We'd like to know who initiated the remote-access connection. Therefore we read the audit records to get the user.
Currently there is no way to add a filter oder a query parameter to seach only for operations for a specific device. The response has a fragment which contains the device-id com_cumulocity_model_event_AuditSourceDevice but the api does not allow to filter on that specific fragment.
For now I would have to filter on the device itself, but that's not very sufficient.