Activities API

The Activities API provides access to Shield's activity logs, enabling you to query scanning events, export data for analysis, and integrate with security information and event management (SIEM) systems.

Overview

Shield logs every request it processes, capturing:

Detected and obfuscated data types
Matched applications and rules
User and group information
Request/response metadata (URL, content type, size)
Timestamps and processing details

The Activities API allows you to programmatically query these logs using Shield's powerful query language, export data to CSV format, and integrate activity monitoring into your security workflows.

Authentication

Requires an API Key with read access (all API keys have read access by default).

Authorization: Bearer <api-key>

Key Capabilities

Advanced Querying - Filter activities by data types, users, applications, time ranges, and more
CSV Export - Export filtered data for analysis in Excel, BI tools, or data warehouses
Real-Time Monitoring - Query recent activities for security monitoring dashboards
Compliance Reporting - Generate audit reports for regulatory compliance
SIEM Integration - Feed activity data into security monitoring platforms

API Endpoints

Query and Retrieval

GET /api/activities - Query activities with filters
POST /api/activities/convertsearch - Convert simple filters to advanced query syntax

Data Export

GET /api/activities/csv - Export filtered activities as CSV

Filtering

Available Filter Fields - Complete list of filter fields you can use in queries

Common Workflows

Extracting Activity Data - Complete guide to querying and exporting activity logs

Quick Example

Get all activities from the last 24 hours where sensitive data was detected:

Example

import requests

BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}

# Convert simple query to advanced syntax
query_request = {
    "simpleToAdvanced": {
        "detected": ["true"],
        "timestamp": {"withinLast": {"days": 1, "hours": 0, "minutes": 0}}
    }
}

query_response = requests.post(
    f"{BASE_URL}/api/activities/convertsearch",
    headers=HEADERS,
    json=query_request
).json()

# Get activities using the advanced query
activities = requests.get(
    f"{BASE_URL}/api/activities",
    headers=HEADERS,
    params={"search": query_response["simpleToAdvanced"]}
).json()

print(f"Found {len(activities['items'])} activities with sensitive data")

Query Activities - Learn the complete querying syntax
Convert Queries - Build queries programmatically
Export to CSV - Download activity data
Extracting Activity Data Workflow - End-to-end guide

For complete API schemas and interactive testing, visit: https://<shield-host>/swagger/index.html