Audit Logs
Sync Type: Incremental
Overview
The Koi Audit Logs input fetches audit log events from the Koi Security platform. It accesses the /api/external/v2/audit-logs endpoint and supports filtering by event type, covering activities across approval requests, devices, endpoints, browser extensions, and firewall events.
Prerequisites
- Log in to your Koi Security portal.
- Navigate to your account or API settings and generate a JWT Bearer token with access to the external audit logs API.
- Note the token — you'll need it during connector configuration.
If your organization uses a self-hosted or custom Koi deployment, note the base URL of your instance as well.
Configuration
| Setting | Type | Required | Description |
|---|---|---|---|
| API Token | string (secret) | true | JWT Bearer token for authenticating with the Koi API |
| Base URL | string | false | Base URL for the Koi API. Defaults to https://api.prod.koi.security |
| Audit Log Types | array of strings | false | Filter logs by type. Leave empty to fetch all types. Valid values: approval_requests, devices, endpoints, extensions, firewall |
| Backfill Start Time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
Related Articles
Sample Record
{
"created_at": "2025-03-04T12:34:56Z",
"type": "extensions",
"message": "Extension VSCode version updated on device laptop-01",
"action": "updated",
"hostname": "user-laptop-ABC123"
}