# Retrieve network traffic flow logs with advanced filtering and pagination

Requires audits::read:flows permission.

Endpoint: GET /v2/audit/flow-logs
Version: 1.0.0
Security: JWTAuthorizer

## Query parameters:

  - `sTime` (number)
    Unix timestamp for the start of the log window

  - `eTime` (number)
    Unix timestamp for the end of the log window

  - `eTimeOp` (string)
    Comparison operator for the end of the log window
    Enum: "eq", "ne", "gt", "gte", "lt", "lte"

  - `protocol` (string)
    IP protocol

  - `srcIp` (string)
    Source IP address

  - `dstIp` (string)
    Destination IP address

  - `srcPort` (number)
    Source port

  - `srcPortOp` (string)
    Comparison operator for the source port
    Enum: "eq", "ne", "gt", "gte", "lt", "lte"

  - `dstPort` (number)
    Destination port

  - `dstPortOp` (string)
    Comparison operator for the dest port
    Enum: "eq", "ne", "gt", "gte", "lt", "lte"

  - `limit` (number)
    Maximum number of results to return

  - `srcNode` (string)
    Source node name

  - `dstNode` (string)
    Dest node name

  - `node` (string)
    Flow logging node ID

  - `page` (string)
    Page of results to return

  - `sort` (string)
    Sort results, like port:desc

  - `reverse` (boolean)
    When true, newer flow logs will be listed first

  - `tcpFlags` (array)
    If provided, a flow must match at least one of the TCP flags provided. Decimal encoded, see flow log TCP flag encoding.

## Response 200 fields (application/json):

  - `activityID` (string)
    Threat Intelligence activity ID
    Example: "9aa2bbc3-4265-475b-b977-c94b1ee25a1f"

  - `destBytes` (number)
    Destination bytes transferred
    Example: 100

  - `destIP` (string)
    Destination IP address
    Example: "1.1.1.1"

  - `destNode` (string)
    Destination node name
    Example: "mynode"

  - `destPort` (number)
    Destination port
    Example: 1234

  - `endTime` (string)
    Start time of the flow
    Example: "2022-11-01T22:46:02.730Z"

  - `protocol` (string)
    Protocol
    Enum: "TCP", "UDP", "ICMP", "UNKNOWN"

  - `sourceBytes` (number)
    Source bytes transferred
    Example: 100

  - `sourceIP` (string)
    Source IP address
    Example: "2.2.2.2"

  - `sourceNode` (string)
    Source node name
    Example: "mynode"

  - `sourcePort` (number)
    Source port
    Example: 1234

  - `startTime` (string)
    Start time of the flow
    Example: "2022-11-01T22:46:01.765Z"

  - `tcpFlags` (string)
    TCP Flags encoded in hex:
* 0x01 - FIN
* 0x02 - SYN
* 0x04 - RST
* 0x08 - PSH
* 0x10 - ACK
* 0x20 - URG
    Example: "00100001"