# Security Center # Insights ## Retrieves Security Center Insights `client.SecurityCenter.Insights.List(ctx, params) (*V4PagePagination[InsightListResponse], error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights` Lists all Security Center insights for the account or zone, showing security findings and recommendations. ### Parameters - `params InsightListParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Page param.Field[int64]` Query param: Specifies the current page within paginated list of results. - `PerPage param.Field[int64]` Query param: Sets the number of results per page of results. - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type InsightListResponse struct{…}` - `Count int64` Indicates the total number of results. - `Issues []InsightListResponseIssue` - `ID string` - `Dismissed bool` - `HasExtendedContext bool` Indicates whether the insight has a large payload that requires fetching via the context endpoint. - `IssueClass string` - `IssueType IssueType` - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Payload InsightListResponseIssuesPayload` - `DetectionMethod string` Describes the method used to detect insight. - `ZoneTag string` - `ResolveLink string` - `ResolveText string` - `Severity InsightListResponseIssuesSeverity` - `const InsightListResponseIssuesSeverityLow InsightListResponseIssuesSeverity = "Low"` - `const InsightListResponseIssuesSeverityModerate InsightListResponseIssuesSeverity = "Moderate"` - `const InsightListResponseIssuesSeverityCritical InsightListResponseIssuesSeverity = "Critical"` - `Since Time` - `Status InsightListResponseIssuesStatus` The current status of the insight. - `const InsightListResponseIssuesStatusActive InsightListResponseIssuesStatus = "active"` - `const InsightListResponseIssuesStatusResolved InsightListResponseIssuesStatus = "resolved"` - `Subject string` - `Timestamp Time` - `UserClassification InsightListResponseIssuesUserClassification` User-defined classification for the insight. Can be 'false_positive', 'accept_risk', 'other', or null. - `const InsightListResponseIssuesUserClassificationFalsePositive InsightListResponseIssuesUserClassification = "false_positive"` - `const InsightListResponseIssuesUserClassificationAcceptRisk InsightListResponseIssuesUserClassification = "accept_risk"` - `const InsightListResponseIssuesUserClassificationOther InsightListResponseIssuesUserClassification = "other"` - `Page int64` Specifies the current page within paginated list of results. - `PerPage int64` Sets the number of results per page of results. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.SecurityCenter.Insights.List(context.TODO(), security_center.InsightListParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "count": 1, "issues": [ { "id": "id", "dismissed": false, "has_extended_context": false, "issue_class": "always_use_https_not_enabled", "issue_type": "compliance_violation", "payload": { "detection_method": "We detected security rules referencing multiple IP addresses directly in the rules.", "zone_tag": "zone_tag" }, "resolve_link": "resolve_link", "resolve_text": "resolve_text", "severity": "Low", "since": "2019-12-27T18:11:19.117Z", "status": "active", "subject": "example.com", "timestamp": "2019-12-27T18:11:19.117Z", "user_classification": "false_positive" } ], "page": 1, "per_page": 25 } } ``` ## Archives Security Center Insight `client.SecurityCenter.Insights.Dismiss(ctx, issueID, params) (*InsightDismissResponse, error)` **put** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/dismiss` Archives a Security Center insight for an account or zone, removing it from the active insights list while preserving historical data. ### Parameters - `issueID string` - `params InsightDismissParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Dismiss param.Field[bool]` Body param ### Returns - `type InsightDismissResponse struct{…}` - `Errors []InsightDismissResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source InsightDismissResponseErrorsSource` - `Pointer string` - `Messages []InsightDismissResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source InsightDismissResponseMessagesSource` - `Pointer string` - `Success InsightDismissResponseSuccess` Whether the API call was successful. - `const InsightDismissResponseSuccessTrue InsightDismissResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.SecurityCenter.Insights.Dismiss( context.TODO(), "issue_id", security_center.InsightDismissParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` # Class ## Retrieves Security Center Insight Counts by Class `client.SecurityCenter.Insights.Class.Get(ctx, params) (*[]InsightClassGetResponse, error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/class` Retrieves Security Center insight counts aggregated by classification class. ### Parameters - `params InsightClassGetParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type InsightClassGetResponseEnvelopeResult []InsightClassGetResponse` - `Count int64` - `Value string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) classes, err := client.SecurityCenter.Insights.Class.Get(context.TODO(), security_center.InsightClassGetParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", classes) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` # Severity ## Retrieves Security Center Insight Counts by Severity `client.SecurityCenter.Insights.Severity.Get(ctx, params) (*[]InsightSeverityGetResponse, error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/severity` Retrieves Security Center insight counts aggregated by severity level (critical, high, medium, low). ### Parameters - `params InsightSeverityGetParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type InsightSeverityGetResponseEnvelopeResult []InsightSeverityGetResponse` - `Count int64` - `Value string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) severities, err := client.SecurityCenter.Insights.Severity.Get(context.TODO(), security_center.InsightSeverityGetParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", severities) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` # Type ## Retrieves Security Center Insight Counts by Type `client.SecurityCenter.Insights.Type.Get(ctx, params) (*[]InsightTypeGetResponse, error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/type` Retrieves Security Center insight counts aggregated by insight type. ### Parameters - `params InsightTypeGetParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type InsightTypeGetResponseEnvelopeResult []InsightTypeGetResponse` - `Count int64` - `Value string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) types, err := client.SecurityCenter.Insights.Type.Get(context.TODO(), security_center.InsightTypeGetParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", types) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` # Audit Logs ## Retrieves account or zone Audit Log `client.SecurityCenter.Insights.AuditLogs.List(ctx, params) (*CursorPagination[InsightAuditLogListResponse], error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/audit-log` Lists audit log entries for all Security Center insights in the account or zone, showing changes to insight status and classification. ### Parameters - `params InsightAuditLogListParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Before param.Field[Time]` Query param: Filter entries changed before this timestamp (RFC 3339). - `ChangedBy param.Field[string]` Query param: Filter by the actor that made the change. - `Cursor param.Field[string]` Query param: Opaque cursor for pagination. Use the cursor value from result_info of the previous response. - `FieldChanged param.Field[InsightAuditLogListParamsFieldChanged]` Query param: Filter by the field that was changed. - `const InsightAuditLogListParamsFieldChangedStatus InsightAuditLogListParamsFieldChanged = "status"` - `const InsightAuditLogListParamsFieldChangedUserClassification InsightAuditLogListParamsFieldChanged = "user_classification"` - `Order param.Field[InsightAuditLogListParamsOrder]` Query param: Sort order for results. Use 'asc' for oldest first or 'desc' for newest first. - `const InsightAuditLogListParamsOrderAsc InsightAuditLogListParamsOrder = "asc"` - `const InsightAuditLogListParamsOrderDesc InsightAuditLogListParamsOrder = "desc"` - `PerPage param.Field[int64]` Query param: Number of results per page. - `Since param.Field[Time]` Query param: Filter entries changed at or after this timestamp (RFC 3339). ### Returns - `type InsightAuditLogListResponse struct{…}` - `ID string` UUIDv7 identifier for the audit log entry, time-ordered. - `ChangedAt Time` The timestamp when the change occurred. - `ChangedBy string` The actor that made the change. 'system' for automated changes, or a user identifier. - `CurrentValue string` The value of the field after the change. Null if the field was cleared. - `FieldChanged InsightAuditLogListResponseFieldChanged` The field that was changed. - `const InsightAuditLogListResponseFieldChangedStatus InsightAuditLogListResponseFieldChanged = "status"` - `const InsightAuditLogListResponseFieldChangedUserClassification InsightAuditLogListResponseFieldChanged = "user_classification"` - `IssueID string` The ID of the insight this audit log entry relates to. - `PreviousValue string` The value of the field before the change. Null if the field was not previously set. - `Rationale string` Optional rationale provided for the change. - `ZoneID int64` The zone ID associated with the insight. Only present for zone-level insights. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.SecurityCenter.Insights.AuditLogs.List(context.TODO(), security_center.InsightAuditLogListParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "changed_at": "2019-12-27T18:11:19.117Z", "changed_by": "system", "current_value": "current_value", "field_changed": "status", "issue_id": "issue_id", "previous_value": "previous_value", "rationale": "rationale", "zone_id": 0 } ], "result_info": { "count": 25, "cursor": "cursor", "per_page": 25 } } ``` ## Retrieves Issue Audit Log `client.SecurityCenter.Insights.AuditLogs.ListByInsight(ctx, issueID, params) (*CursorPagination[InsightAuditLogListByInsightResponse], error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/audit-log` Lists audit log entries for a specific Security Center insight, showing changes to its status and classification over time. ### Parameters - `issueID string` - `params InsightAuditLogListByInsightParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Before param.Field[Time]` Query param: Filter entries changed before this timestamp (RFC 3339). - `ChangedBy param.Field[string]` Query param: Filter by the actor that made the change. - `Cursor param.Field[string]` Query param: Opaque cursor for pagination. Use the cursor value from result_info of the previous response. - `FieldChanged param.Field[InsightAuditLogListByInsightParamsFieldChanged]` Query param: Filter by the field that was changed. - `const InsightAuditLogListByInsightParamsFieldChangedStatus InsightAuditLogListByInsightParamsFieldChanged = "status"` - `const InsightAuditLogListByInsightParamsFieldChangedUserClassification InsightAuditLogListByInsightParamsFieldChanged = "user_classification"` - `Order param.Field[InsightAuditLogListByInsightParamsOrder]` Query param: Sort order for results. Use 'asc' for oldest first or 'desc' for newest first. - `const InsightAuditLogListByInsightParamsOrderAsc InsightAuditLogListByInsightParamsOrder = "asc"` - `const InsightAuditLogListByInsightParamsOrderDesc InsightAuditLogListByInsightParamsOrder = "desc"` - `PerPage param.Field[int64]` Query param: Number of results per page. - `Since param.Field[Time]` Query param: Filter entries changed at or after this timestamp (RFC 3339). ### Returns - `type InsightAuditLogListByInsightResponse struct{…}` - `ID string` UUIDv7 identifier for the audit log entry, time-ordered. - `ChangedAt Time` The timestamp when the change occurred. - `ChangedBy string` The actor that made the change. 'system' for automated changes, or a user identifier. - `CurrentValue string` The value of the field after the change. Null if the field was cleared. - `FieldChanged InsightAuditLogListByInsightResponseFieldChanged` The field that was changed. - `const InsightAuditLogListByInsightResponseFieldChangedStatus InsightAuditLogListByInsightResponseFieldChanged = "status"` - `const InsightAuditLogListByInsightResponseFieldChangedUserClassification InsightAuditLogListByInsightResponseFieldChanged = "user_classification"` - `IssueID string` The ID of the insight this audit log entry relates to. - `PreviousValue string` The value of the field before the change. Null if the field was not previously set. - `Rationale string` Optional rationale provided for the change. - `ZoneID int64` The zone ID associated with the insight. Only present for zone-level insights. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.SecurityCenter.Insights.AuditLogs.ListByInsight( context.TODO(), "issue_id", security_center.InsightAuditLogListByInsightParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "changed_at": "2019-12-27T18:11:19.117Z", "changed_by": "system", "current_value": "current_value", "field_changed": "status", "issue_id": "issue_id", "previous_value": "previous_value", "rationale": "rationale", "zone_id": 0 } ], "result_info": { "count": 25, "cursor": "cursor", "per_page": 25 } } ``` # Classification ## Updates Security Center Insight Classification `client.SecurityCenter.Insights.Classification.Update(ctx, issueID, params) (*InsightClassificationUpdateResponse, error)` **patch** `/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/classification` Updates the user classification for a Security Center insight. Valid values are 'false_positive' or 'accept_risk'. To reset, set classification to null. Cannot change directly between classification values - must reset to null first. ### Parameters - `issueID string` - `params InsightClassificationUpdateParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Classification param.Field[InsightClassificationUpdateParamsClassification]` Body param: User-defined classification for the insight. Can be 'false_positive', 'accept_risk', 'other', or null. - `const InsightClassificationUpdateParamsClassificationFalsePositive InsightClassificationUpdateParamsClassification = "false_positive"` - `const InsightClassificationUpdateParamsClassificationAcceptRisk InsightClassificationUpdateParamsClassification = "accept_risk"` - `const InsightClassificationUpdateParamsClassificationOther InsightClassificationUpdateParamsClassification = "other"` - `Rationale param.Field[string]` Body param: Rationale for the classification change. Required when classification is 'accept_risk' or 'other'. ### Returns - `type InsightClassificationUpdateResponse struct{…}` - `Errors []InsightClassificationUpdateResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source InsightClassificationUpdateResponseErrorsSource` - `Pointer string` - `Messages []InsightClassificationUpdateResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source InsightClassificationUpdateResponseMessagesSource` - `Pointer string` - `Success InsightClassificationUpdateResponseSuccess` Whether the API call was successful. - `const InsightClassificationUpdateResponseSuccessTrue InsightClassificationUpdateResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) classification, err := client.SecurityCenter.Insights.Classification.Update( context.TODO(), "issue_id", security_center.InsightClassificationUpdateParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", classification.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` # Context ## Retrieves Security Center Insight Context `client.SecurityCenter.Insights.Context.Get(ctx, issueID, query) (*InsightContextGetResponse, error)` **get** `/accounts/{account_id}/security-center/insights/{issue_id}/context` Returns the full context payload for an insight. This endpoint is used for insights with large payloads that are not included inline in the list response. ### Parameters - `issueID string` - `query InsightContextGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type InsightContextGetResponse map[string, unknown]` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/security_center" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) context, err := client.SecurityCenter.Insights.Context.Get( context.TODO(), "issue_id", security_center.InsightContextGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", context) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "foo": "bar" } } ```