我正在尝试从管理活动 API 获取 Office 365 审核日志。在为所需内容类型创建订阅后,我能够从订阅/内容 API 获取数据。
例:-
查询:https://manage.office.com/api/v1.0/{tenant-id}/activity/feed/audit/xxxxx$xxxxx$audit_sharepoint$Audit_SharePoint
响应:
[
{
"CreationTime": "2018-10-08T10:13:15",
"Id": "xxxxx",
"Operation": "FileDownloaded",
"OrganizationId": "xxxxx",
"RecordType": 6,
"UserKey": "xxx|membership|xxxxxxx@live.com",
"UserType": 0,
"Version": 1,
"Workload": "OneDrive",
"ClientIP": "xx.xx.xx.xx",
"ObjectId": "xxxxxxx",
"UserId": "xxxxxx",
"ApplicationId": "xxxxxx",
"CorrelationId": "xxxxxx",
"EventSource": "SharePoint",
"ItemType": "File",
"ListId": "xxxxx",
"ListItemUniqueId": "xxxxx",
"Site": "xxxxx",
"UserAgent": "xxxxx",
"WebId": "xxxxx",
"SourceFileExtension": "jpg",
"SiteUrl": "xxxxx",
"SourceFileName": "xxxxx.jpg",
"SourceRelativeUrl": "xxxxx/xxxxx/xxxxx"
},
{..},{..}
]
我需要获取特定用户执行的操作或对特定文件执行的操作的日志。这可以通过 MSGraph 的安全和合规中心中的审核搜索来实现。
有没有办法让 API 根据 UserId 或 ObjectId 字段(也许是查询参数(过滤其响应?
遗憾的是,Office 365 管理活动 API 终结点不支持按AuditRecord(内容 blob(UserId或ObjectId属性进行筛选,仅支持以下参数:
contentTypestartTime和endTime
解决方法是在客户端筛选结果,如下所示:
例
const requestUrl = `https://manage.office.com/api/v1.0/${tenantId}/activity/feed/audit/${contentId}$audit_sharepoint$Audit_SharePoint`;
const options = {
method: 'GET',
headers: {
"Content-Type": "application/json; charset=utf-8",
"Authorization": "bearer " + accessToken
}
};
const rawResponse = await fetch(requestUrl,options);
const blobs = await rawResponse.json(); //get all blobs
const blobsByUser = blobs.filter(blob => {
return blob.UserId === "username@contoso.com";
})
遗憾的是,办公室管理 API 尚不支持按对象 ID 进行过滤。 这已在此处记录 - https://learn.microsoft.com/en-us/office/office-365-management-api/troubleshooting-the-office-365-management-activity-api
请阅读上述文档中的"是否可以查询管理活动 API"查询。