Genesys Cloud CX

  • Published on Nov 11, 2025
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Genesys Audit Logs

✅

✅

✅

genesys_audit_logs

NDJSON

S3

Overview

Genesys Cloud CX is a cloud-native, API-first Contact-Center-as-a-Service (CCaaS) platform that unifies voice and digital channels, routing/IVR, workforce engagement, analytics, and AI on a microservices architecture with open REST APIs and an app marketplace. It’s deployed in multiple AWS regions and exposes comprehensive Platform APIs for configuration and data access.

Supported data types

Genesys Audit Logs

Table name: genesys_audit_logs

Data Collection via API for genesys_audit_logs is split into 3 parts:

  1. Authentication:

The Authorization Code Grant is a two-step authentication process where a user authenticates with Genesys Cloud, and then the client application is returned an authorization code. The client application uses the authorization code to make an unauthenticated API request to get an access token. The access token can then be used when making authenticated API calls. This is the most secure option and ideal for websites where API requests will be made server-side and some desktop applications where a thin client would authorize the user and pass the auth code to a back-end server to exchange for an auth token and make API requests.

  1. Refresh token:

    Out POST request to the authorization service to exchange the authorization code for an access token. The request must contain the client ID and client secret in the base 64 encoded Authorization header. For help creating the Authorization header, see How to Use Base 64 Encoding. The authorization code obtained in the previous step must be provided as part of the form-encoded body.

The authorization service returns a JSON response with the token, token type, token expiry time in seconds, refresh token, and an error string if an error occurred.

When the access token expires, a new access token is obtained without interacting with the user by using the refresh token. To get a new access token using this method, we request the authorization service to exchange the refresh token for an access token. The response will be in the same format as the original response. Applications should forget the old refresh token and remember the new one, as a refresh token may only be used once, and the refresh response will include a new refresh token.

  1. Querying the data:

    Create an audit query execution. Use /api/v2/audits/query/servicemapping endpoint for a list of valid values.

    Get the status of the audit query execution.

    Wait until the state becomes SUCCEEDED before retrieving results. (You can poll on an interval.)

    Get the results of the audit query and parse it into Snowflake.

Send data to Hunters

Hunters supports the collection of logs from Genesys through an intermediary S3 bucket or API pulling mechanism.

To connect Genesys Audit logs:

  1. How do we connect your data source through API to Hunters:

    • Use you OAuth client and get an access token.

    • POST an asynchronous audit query.

    • Poll the query status.

    • GET the results (paging with a cursor when needed).

If you’d like to send it via S3-list:

  1. Complete the process on the Hunters platform, following this guide.

Expected format

Genesys Audit Logs

Logs are expected in JSON format.

{
  "id": "3d26f53b-cb2a-418d-8771-b1d6aee5796c",
  "userHomeOrgId": "der5",
  "user": {
    "id": "zdfvsfd-gff",
    "selfUri": "/api/v2/users/zdfvsfd-gff"
  },
  "client": {
    "id": "er5-hh",
    "selfUri": "/api/v2/oauth/clients/er5-hh"
  },
  "remoteIp": [
    "1.O.4.5"
  ],
  "serviceName": "Quality",
  "level": "USER",
  "eventDate": "2025-10-31T05:50:16Z",
  "action": "Read",
  "entity": {
    "id": "ert4fgyhi-huijk",
    "name": "s3://bucket_name/7466383971671/der5/2025-10-30/rtgcbhg/73946a8556fe4af79dd69489854a3da3_4N5CQJRI4OEQAE4M.sasf",
    "selfUri": "/api/v2/conversations/rtgcbhg/recordings/ert4fgyhi-huijk"
  },
  "entityType": "Recording",
  "status": "SUCCESS",
  "application": "",
  "initiatingAction": {},
  "transactionInitiator": false,
  "propertyChanges": [],
  "context": {
    "mediaSubject": "New York City NY",
    "conversationId": "rtgcbhg",
    "mediaSubtype": "Trunk"
  },
  "entityChanges": []
}