Home
/
Coro public API
/
Coro API reference
/
audit-logs

Coro Cybersecurity Public API (v1)


This is the Coro Cybersecurity platform API specification reference.

This section provides a complete reference listing for the Coro Cybersecurity REST API resource model.

About the resource reference

This reference lists all the resources available through the Coro REST API.

Each section relates to a specific resource and provides its name, description, unique URI path, and the list of operations you can perform on it.

For each operation, you can find:

  • A complete description of the action
  • Request parameters
  • A list of potential responses
  • Security (authentication) requirements

The portal also provides code samples and examples for making requests in a number of programming languages, together with samples of the possible response bodies.

In addition to this, Coro provides a Try It feature where you can interact with the API directly through the portal. To use Try It, you'll need to first obtain Client ID and Secret credentials; for more information, see Authentication.

Download OpenAPI description
View and download the Coro API JSON specification
Overview
URL

https://support.coro.net

E-mail

support@coro.net

Terms of Service

Languages
Servers
Coro mock API server

https://docs.coro.net/_mock/api/api-docs/

Coro US API server target URL

https://api.secure.coro.net/

audit-logs

This is the audit log resource.

Operations

Get a list of audit logs

Request

Get a list of all audit logs in the specified workspace. This call supports pagination; default page size includes 20 logs.

Security
JWT
Query
ticketIdsArray of strings
Example: ticketIds=GYDU-1212
remediationboolean

Filter by whether the log was part of a remediation action.

Example: remediation=true
fromTimenumber

Start date/time (inclusive) in milliseconds.

Example: fromTime=1754047435131
toTimenumber

End date/time (inclusive) in milliseconds.

Example: toTime=1754047575801
typesArray of strings
Items Enum"account""cloudApps""device""dlp""deviceDlp""email""malware""phishing""undo""users"
Example: types=detectionLogs
subTypesArray of strings
Items Enum"treatAsSafe""treatAsMalicious""removeFromAllowlist""removeFromBlocklist""usersCreation""groupsCreation""malwareSettings""phishingSettings""emailSettings""deviceSettings"
Example: subTypes=markAsUnprocessed
autoGeneratedboolean

Filter by whether the log was auto generated.

Example: autoGenerated=true
pageSizestring[ 10 .. 500 ]

API responses use pagination to reduce loading time. Return a maximum of this many items per page. Used only for the very first request subsequent request should use cursor value

Default "20"
Example: pageSize=50
cursorstring

A base64-encoded pagination cursor used to retrieve a specific page of results. This value should be taken from the nextPage or prevPage field in a previous response. If omitted, the API returns the first page of results. Use this parameter to navigate forward or backward through paginated data.

Example: cursor=eyJzIjoxLCJwIjowfQ==
Headers
Workspacestringrequired
curl -i -X GET \
  'https://docs.coro.net/_mock/api/api-docs/v1/audit-logs/search?autoGenerated=true&cursor=eyJzIjoxLCJwIjowfQ%3D%3D&fromTime=1754047435131&pageSize=50&remediation=true&subTypes=markAsUnprocessed&ticketIds=GYDU-1212&toTime=1754047575801&types=detectionLogs' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Workspace: string'

Responses

Success

Bodyapplication/json
itemsArray of objects(AuditLogResponse)
totalElementsinteger(int64)

The total number of records that exist for the request.

Example: 20
nextPagestring

A base64-encoded cursor value to retrieve the next page of results. To get the next page, pass this value in the cursor query parameter of your next request (e.g., ?cursor=nextPage).

Example: "eyJzIjoxLCJwIjowfQ=="
prevPagestring

A base64-encoded cursor value to retrieve the previous page of results. To get the previous page, pass this value in the cursor query parameter of your request (e.g., ?cursor=prevPage).

Example: "eyJzIjoxLCJwIjowfQ=="
Response
application/json
{
  "items": [
    {}
  ],
  "totalElements": 20,
  "nextPage": "eyJzIjoxLCJwIjowfQ==",
  "prevPage": "eyJzIjoxLCJwIjowfQ=="
}

authentication

This is the resource for API authentication requests.

Use this resource to validate your identify and to obtain a bearer token to use when accessing other API resources.

Operations

devices

This is the Devices resource.

Use this resource to get details of all protected devices for a particular workspace.

Operations

portal-users

This is the portal user resource.

Use this resource to get details of all portal users added to the specified workspace.

Operations

subscriptions

This is the subscriptions resource.

Use this resource to view and manage workspace subscriptions.

Operations

tickets

This is the Tickets resource.

Use this resource to get details of all tickets stored in the Coro platform for a particular workspace.

Operations

tickets-summary

This is the Tickets Summary resource.

Use this resource to get details of tickets for a particular workspace, grouped by protection component.

Operations

usage

This is the resource for Coro usage.

Use this resource to obtain information about usage

Operations

users

This is the protected user resource.

Use this resource to get details of all protected users added to the specified workspace.

Operations

webhook-configuration

Use this resource to manage or view details of existing webhooks configurations, or to create new webhook configurations.

Operations

workspaces

Use this resource to view details of provisioned workspaces, or to create new workspaces.

Operations