Netskope Help

Get Client Data

This endpoint returns information related to the Netskope Client.

Request Endpoint
https://<tenant-name>.goskope.com/api/v1/clients

Valid query parameters are:

Key

Value

Description

query

Valid query on the various fields.

This acts as a filter on all the entries in the database.

limit

Positive integer less than 5000

REST API responses can return up to 5000 events in a single response. You can use pagination to retrieve more results.

skip

Positive integer

Skip over some of the events (useful for pagination in combination with limit).

Note

The query fields for this endpoint are slightly different from the others. The way to figure it out is to first get a list of clients, see the data returned, and then figure out the query accordingly.

Response

Hostname is returned as follows:

{
     "_id": ,
     "client_install_time": 
     "device_id": ,
     "host_info":
     {
        "device_make": ,
        "device_model": ,
        "hostname": ,
        "os": ,
        "os_version":
        "nsdeviceuid":  
     },
      "last_event":
     {
        "actor": ,
        "event": ,
        "status": ,
        "timestamp": 
      },
      "users":
      [
       {
        "_id": ,
        "client_version": ,
        "device_classification_status": ,
        "last_event":
        {
           "actor": ,
           "event": ,
           "status": ,
           "timestamp": 
        },
        "user_added_time":,
        "user_source": ,
        "userkey": ,
        "username": 
       }
      ]
     }

So the query for a particular host should like host_info.hostname eq 'xxx' or host_info.hostname eq 'yyy'.

The backend returns the status of many fields as numeric values. In the UI they are converted to readable text, but not in the REST API. The mappings are provided below:

"device_classification_status": {
    "managed": 0,
    "unmanaged": 1,
    "unknown": 2
},
"last_event": {
    "status": {
        "Disabled": 0,
        "Enabled": 1,
        "Uninstalled": 2
    },
    "event": {
        "Installed": 0,
        "Tunnel Up": 1,
        "Tunnel Down": 2,
        "Tunnel down due to Secure Forwarder": 3,
        "Tunnel down due to config error": 4,
        "Tunnel down due to error": 5,
        "User Disabled": 6,
        "User Enabled": 7,
        "Admin Disabled": 8,
        "Admin Enabled": 9,
        "Uninstalled": 10,
        "Installation Failure": 11
    },
    "actor":{
        "User": 0,
        "Admin": 1,
        "System": 2
    }
},
"user_source": {
    "Directory": 0,
    "Manual": 1
}
"host_info": {
    os: {
        "Windows": 0,
        "Mac": 1,
        "Android": 3,
        "Windows Server": 4
    }
}

The hierarchy is important, so to query for last events the query should be last_events.status = 0 to find the Disabled events.