Support Center

JumpCloud Events API

JumpCloud's Events API enables administrators to access and download data specific to events e.g., changes to your JumpCloud account, such as additions, deletions, modifications to objects or execution of operations under the control of JumpCloud. The primary use case for the Events API is to gain simple and efficient access to data logs which provide historical information utilized for compliance and auditing needs, as well as for forensics and analysis of security problems. 


What aspects of JumpCloud are covered by the Events API?


JumpCloud's Events API captures data for the following:
  • JumpCloud Administrator Console Events
  • JumpCloud User Portal Events
  • JumpCloud General Access and System Context API Events
  • System Events - events that occur on desktop, laptop, or server systems running the JumpCloud agent 
  • If your organization was created after Tuesday, April 11 2017, any changes to group objects are not yet recorded in Events


What specific events are captured?


The following data are captured for each of the aspects of the platform monitored by our events API:




JumpCloud Administrator Console Events
 
Event data is captured when ADMIN User is ADDED 
Event data is captured when ADMIN User is MODIFIED 
Event data is captured when ADMIN User is DELETED 
Event data is captured when ADMIN User RESETS his/her API Key
Event data is captured when SYSTEM USER is ADDED
Event data is captured when SYSTEM USER is MODIFIED
Event data is captured when SYSTEM USER is DELETED
Event data is captured when a TAG is ADDED 
Event data is captured when a TAG is MODIFIED
Event data is captured when a TAG is DELETED 
Event data is captured when ACTIVE DIRECTORY is ADDED 
Event data is captured when ACTIVE DIRECTORY is MODIFIED
Event data is captured when ACTIVE DIRECTORY is DEACTIVATED
Event data is captured when Google Sync is ENABLED 
Event data is captured when Google Sync is DISABLED
Event data is captured when Office 365 is ENABLED 
Event data is captured when Office 365 is DISABLED
Event data is captured when a SYSTEM is ADDED 
Event data is captured when a SYSTEM is MODIFIED
Event data is captured when a SYSTEM is DELETED
Event data is captured when APPLICATION (SSO) template is ADDED
Event data is captured when APPLICATION (SSO) template is MODIFIED
Event data is captured when APPLICATION (SSO) template is DELETED
Event data is captured when a COMMAND is ADDED 
Event data is captured when a COMMAND is MODIFIED
Event data is captured when a COMMAND is DELETED
Event data is captured when a COMMAND is RUN
Event data is captured when a COMMAND RESULT is DELETED
Event data is captured when a BILLING INFO is ADDED
Event data is captured when a BILLING INFO is MODIFIED 
Event data is captured when a BILLING INFO is DELETED
Event data is captured when a RADIUS is ADDED
Event data is captured when a RADIUS is MODIFIED
Event data is captured when a RADIUS is DELETED
Event data is captured when ORGANIZATION is MODIFIED

JumpCloud User Portal Events 
 
Event data is captured when a User's FIRST NAME is MODIFIED
Event data is captured when a User's LAST NAME is MODIFIED
Event data is captured when a User's MOBILE PHONE is MODIFIED
Event data is captured when a User's HOME PHONE is MODIFIED
Event data is captured when a User's WORK PHONE is MODIFIED
Event data is captured when a User's WORK MOBILE is MODIFIED
Event data is captured when a User's WORK ADDRESS is MODIFIED
Event data is captured when a User's HOME ADDRESS is MODIFIED
Event data is captured when a User's PASSWORD is MODIFIED
Event data is captured when a User's SSH KEY is ADDED 
Event data is captured when a User's SSH KEY is MODIFIED
Event data is captured when a User's SSH KEY is DELETED
Event data is captured when a User's MFA CODE is MODIFIED
 
Windows & Mac OS X System Events
 
Event data is captured when a User's system login is SUCCESSFUL
Event data is captured when a User's system login FAILED

Linux System Events
 
Event data is captured when a User's SSH Login is SUCCESSFUL
Event data is captured when a User's SSH Login is FAILED
 


How much data is captured/stored by JumpCloud?


JumpCloud will capture and store the most recent 45 days of event data for each customer. It is advised that customers schedule/automate GET requests to pull data on a weekly or bi-monthly basis along with your other data logging activities. 


How to use the REST-based Event Server API

 
When building a query, the following requirements must be observed:
  • It must be a GET request
  • You must include your JumpCloud API key, formatted as follows:
“x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”

The API Key is accessed in the Admin Console in the following drop down menu:


 
  • Available GET Parameters:
 startDate
 endDate
  • Dates must be formatted as RFC3339
"2006-01-02T15:04:05Z"
 
 

Examples:

 

NOTE: We suggest that Python be installed in order to make the json output more readable. Remove " | python -m json.tool" from the below examples if it is not present.

 

Get all events from the last day

curl -G -H "x-api-key: YOUR_API_KEY" -H "Content-Type:application/json" --data-urlencode "startDate=`date --rfc-3339=seconds --date="1 day ago" | sed 's/ /T/'`" https://events.jumpcloud.com/events | python -m json.tool
 

Retrieve 24 hours of events from n days ago

curl --get -H "x-api-key: YOUR_API_KEY" -H "Content-Type:application/json" --data-urlencode "startDate=`date --rfc-3339=seconds --date="2 days ago 00:00:00" | sed 's/ /T/'`" --data-urlencode "endDate=`date --rfc-3339=seconds --date="1 day ago 00:00:00" | sed 's/ /T/'`" https://events.jumpcloud.com/events | python -m json.tool
 
Running queries within Mac OS X


Mac's native date utility does not support the same syntax as GNU date for linux.  In the following example we are generating an output of all data for January 11th 2016 to January 12th 2016:
curl -G -H "x-api-key: YOUR_API_KEY" -H "Content-Type:application/json" --data-urlencode "startDate=2017-01-11T00:00:00Z" --data-urlencode "endDate=2017-01-12T00:00:00Z" https://events.jumpcloud.com/events | python -m json.tool

 

Output Example

JumpCloud will produce well-formed, human-readable JSON to visually parse the data. For Linux, we recommend piping the GET request output through a beautifier tool like the Python json.tool to improve readability. The data can also be consumed by popular log analysis tools such as Splunk. 

 

Last Updated: Apr 17, 2017 04:00PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete