Customers can already view Audit Logs in the Abnormal Portal and access data through our SIEM export events, but this information has historically not been available through our REST API.
We are excited to expand our API functionality to include Abnormal Audit Logs. With this new Audit Log REST API endpoint, customers can ingest Abnormal Portal audit logs through the REST API and extract relevant information to create incident response workflows and alerts of suspicious user activity. All this will be possible without having to access audit logs in the Portal manually.