Netskope Help

Get Events Data

This API call returns events extracted from SaaS traffic and or logs.

Request Endpoint
https://<tenant-name>.goskope.com/api/v1/events

Valid query parameters are:

Key

Value

Description

token

string

Required. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL.

query

Valid event query.

This acts as a filter for all the cloud app events in the events database.

type

page | application | audit | infrastructure | network

Selects page events, application events, audit events, or infrastructure events. Application events are triggered for user actions inside the cloud app. Page events are triggered for the http/https connection. Audit and infrastructure events are logged for administrator activity in the Netskope UI.

timeperiod

3600 | 86400 | 604800 | 2592000

Last 60 mins | Last 24 Hrs | Last 7 Days | Last 30 Days

Only use one of these parameters at a time, not a combination: timeperiod, or starttime/endtime, or insertionstarttime/insertionendtime.

starttime

Unix epoch time

Restrict events to those that have timestamps greater than this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.

Only use one of these parameters at a time, not a combination: timeperiod, or starttime/endtime, or insertionstarttime/insertionendtime.

endtime

Unix epoch time

Restrict events to those that have timestamps less than or equal to this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.

insertionstarttime

Unix epoch time

Use insertion time to retrieve all events from Netskope. For example: insertionstarttime >= X and insertionendtime <= Y where X is the UTC time of 10/1/2019 0:00:00 and Y is the UTC time of 11/1/2019 0:00:00. This shows the events/alerts that were inserted into the system during the month of Oct 2019. If you use the same values for starttime and endtime, then you get the events/alerts that were generated during the month of Oct 2019.

Only use one of these parameters at a time, not a combination: timeperiod, or starttime/endtime, or insertionstarttime/insertionendtime.

insertionendtime

Unix epoch time

Use insertion time to retrieve all events from Netskope. For example: insertionstarttime >= X and insertionendtime <= Y where X is the UTC time of 10/1/2019 0:00:00 and Y is the UTC time of 11/1/2019 0:00:00. This shows the events/alerts that were inserted into the system during the month of Oct 2019. If you use the same values for starttime and endtime, then you get the events/alerts that were generated during the month of Oct 2019. Use only if timeperiod or starttime/endtime is not passed.

limit

Positive integer less than 10000

REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.

skip

Positive integer

Skip over some of the events (useful for pagination in combination with limit).

unsorted

true | false

If true, the returned data will not be sorted (useful for improved performance).

Request Examples

Query for application events for the past 24 hours:

POST https://<tenant-name>.goskope.com/api/v1/events?type=application&timeperiod=86400
{    
    "token": "f32a973eddd7bc1602fc0f48dc0a"
}
  • Set endpoint name as event

  • Set type = application

  • Set timeperiod = 86400

Query for all the application events for "app eq Dropbox" for the past 24 hours:

POST https://<tenant-name>.goskope.com/api/v1/events?query=app%20eq%20Dropbox&type=application&timeperiod=86400
{    
    "token": "f32a973eddd7bc1602fc0f48dc0a"
}

You will see an http response: Future uploads of this file by user <username> to application <appname> will be allowed.

Response

For response information, refer to REST API Events and Alerts Response Descriptions.