Actions223
- Reports Actions
- Compliance Actions
- Jobs Actions
- Active Directory Actions
- Get Retrieve Ad Roles
- Get Retrieve Ad User Licenses
- Get Retrieve Azure Licenses
- Get Retrieve Azure Ad Logs
- Get Retrieve Azure Secure Score
- Get Retrieve Ad Password Policies
- Get Retrieve Ad Groups View
- Get Retrieve Ad Ous View
- Get Retrieve Ad Gpos View
- Get Retrieve Ad Computers View
- Get Retrieve Ad Users View
- Get Retrieve Ad Domain Details
- Get Retrieve Ad Gpos Details
- Get Retrieve Get Ous Details
- Get Retrieve Get Groups Details
- Get Retrieve Ad Group Users
- Get Retrieve Ad Group Computers
- Get Retrieve Get User Details
- Get Retrieve Get Computer Details
- Get Retrieve Ad Roles Details
- Get Retrieve Ad Roles Member
- Get Retrieve Ad Basic Info
- Audit Log Actions
- Ad Audit Actions
- Scheduler Actions
- Application Baseline Actions
- Get Retrieve Application Baseline Rules
- Get Retrieve Application Baseline Rule
- Post Create Application Baseline Rule
- Patch Update Application Baseline Rule
- Delete Delete Application Baseline Rule
- Get Retrieve App Baseline Plan Assets
- Get Retrieve App Baseline Plan Asset
- Get Retrieve App Baseline Plan Company
- Get Retrieve App Baseline Plan Global
- Attack Surface Actions
- Backup Software Actions
- EDR Actions
- Tags Actions
- PII Actions
- External Scan Actions
- Settings Actions
- Compliance Assessment Actions
- Auth Actions
- Company Actions
- Agent Actions
- Credentials Actions
- Get Retrieve Credentials
- Get Retrieve Credential
- Post Create Credential
- Patch Update Credential
- Delete Delete Credential
- Get Retrieve Agent Credentials Mapping
- Get Retrieve Agent Credential Mapping
- Post Create Agent Credential Mapping
- Patch Update Agent Credential Mapping
- Delete Delete Agent Credential Mapping
- Asset Actions
- Get Retrieve Records
- Get Retrieve Assets
- Get Retrieve Asset
- Post Create Asset
- Patch Update Asset
- Delete Delete Asset
- Get Retrieve Asset Stats
- Get Retrieve Asset Stat
- Get Retrieve Asset View
- Get Retrieve Cron Jobs
- Get Retrieve Kernel Modules
- Get Retrieve Suid Permissions
- Get Retrieve Ufw Firewall Rules
- Get Retrieve Selinux Settings
- Get Retrieve Asset Iptables Rules
- Get Retrieve Asset Users
- Get Retrieve Asset Processes Running
- Get Retrieve Asset Services
- Get Retrieve Asset Patches Info
- Get Retrieve Asset Firewall Rules
- Get Retrieve Asset Registry Misconfiguration
- Get Retrieve Asset Open Ports
- Get Retrieve Notification Tickets View
- Get Retrieve System Events View
- Discovery Settings Actions
- Get Retrieve Discovery Settings
- Get Retrieve Discovery Setting
- Post Create Discovery Setting
- Patch Update Discovery Setting
- Delete Delete Discovery Setting
- Get Retrieve Agent Discoverysettings Mapping
- Get Retrieve Agent Discoverysetting Mapping
- Post Create Agent Discoverysetting Mapping
- Patch Update Agent Discoverysetting Mapping
- Delete Delete Agent Discoverysetting Mapping
- Asset Data Actions
- Get Retrieve Asset Compliance Report Card
- Get Retrieve Asset Firewall Policy
- Get Retrieve Asset Installed Drivers
- Get Retrieve Asset Installed Driver
- Get Retrieve Asset Interface
- Get Retrieve Asset Msdt
- Get Retrieve Asset Ports
- Get Retrieve Asset Port
- Get Retrieve Asset Security Report Data
- Get Retrieve Asset Security Report Datum
- Get Retrieve Asset Shares
- Get Retrieve Asset Share
- Get Retrieve Asset Storages
- Get Retrieve Asset Storage
- Get Retrieve Asset Unqouted Services
- Get Retrieve Asset Unqouted Service
- Get Retrieve Asset User Shares
- Get Retrieve Asset User Share
- Get Retrieve Asset Video Info
- Get Retrieve Asset Windows Reboot Required
- Get Retrieve Asset Window Reboot Required
- Get Retrieve Bios Info
- Get Retrieve Bio Info
- Get Retrieve Browser Extensions
- Get Retrieve Browser Extension
- Get Retrieve Ciphers View
- Get Retrieve Cipher View
- Get Retrieve Windows Protection Status
- Get Retrieve Window Protection Status
- Vulnerabilities Actions
- Firewall Actions
- Get Retrieve Firewall Groups
- Get Retrieve Firewall Group
- Get Retrieve Firewall Interfaces
- Get Retrieve Firewall Interface
- Get Retrieve Firewall License
- Get Retrieve Firewall Rules
- Get Retrieve Firewall Rule
- Get Retrieve Firewall Users
- Get Retrieve Firewall User
- Get Retrieve Firewall Zones
- Get Retrieve Firewall Zone
- Integration Actions
- Get Retrieve Integration Credentials
- Get Retrieve Integration Credential
- Post Create Integration Credential
- Patch Update Integration Credential
- Delete Delete Integration Credential
- Get Retrieve Integration Rules
- Get Retrieve Integration Rule
- Post Create Integration Rule
- Patch Update Integration Rule
- Delete Delete Integration Rule
- Get Retrieve Company Mappings
- Get Retrieve Company Mapping
- Post Create Company Mapping
- Patch Update Company Mapping
- Delete Delete Company Mapping
- Event Set Actions
- Ticket Template Actions
Overview
This node interacts with the Audit Log resource of an external service, specifically to retrieve audit log entries. It is useful for scenarios where you need to monitor or analyze user activities, system events, or changes recorded in audit logs. For example, security teams can use it to track access patterns or detect suspicious behavior by fetching filtered audit records.
Properties
| Name | Meaning |
|---|---|
| X USER ID | The User ID header value required to authenticate or identify the user making the request. |
| Additional Query Parameters | Optional parameters to refine the query: - Condition: Filter condition for the query. - Skip: Number of records to skip (for pagination). - Limit: Maximum number of records to return. - Order By: Field(s) to order the results by. |
Output
The node outputs JSON data representing the retrieved audit log entries. Each entry typically contains details about a specific audit event such as timestamps, user actions, affected resources, and other metadata depending on the external service's audit log schema.
If the node supports binary data output, it would represent attachments or files related to audit logs, but based on the provided code and properties, the output is purely JSON.
Dependencies
- Requires an API key credential for authentication with the external service.
- Needs the base URL of the external service configured in credentials.
- Depends on the external service's Audit Log API endpoint to fetch data.
Troubleshooting
- Missing or invalid X USER ID: The node requires a valid User ID header; ensure this is correctly set.
- API authentication errors: Verify that the API key credential is valid and has sufficient permissions.
- Query parameter issues: Incorrectly formatted conditions or unsupported query parameters may cause errors; validate query syntax.
- Network or connectivity problems: Ensure the base URL is reachable from n8n and no firewall blocks exist.
- Empty results: If no audit logs are returned, check if the query filters are too restrictive or if there are no matching records.
Links and References
- Refer to the external service’s official Audit Log API documentation for detailed information on available fields, query parameters, and response structure.
- n8n documentation on how to configure API credentials and use HTTP request nodes for custom integrations.