Netskope Help

Get Reports Data

This endpoint returns the result of a report generated on one of the fields in the summarization database.

Request Endpoint
GET https://<tenant-name>.goskope.com/api/v1/report

Valid query parameters are:

Key

Value

Description

query

Valid event query.

This acts as a filter for all the cloud app events in the events database.

type

application | connection | alert | network

Selects application events, connection events or alerts (Policy, DLP, Quarantine, Watchlist).

groupby

application | user | device | activity

Activity is only available for type = application or alert.

timeperiod

3600 | 86400 | 604800 | 2592000

Last 60 mins | Last 24 Hrs | Last 7 Days | Last 30 Days

starttime

Unix epoch time

Restrict events to those that have timestamps greater than this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.

endtime

Unix epoch time

Restrict events to those that have timestamps less than or equal to this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.

limit

Positive integer less than 10000

REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.

skip

Positive integer

Skip over some of the events (useful for pagination in combination with limit).

Example Request

Query for DLP violations grouped by user:

https://tenant1.goskope.com/api/v1/report?token=<token-value>&query=
alert_type eq DLP&type=alert&groupby=user&timeperiod=2592000
  • Set endpoint name as report

  • Set query=alert_type eq DLP to query for DLP alerts

  • Set type=alert to query for DLP alerts

  • Set groupby=user