API query for User Login Attempts

Brass Contributor

Has anybody been able to pull "User Login Attempt" events from the sensor, or manager, via API? 


After reading the API docs, and testing all the possible fields, it does not appear that User Operations events are available to extract through the API endpoints. Even just returning all events; no login events can be found.


/api/v1/events?title="User Login Attempt"



I would like to use the API to periodically record all User Authentications for audit purposes. I know it can be done through the GUI, but that is very time consuming at scale. It would also be nice if the On-Premise Manager aggregated all User Audit Logs from the sensors it manages as well #FeatureRequest.

0 Replies