Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
5
Replies

API access to cdFMC audit log configuration changes

Go to solution
rc11
Level 1
Level 1

‎10-20-2025 12:53 PM

My developer colleague and I (detection engineer) would like to call the following API endpoint:

GET​/api​/fmc_platform​/v1​/domain​/{domainUUID}​/audit​/configchanges

However, according to the API documentation this call requires a parameter called snapshotId that is not documented anywhere else, and doesn't even show up anywhere in the GUI. 

Does anyone know what this parameter represents, and how to get any or all valid snapshotId values for a tenant?

Thanks in advance.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rc11
Level 1
Level 1

‎11-19-2025 02:26 PM

Update: we were successful in making the call to the /configchanges endpoint using the snapshotId attribute of the Save Policy event log. So note that the audit record id itself is not a valid snapshotId. It needs to be a snapshotId attribute that is part of a Save Policy event. We were unable to find any other type of log containing a snapshotId attribute. This answers my question. Thank you!

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Ben Weber
Level 1
Level 1

‎11-16-2025 06:46 PM

Hi @rc11 

AFAIK, the snapshot-id  parameter represents the UUID of a specific configuration snapshot or audit record that captures the state of the system at a given point in time. 

You should be able to retrieve the list of snapshot-id variables by querying the /auditrecords endpoint?

Let me know if that works. Good luck!

- BW
Please rate posts if they have been helpful.
0 Helpful

Go to solution
rc11
Level 1
Level 1
In response to Ben Weber

‎11-17-2025 02:04 PM

Hi Ben, we did get this suggestion on the DevNet forum, we tried it and the auditrecords IDs were not valid snapshot IDs.

0 Helpful

Go to solution
Ben Weber
Level 1
Level 1

‎11-17-2025 02:28 PM

Hey @rc11 

Sorry to hear that. I would suggest reaching out to your Cisco account manager to lodge a feature request for programmatically retrieving snapshotId values.

The snapshotId values are internal to FMC and are linked to configuration changes/deployments, thought that would come from the /auditrecords endpoint but looks like that is not the case.

Sorry I can't be of more help.

- BW
Please rate posts if they have been helpful.
0 Helpful

Go to solution
rc11
Level 1
Level 1
In response to Ben Weber

‎11-17-2025 03:40 PM

Actually, upon continuing to dig, we noticed that there was a snapshotId attribute in Policy Editor Save logs (generated when a policy is saved after modification). We will be looking into passing that snapshotId to the configchanges endpoint to see if we can get a delta of the changes.

0 Helpful

Go to solution
rc11
Level 1
Level 1

‎11-19-2025 02:26 PM

Update: we were successful in making the call to the /configchanges endpoint using the snapshotId attribute of the Save Policy event log. So note that the audit record id itself is not a valid snapshotId. It needs to be a snapshotId attribute that is part of a Save Policy event. We were unable to find any other type of log containing a snapshotId attribute. This answers my question. Thank you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card