Actions21
- Digital Footprint Actions
- Dark Web Monitoring Actions
- Incident Actions
- Takedown Actions
- User Audit Logs Actions
- DRP Fraud Protection Actions
- Brand Protection Actions
Overview
This node integrates with the SOCRadar API to retrieve user audit logs for a specified company. It allows fetching detailed audit trail data, which is useful for security monitoring, compliance auditing, and forensic investigations within an organization. Typical use cases include tracking user activities, filtering logs by date ranges, action types, or specific users, and paginating through large sets of audit records.
For example, a security analyst could use this node to pull all audit logs related to user login attempts within the last month to detect suspicious access patterns.
Properties
| Name | Meaning |
|---|---|
| Company ID | The unique identifier of the company whose audit logs are being retrieved. |
| Additional Fields | Optional filters and pagination controls: |
| - From Date | Start date/time to filter audit logs from (inclusive). |
| - To Date | End date/time to filter audit logs until (inclusive). |
| - User | Filter audit logs by a specific user identifier. |
| - Action Type | Filter audit logs by the type of action performed (e.g., login, update). |
| - Page | Page number for paginated results (default is 1). |
| - Limit | Number of audit log entries to return per page (default is 100). |
Output
The node outputs an array of JSON objects representing audit log entries matching the specified criteria. Each entry typically contains details such as timestamp, user involved, action type, and other relevant metadata describing the audit event.
If errors occur during execution, the output may include error objects with messages and additional details about the failure.
The node does not output binary data.
Dependencies
- Requires an active SOCRadar API key credential configured in n8n.
- Needs network access to the SOCRadar API endpoint specified by the base URL in the credentials.
- No other external dependencies are required.
Troubleshooting
Common Issues:
- Invalid or missing API key credential will cause authentication failures.
- Incorrect or missing Company ID will result in no data or errors.
- Date filters must be valid ISO date strings; invalid dates may cause request failures.
- Pagination parameters out of range may lead to empty results.
Error Messages:
- Errors returned from the SOCRadar API are captured and included in the output under
json.errorandjson.details. - Network or timeout errors may occur if the API is unreachable.
- If "Continue On Fail" is disabled, any error will stop the workflow execution.
- Errors returned from the SOCRadar API are captured and included in the output under
Resolution Tips:
- Verify that the API key credential is correctly set up and has necessary permissions.
- Double-check the Company ID and filter values for correctness.
- Use smaller page sizes if large limits cause timeouts.
- Enable "Continue On Fail" to handle partial failures gracefully.
Links and References
- SOCRadar Official API Documentation (for detailed API usage and parameters)
- n8n Documentation on Using Credentials
- n8n Documentation on Error Handling