Audit Trails API, gRPC: TrailService.Get
- gRPC request
- GetTrailRequest
- Trail
- Destination
- ObjectStorage
- CloudLogging
- DataStream
- Filter
- PathFilter
- PathFilterElement
- PathFilterElementAny
- Resource
- PathFilterElementSome
- EventFilter
- EventFilterElement
- EventFilterElementCategory
- FilteringPolicy
- ManagementEventsFiltering
- DataEventsFiltering
- EventTypes
- DnsDataEventsFilter
Returns the specified trail.
To get the list of all available trails, make a List request.
gRPC request
rpc Get (GetTrailRequest) returns (Trail)
GetTrailRequest
{
"trail_id": "string"
}
|
Field |
Description |
|
trail_id |
string Required field. ID of the trail to return. To get a trail ID make a List request. |
Trail
{
"id": "string",
"folder_id": "string",
"created_at": "google.protobuf.Timestamp",
"updated_at": "google.protobuf.Timestamp",
"name": "string",
"description": "string",
"labels": "map<string, string>",
"destination": {
// Includes only one of the fields `object_storage`, `cloud_logging`, `data_stream`
"object_storage": {
"bucket_id": "string",
"object_prefix": "string"
},
"cloud_logging": {
// Includes only one of the fields `log_group_id`
"log_group_id": "string"
// end of the list of possible fields
},
"data_stream": {
"database_id": "string",
"stream_name": "string"
}
// end of the list of possible fields
},
"service_account_id": "string",
"status": "Status",
"filter": {
"path_filter": {
"root": {
// Includes only one of the fields `any_filter`, `some_filter`
"any_filter": {
"resource": {
"id": "string",
"type": "string"
}
},
"some_filter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"PathFilterElement"
]
}
// end of the list of possible fields
}
},
"event_filter": {
"filters": [
{
"service": "string",
"categories": [
{
"plane": "EventCategoryFilter",
"type": "EventAccessTypeFilter"
}
],
"path_filter": {
"root": {
// Includes only one of the fields `any_filter`, `some_filter`
"any_filter": {
"resource": {
"id": "string",
"type": "string"
}
},
"some_filter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"PathFilterElement"
]
}
// end of the list of possible fields
}
}
}
]
}
},
"status_error_message": "string",
"cloud_id": "string",
"filtering_policy": {
"management_events_filter": {
"resource_scopes": [
{
"id": "string",
"type": "string"
}
]
},
"data_events_filters": [
{
"service": "string",
// Includes only one of the fields `included_events`, `excluded_events`
"included_events": {
"event_types": [
"string"
]
},
"excluded_events": {
"event_types": [
"string"
]
},
// end of the list of possible fields
// Includes only one of the fields `dns_filter`
"dns_filter": {
"only_recursive_queries": "bool"
},
// end of the list of possible fields
"resource_scopes": [
{
"id": "string",
"type": "string"
}
]
}
]
}
}
Trail describes the filtering and destination configuration of the process of sending Audit events
|
Field |
Description |
|
id |
string ID of the trail |
|
folder_id |
string Required field. ID of the folder that the trail belongs to |
|
created_at |
Required field. The timestamp for the creation operation |
|
updated_at |
Required field. The timestamp of the last update operation |
|
name |
string Name of the trail |
|
description |
string Description of the trail |
|
labels |
object (map<string, string>) Custom labels of the trail as |
|
destination |
Required field. Destination configuration of the trail |
|
service_account_id |
string Service account ID of the trail |
|
status |
enum Status Required field. Status of the trail
|
|
filter |
Filtering configuration of the trail |
|
status_error_message |
string Current error message of the trail. Empty in case if the trail is active |
|
cloud_id |
string Required field. ID of the cloud that the trail belongs to |
|
filtering_policy |
Event filtering policy |
Destination
|
Field |
Description |
|
object_storage |
Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default Includes only one of the fields |
|
cloud_logging |
Configuration for event delivery to Cloud Logging Includes only one of the fields |
|
data_stream |
Configuration for event delivery to YDS Includes only one of the fields |
ObjectStorage
|
Field |
Description |
|
bucket_id |
string Name of the destination bucket |
|
object_prefix |
string Prefix for exported objects. Optional |
CloudLogging
|
Field |
Description |
|
log_group_id |
string ID of the Cloud Logging destination group Includes only one of the fields |
DataStream
|
Field |
Description |
|
database_id |
string ID of the database hosting the destination YDS |
|
stream_name |
string Name of the destination YDS |
Filter
|
Field |
Description |
|
path_filter |
Configuration of default events gathering for the trail |
|
event_filter |
Required field. Configuration of additional events gathering from specific services |
PathFilter
|
Field |
Description |
|
root |
Required field. Root element of the resource path filter for the trail |
PathFilterElement
|
Field |
Description |
|
any_filter |
Filter element with ANY type. If used, configures the trail to gather any events from the resource Includes only one of the fields |
|
some_filter |
Filter element with SOME type. If used, configures the trail to gather some of the events from the resource Includes only one of the fields |
PathFilterElementAny
|
Field |
Description |
|
resource |
Required field. Resource definition |
Resource
|
Field |
Description |
|
id |
string Required field. ID of the resource |
|
type |
string Required field. Type of the resource |
PathFilterElementSome
|
Field |
Description |
|
resource |
Required field. Definition of the resource that contains nested resources |
|
filters[] |
Filters for the resources contained in the parent resource |
EventFilter
|
Field |
Description |
|
filters[] |
List of filters for services |
EventFilterElement
|
Field |
Description |
|
service |
string Required field. Service ID of the gathered events |
|
categories[] |
List of the event categories gathered for a specified service |
|
path_filter |
Required field. Resource path filter for a specified service |
EventFilterElementCategory
|
Field |
Description |
|
plane |
enum EventCategoryFilter Required field. Plane of the gathered category
|
|
type |
enum EventAccessTypeFilter Required field. Type of the gathered category
|
FilteringPolicy
Combination of policies describing event filtering process of the trail
At least one filed must be filled
|
Field |
Description |
|
management_events_filter |
Singular filter describing gathering management events |
|
data_events_filters[] |
List of filters describing gathering data events |
ManagementEventsFiltering
Policy for gathering management events
|
Field |
Description |
|
resource_scopes[] |
A list of resources which will be monitored by the trail |
DataEventsFiltering
Policy for gathering data events
|
Field |
Description |
|
service |
string Required field. Name of the service whose events will be delivered |
|
included_events |
Explicitly included events of specified service Includes only one of the fields |
|
excluded_events |
Explicitly excluded events of specified service Includes only one of the fields |
|
dns_filter |
Filter is allowed only if service = dns Includes only one of the fields |
|
resource_scopes[] |
A list of resources which will be monitored by the trail |
EventTypes
Policy with explicitly specified event group
|
Field |
Description |
|
event_types[] |
string |
DnsDataEventsFilter
|
Field |
Description |
|
only_recursive_queries |
bool Only recursive queries will be delivered |