Get Events Data
Get Events Data
Important
This Netskope REST API v1 endpoint will be retired on 10/15/2024. Refer to End of Life (EOL) for Specific REST API v1 Endpoints for more details.
This API call returns events extracted from SaaS traffic and or logs.
Request Endpoint
https://<tenant-URL>/api/v1/events
Valid query parameters are:
Key | Value | Description |
---|---|---|
token | string | Required. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL. |
query | Valid event query. | This acts as a filter for all the cloud app events in the events database. |
type | page | application | audit | infrastructure | network | Selects page events, application events, audit events, or infrastructure events. Application events are triggered for user actions inside the cloud app. Page events are triggered for the http/https connection. Audit and infrastructure events are logged for administrator activity in the Netskope UI. |
timeperiod | 3600 | 86400 | 604800 | 2592000 | Last 60 mins | Last 24 Hrs | Last 7 Days | Last 30 Days Only use one of these parameters at a time, not a combination: |
starttime | Unix epoch time | Restrict events to those that have timestamps greater than this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.Only use one of these parameters at a time, not a combination: |
endtime | Unix epoch time | Restrict events to those that have timestamps less than or equal to this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed. |
insertionstarttime | Unix epoch time | Use insertion time to retrieve all events from Netskope. For example: insertionstarttime >= X and insertionendtime <= Y where X is the UTC time of 10/1/2019 0:00:00 and Y is the UTC time of 11/1/2019 0:00:00. This shows the events/alerts that were inserted into the system during the month of Oct 2019. If you use the same values for starttime and endtime , then you get the events/alerts that were generated during the month of Oct 2019.Only use one of these parameters at a time, not a combination: |
insertionendtime | Unix epoch time | Use insertion time to retrieve all events from Netskope. For example: insertionstarttime >= X and insertionendtime <= Y where X is the UTC time of 10/1/2019 0:00:00 and Y is the UTC time of 11/1/2019 0:00:00. This shows the events/alerts that were inserted into the system during the month of Oct 2019. If you use the same values for starttime and endtime , then you get the events/alerts that were generated during the month of Oct 2019. Use only if timeperiod or starttime/endtime is not passed. |
limit | Positive integer less than 5000 | REST API responses can return up to 5000 events in a single response. You can use pagination to retrieve more results. |
skip | Positive integer | Skip over some of the events (useful for pagination in combination with limit). |
unsorted | true | false | If true , the returned data will not be sorted (useful for improved performance). |
Request Examples
Query for application events for the past 24 hours:
POST https://<tenant-URL>/api/v1/events?type=application&timeperiod=86400 { "token": "f32a973eddd7bc1602fc0f48dc0a" }
- Set endpoint name as
event
- Set
type = application
- Set
timeperiod = 86400
Query for all the application events for “app eq Dropbox” for the past 24 hours:
POST https://<tenant-URL>/api/v1/events?query=app%20eq%20Dropbox&type=application&timeperiod=86400 { "token": "f32a973eddd7bc1602fc0f48dc0a" }
You will see an http response: Future uploads of this file by user <username> to application <appname> will be allowed.
Response
For response information, refer to REST API Events and Alerts Response Descriptions.