Office365 Office 365管理活动API-使用用户ID或文件ID进行查询
我正在尝试从管理活动API获取Office 365审核日志。在为所需的内容类型创建订阅后,我能够从订阅/content API获取数据 例如:- 查询:Office365 Office 365管理活动API-使用用户ID或文件ID进行查询,office365,Office365,我正在尝试从管理活动API获取Office 365审核日志。在为所需的内容类型创建订阅后,我能够从订阅/content API获取数据 例如:- 查询:https://manage.office.com/api/v1.0/{租户id}/activity/feed/audit/xxxxx$xxxxx$audit\u sharepoint$audit\u sharepoint 答复: [ { "CreationTime": "2018-10-08T10:13:15",
https://manage.office.com/api/v1.0/{租户id}/activity/feed/audit/xxxxx$xxxxx$audit\u sharepoint$audit\u sharepoint
答复:
[
{
"CreationTime": "2018-10-08T10:13:15",
"Id": "xxxxx",
"Operation": "FileDownloaded",
"OrganizationId": "xxxxx",
"RecordType": 6,
"UserKey": "xxx|membership|xxxxxxx@live.com",
"UserType": 0,
"Version": 1,
"Workload": "OneDrive",
"ClientIP": "xx.xx.xx.xx",
"ObjectId": "xxxxxxx",
"UserId": "xxxxxx",
"ApplicationId": "xxxxxx",
"CorrelationId": "xxxxxx",
"EventSource": "SharePoint",
"ItemType": "File",
"ListId": "xxxxx",
"ListItemUniqueId": "xxxxx",
"Site": "xxxxx",
"UserAgent": "xxxxx",
"WebId": "xxxxx",
"SourceFileExtension": "jpg",
"SiteUrl": "xxxxx",
"SourceFileName": "xxxxx.jpg",
"SourceRelativeUrl": "xxxxx/xxxxx/xxxxx"
},
{..},{..}
]
我需要获取特定用户执行的操作或对特定文件执行的操作的日志。这可以通过MSGraph安全与合规中心的审计搜索实现
API是否有基于UserId或ObjectId字段(可能是查询参数)过滤其响应的方法?不幸的是,Office 365管理活动API端点不支持通过
AuditRecord
(内容blob)UserId
或ObjectId
属性进行过滤,仅支持以下参数:
contentType
和startTime
endTime
const requestUrl = `https://manage.office.com/api/v1.0/${tenantId}/activity/feed/audit/${contentId}$audit_sharepoint$Audit_SharePoint`;
const options = {
method: 'GET',
headers: {
"Content-Type": "application/json; charset=utf-8",
"Authorization": "bearer " + accessToken
}
};
const rawResponse = await fetch(requestUrl,options);
const blobs = await rawResponse.json(); //get all blobs
const blobsByUser = blobs.filter(blob => {
return blob.UserId === "username@contoso.com";
})
谢谢你的快速回复。您知道过滤功能是否会更新以支持其他参数吗?@P.PratyushReddy,这个问题最好发到