Koi
Audit Logs
Sync Type: Incremental
Overview
The Koi Audit Logs input fetches audit log events from the Koi Security platform. It accesses the /api/external/v2/audit-logs endpoint and supports filtering by event type, covering activities across approval requests, devices, endpoints, browser extensions, and firewall events.
Prerequisites
- Log in to your Koi Security portal.
- Navigate to your account or API settings and generate a JWT Bearer token with access to the external audit logs API.
- Note the token — you'll need it during connector configuration.
If your organization uses a self-hosted or custom Koi deployment, note the base URL of your instance as well.
Configuration
| Setting | Type | Required | Description |
|---|---|---|---|
| API Token | string (secret) | true | JWT Bearer token for authenticating with the Koi API |
| Base URL | string | false | Base URL for the Koi API. Defaults to https://api.prod.koi.security |
| Audit Log Types | array of strings | false | Filter logs by type. Leave empty to fetch all types. Valid values: approval_requests, devices, endpoints, extensions, firewall |
| Backfill Start Time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
| API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See API Rate Limiting for the field format, limits, and how to choose a value. |
Related Articles
Sample Record
Code
Last modified on