Get security events data from your security configurations. Get data in one of two modes: offset or time-based. Both modes order event logs based on their storage time in the database, not the time when the events actually occurred. This may result in delayed event logs in subsequent offset requests, or older event logs in time-based requests. If the connection is disrupted, use time-based mode to go back and replay security events within the last 12 hours. Use offset and limit parameters in offset mode. Use from, to and limit parameters in time-based mode. The potentially large response contains a series of JSON objects, each separated with a line break and each corresponding to a security event. The last line of the response is a ResponseContext object that provides total records fetched, an offset to use a starting point for the next batch of data, and limit which shows if the fetch operation reached the limit you set. Run this operation continuously as long as it returns new logs to ensure you don't miss any. The API may return a maximum of 600,000 logs per request, while your configurations might generate many more in periods of high traffic.

Fetch security events in offset mode
Open Recipe
Fetch security event in time-based mode
Open Recipe
Click Try It! to start a request and see the response here!