List auditLogRecords
Namespace: microsoft.graph.security
Get a list of the auditLogRecord objects and their properties.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ❌ | ❌ | ❌ |
Permissions
Auditing data can be accessed through Microsoft Purview Audit Search API via the following permissions, which are classified at a Microsoft 365 service level. To learn more, including how to choose permissions, see Permissions.
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | ThreatIntelligence.Read.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | ThreatIntelligence.Read.All | Not available. |
HTTP request
GET /security/auditLog/queries/{auditLogQueryId}/records
Optional query parameters
This method supports some of the OData query parameters to help customize the response. For general information, see OData query parameters.
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK response code and a collection of auditLogRecord objects in the response body.
Examples
Request
The following example shows a request.
GET /security/auditLog/queries
---
### Response
The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
<!-- {
"blockType": "response",
"truncated": true,
"@odata.type": "Collection(microsoft.graph.security.auditLogRecord)"
}
-->
```http
HTTP/1.1 200 OK
Content-Type: application/json
{
"value": [
{
"@odata.type": "#microsoft.graph.security.auditLogRecord",
"id": "40706737-7eca-f9a1-97a5-dedd3260e24a",
"createdDateTime": "String (timestamp)",
"auditLogRecordType": "String",
"operation": "String",
"organizationId": "String",
"userType": "String",
"userId": "String",
"service": "String",
"objectId": "String",
"userPrincipalName": "String",
"clientIp": "String",
"administrativeUnits": [
"String"
],
"auditData": {
"@odata.type": "microsoft.graph.security.auditData"
}
}
]
}