Integrations
- Integrations
- 1Password
- Abnormal
- Absolute
- AbuseIPDB
- Acronis
- Active Directory On-Prem
- Adaptive Shield
- Adobe Cloud
- ADP
- Agari Phishing Response
- Airlock
- Airlock Digital
- Akamai Identity Cloud Social
- Alert Logic
- AlgoSec Firewall Analyzer
- Alienvault OTX
- Alienvault USM
- Anthropic
- Anodot
- Any Run
- Ansible
- Anvilogic
- Apex One
- ArcSight ESM
- Area 1
- Asana
- Asset Panda
- Astrix
- Atlassian Crowd
- Atlassian User Management
- Atlassian User Provisioning
- AuditBoard
- auth0
- Authentik
- Authomize
- Automox
- AWS
- AWS IAM Identity Center
- Axonius
- Azure
- Overview
- Actions
- Overview
- Azure Custom Action
- Check Container Registry Name Availability
- Azure Cloud Query
- Create Container Registry
- Create Or Update Application Gateway
- Create Or Update Policy Exemption
- Create Or Update Public IP Address
- Create Or Update Virtual Machine
- Deallocate Virtual Machine
- Delete Application Gateway
- Delete Container Registry
- Delete Public IP Address
- Delete Virtual Machine
- Get Application Gateway
- Get Container Registry
- Get Hybrid Machine
- Get Public IP Address
- List Activity Logs
- List All Application Gateways
- List All Public IP Addresses
- List All Virtual Machines
- List Application Gateways
- List Billing Accounts
- List Billing Profiles
- List Container Registries
- List Container Service Managed Clusters Operations
- List Hybrid Machines
- List Load Balancers
- List Policy Exemptions
- List Public IP Addresses In Group
- List Resource Groups
- List Subscriptions
- List Virtual Machines
- List Virtual Networks
- Log Analytics List Workspaces In Resource Group
- Redeploy Virtual Machine
- Reserved Instances Utilization Report Automation
- Restart Virtual Machine
- Run Azure CLI Script
- Start Application Gateways
- Start Virtual Machine
- Generate Azure Steampipe Report
- Stop Virtual Machine
- Need Admin Approval
- Triggers
- Azure Data Explorer
- Azure DevOps
- Azure Log Analytics
- Azure Storage
- BambooHR
- Big Fix
- BigPanda
- Bitbucket
- Bitdefender
- Bitsight
- Bitwarden
- Black Duck
- Black Kite
- Blink
- BMC Remedy
- Box
- Brinqa
- Cato Networks
- Censys
- Chorus
- Cisco Advanced Phishing Protection
- Cisco Domain Protection
- Cisco Meraki
- Cisco Talos
- Cisco Umbrella
- Cisco Webex
- Claroty xDome
- ClearPass
- ClickHouse
- ClickUp
- Cloud Custodian
- Cloudflare
- Cloudflare R2
- Cobalt.io
- Check Point Harmony
- Check Point Infinity Events
- Check Point Management
- Check Point XDR/XPR
- Checkmarx SAST
- Checkmarx One
- Chronicle
- Compass
- Confluence
- Confluence Data Center
- Coralogix
- Coralogix Incident Management
- Cortex XDR
- Cortex Xpanse
- Coupa Compass
- CredStash
- Cribl
- CrowdStrike
- CyberArk
- Cybersixgill
- CyCognito
- Cyera
- Cylance
- Cyware CTIX
- Darktrace
- Dasera
- Databricks
- Datadog
- DataSet
- Discord
- Docusign
- Delighted
- Delinea
- Devo
- Domo
- Drata
- Dropbox
- Dropbox Business
- druva
- Duo
- Duo Auth
- Dynatrace
- EasyVista
- EchoTrail
- Egnyte
- Egnyte Secure Govern
- Elasticsearch
- Entro
- Entrust Certificate Services
- Ermetic
- Exabeam
- Exchange Online
- Expel
- F5
- Falcon LogScale
- Falcon Surface
- Fastly
- Flare.io
- Forcepoint DLP
- Forescout
- FortiGate
- Freshservice
- GCP
- Gemini
- Ghostwriter
- Git
- GitHub
- GitLab
- Glean
- Gmail
- Google Calendar
- Google Chat
- Google Docs
- Google Drive
- Google Forms
- Google Meet
- Google Looker
- Google Sheets
- Google Workspace
- Grafana
- Greenhouse
- GreyNoise
- Grip Security
- GYTPOL
- Have I Been Pwned
- HackerOne
- Halo Service Desk
- HackNotice
- HiBob
- HubSpot
- Hunters
- Hybrid Analysis
- Hyperproof
- IBM CLoud
- IBM NS1 Connect
- IBM X Force
- Imperva
- Incident.io
- Infobip
- Infoblox Cloud Services Portal
- Intercom
- Intezer
- IP API
- IPinfo
- IPWHOIS
- Ivanti RiskSense
- Ironscales
- Jamf
- JetBrains
- JFrog
- Jira
- Jira Data Center
- Joe Sandbox
- JumpCloud
- Kandji
- Keeper Secrets Manager
- Kenna Security
- KnowBe4
- KnowBe4 Events
- Kubernetes
- Lacework
- LaunchDarkly
- LimaCharlie
- Linear
- Litmos
- Living Security
- LogicMonitor
- LogRhythm
- Manage Engine ServiceDesk Plus
- Mattermost
- Maven
- Microsoft Defender For Cloud
- Microsoft Defender For Cloud Apps
- Microsoft Defender For Endpoints
- Microsoft Defender XDR
- Microsoft E-Discovery
- Microsoft Entra ID
- Microsoft Graph
- Microsoft Intune
- Microsoft Office 365 Management Activity
- Microsoft Outlook
- Microsoft Purview
- Microsoft Sentinel
- Microsoft SQL Server
- Microsoft Teams
- Mimecast
- MISP
- Monday
- MongoDB Atlas
- MxToolbox
- Neo4j
- NetBox
- Netography
- Netskope
- New Relic
- Nightfall AI
- NinjaOne
- Notion
- Nozomi Networks
- Nuclei
- Nucleus
- Nutanix Hypervisor
- Obsidian
- Okta
- OneDrive
- OneLogin
- OneTrust
- Oort
- OpenAI
- OpenCTI
- Opsgenie
- OPSWAT
- Oracle Cloud
- Oracle HCM
- Orca Security
- OWASP ZAP
- PagerDuty
- Palo Alto NGFW
- Palo Alto Firewall
- Panther
- Pentera
- Perception Point
- PhishLabs
- PhishLabs Incident Data
- PhishLabs Open Web Monitoring
- Pingdom
- PingID
- PingOne
- PlexTrac
- PortSwigger
- Power BI
- PowerShell
- Postman
- Postman SCIM
- Prisma Access
- Prisma Cloud
- Prisma Cloud CWP
- Prometheus
- Proofpoint
- Proofpoint ITM
- Proofpoint Protection Server
- Proofpoint Security Awareness Training
- Proofpoint TAP
- Proofpoint TRAP
- Pub-Sub
- QRadar
- Qualys
- Rapid7
- Rapid7 InsightIDR
- Rapid7 InsightVM Cloud
- Rapid7 Threat Command
- Reco
- Recorded Future
- Recorded Future Triage Cloud
- Red Hat IDM
- Rippling
- runZero
- SafeBase
- Sage HR
- SailPoint
- SailPoint IdentityIQ
- Salesforce
- SAP Ariba
- Sap Concur
- ScienceLogic
- Securin
- Securin VI
- SecurityScorecard
- Securonix
- Seemplicity
- Sekoia.io
- SemGrep
- SentinelOne
- ServiceNow
- SharePoint
- Shodan
- Shopify
- Silverfort
- Slack
- Smartsheet
- Snipe IT
- Snowflake
- Snyk
- SolarWinds Information Service
- SolarWinds Service Desk
- SonarQube
- Sophos
- Split
- Splunk
- Splunk Observability
- Splunk SOAR
- Spur
- StrongDM
- Sumo Logic
- Symantec EDR
- Sysdig
- Tableau
- Tanium
- TeamCity
- TeamViewer
- Telegram
- Tempo
- Tenable
- Tenable Security Center
- Terraform
- Terraform Cloud
- Tessian
- TheHive
- Thinkst Canary
- ThreatQuotient
- Trellix Email Security
- Trello
- Trend Vision One
- Twilio
- UKG HR
- Uptycs
- URLScan
- Vault
- Veracode
- Verkada
- Vertica
- VMware vSphere
- VMware Carbon Black
- VirusTotal
- WeChat
- WhatsApp
- WhoIs
- WildFire
- Wiz
- Workday
- Workspace ONE UEM
- YesWeHack
- Zendesk
- Zero Networks
- Zoom
- Zscaler Internet Access
- Zscaler Private Access
Actions
List Activity Logs
Provides the list of records from the activity logs.
External Documentation
To learn more, visit the Azure documentation.
Parameters
Parameter | Description |
---|---|
Filter | Reduces the set of data collected.This argument is required and it also requires at least the start date/time.The **filter∗∗argumentisveryrestrictedandallowsonlythefollowingpatterns.−∗Listeventsforaresourcegroup∗:filter=eventTimestamp ge ‘2014-07-16T04:36:37.6407898Z’ and eventTimestamp le ‘2014-07-20T04:36:37.6407898Z’ and resourceGroupName eq ‘resourceGroupName’.- List events for resource: filter=eventTimestampge′2014−07−16T04:36:37.6407898Z′andeventTimestample′2014−07−20T04:36:37.6407898Z′andresourceUrieq′resourceURI′.−∗Listeventsforasubscriptioninatimerange∗:filter=eventTimestamp ge ‘2014-07-16T04:36:37.6407898Z’ and eventTimestamp le ‘2014-07-20T04:36:37.6407898Z’.- List events for a resource provider: filter=eventTimestampge′2014−07−16T04:36:37.6407898Z′andeventTimestample′2014−07−20T04:36:37.6407898Z′andresourceProvidereq′resourceProviderName′.−∗ListeventsforacorrelationId∗:filter=eventTimestamp ge ‘2014-07-16T04:36:37.6407898Z’ and eventTimestamp le ‘2014-07-20T04:36:37.6407898Z’ and correlationId eq ‘correlationID’.NOTE: No other syntax is allowed. |
Subscription ID | The Azure subscription Id. |
Example Output
{
"nextLink": "Provides the link to retrieve the next set of events.",
"value": [
{
"authorization": {
"action": "the permissible actions. For instance: microsoft.support/supporttickets/write",
"role": "the role of the user. For instance: Subscription Admin",
"scope": "the scope."
},
"caller": "the email address of the user who has performed the operation, the UPN claim or SPN claim based on availability.",
"category": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"claims": {},
"correlationId": "the correlation Id, usually a GUID in the string format. The correlation Id is shared among the events that belong to the same uber operation.",
"description": "the description of the event.",
"eventDataId": "the event data Id. This is a unique identifier for an event.",
"eventName": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"eventTimestamp": "the timestamp of when the event was generated by the Azure service processing the request corresponding the event. It in ISO 8601 format.",
"httpRequest": {
"clientIpAddress": "the client Ip Address",
"clientRequestId": "the client request id.",
"method": "the Http request method.",
"uri": "the Uri."
},
"id": "the Id of this event as required by ARM for RBAC. It contains the EventDataID and a timestamp information.",
"level": "the event level",
"operationId": "It is usually a GUID shared among the events corresponding to single operation. This value should not be confused with EventName.",
"operationName": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"properties": {},
"resourceGroupName": "the resource group name of the impacted resource.",
"resourceId": "the resource uri that uniquely identifies the resource that caused this event.",
"resourceProviderName": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"resourceType": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"status": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"subStatus": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"submissionTimestamp": "the timestamp of when the event became available for querying via this API. It is in ISO 8601 format. This value should not be confused eventTimestamp. As there might be a delay between the occurrence time of the event, and the time that the event is submitted to the Azure logging infrastructure.",
"subscriptionId": "the Azure subscription Id usually a GUID.",
"tenantId": "the Azure tenant Id"
}
]
}
Workflow Library Example
List Activity Logs with Azure and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
On this page
Assistant
Responses are generated using AI and may contain mistakes.