us-east-2

The table below give more information about filter options:

Name Values
filter[regions] global | us-east-2 | us-east-1 | us-west-1 | us-west-2 | ap-south-1 | ap-northeast-2 |
ap-southeast-1 | ap-southeast-2 | ap-northeast-1 | ca-central-1 | eu-central-1 | eu-west-1 |
eu-west-2 | sa-east-1

The region filter is only available for AWS events. For more information about regions, please refer to Cloud Conformity Region Endpoint
filter[services] AutoScaling | CloudConformity |CloudFormation | CloudFront | CloudTrail | CloudWatch |
CloudWatchEvents | CloudWatchLogs | Config | DynamoDB | EBS | EC2 | ElastiCache | Elasticsearch | ELB | IAM | KMS | RDS | Redshift | ResourceGroup | Route53 | S3 | SES |
SNS | SQS | VPC | WAF | ACM | Inspector | TrustedAdvisor | Shield | EMR | Lambda |
Support | Organizations | Kinesis | EFS
Subscriptions | ActivityLog | Network

For more information about services, please refer to Cloud Conformity Services Endpoint

Additionally, events we receive from AWS may have different service labels such as "ec2.amazonaws.com"
filter[userIds] A comma-separated list of Cloud Conformity userIds. Only activity-events will have userIds.
filter[name] String, name of event. Supports wild cards (see point 4 above )
filter[identities] Only incoming AWS and Azure events will have identities.
filter[since] Refers to the start of the time range you want to query for events.

The numeric value of the specified time as the number of milliseconds since January 1, 1970, 00:00:00 UTC
filter[until] Refers to the end of the time range you want to query for events.

The numeric value of the specified date as the number of milliseconds since January 1, 1970, 00:00:00 UTC

For example, the following is a request for static-deployer events within a specified time frame on one account:

curl -g -H "Content-Type: application/vnd.api+json" \
     -H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
     https://us-west-2-api.cloudconformity.com/v1/events?accountIds=ryi9NPivK&filter[identities]=static-deployer&filter[since]=1519919272016&filter[until]=1519932055819

Example Response:

Each event can be quite large and the example below is purposefully truncated.

{
    "data": [
        {
            "type": "events",
            "id": "rkTkAsr_GSJlpyCoB_M",
            "attributes": {
                "name": "account.monitoring.activity",
                "time": 1519922649000,
                "service": "cloudfront.amazonaws.com",
                "identity": "static-deployer",
                "region": "us-east-1",
                "description": "cloudfront.amazonaws.com/CreateInvalidation",
                "hasChildren": true
            },
            "relationships": {
                "account": {
                    "data": {
                        "type": "account",
                        "id": "ryi9NPivK"
                    }
                }
            }
        }
    ],
    "meta": {
        "total-pages": 1
    }
}

Event Names
event.attributes.name Information
AWS EVENTS
account.monitoring.activity All AWS events have this name
Azure EVENTS
azure.activity.logs All Azure events have this name
ACCOUNT LEVEL
account.bot.update.delay.increased delay between automatic conformity bot run has been increased
account.bot.update.delay.decreased delay between automatic conformity bot run has been decreased
account.bot.update.disabled.until account bot was enabled and is now temporarily disabled until a set time.
account.bot.update.disabled account bot was enabled and was disabled indefinitely
account.bot.update.disabled.region some previously enabled regions are now disabled
account.bot.update.enabled account bot was disabled and is now enabled
account.bot.update.enabled.region some previously disabled regions are now enabled
account.rule.update.disabled some previously enabled rule is now disabled
account.rule.update.enabled some previously disabled rule is now enabled
account.rule.update.riskLevel rule risk level has been changed
account.rule.update.exceptions.tags.added There were no exception tags and now some have been added
account.rule.update.exceptions.tags.removed There were some exception tags and now all have been removed
account.rule.update.exceptions.tags.updated List of exception tags has been updated
account.rule.update.exceptions.resources.added There were no exception resources and now some have been added
account.rule.update.exceptions.resources.removed There were some exception resources and now all have been removed
account.rule.update.exceptions.resources.updated List of exception resources has been updated
ORGANISATION LEVEL
organisation.acl.updated A user's role and/or account access settings has been changed.
CHECKS RELATED
account.check.update.suppressed.until An account level check was temporarily suppressed until a set time.
account.check.update.suppressed An account level check was suppressed indefinitely.
account.check.update.unsuppressed An account level check has been unsuppressed indefinitely

Request
Security:
query Parameters
accountIds
string

A comma-separated list of Cloud Conformity accountIds.

aws
boolean
Default: true

If true returns AWS events.

azure
boolean
Default: true

If true returns Azure events.

cc
boolean
Default: true

If true returns Cloud Conformity activity-events.

object

Optional parameter including regions, services, userIds, name, identities, since, until

object

Optional parameter including page size, and page number returned

Responses
200

OK

400

Bad Request. Cannot process request due to a client error.

401

Unauthorized. The requesting user does not have enough privilege.

423

Organisation is not currently accessible via the API

500

Internal Server Error

Response samples
application/json
{
  • "data": [
    ]
}