Get Reports Data
Get Reports Data
This endpoint returns the result of a report generated on one of the fields in the summarization database.
Request Endpoint
https://<tenant-URL>/api/v1/report
Valid query parameters are:
Key | Value | Description |
---|---|---|
token | string | Required. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL. |
query | Valid event query. | This acts as a filter for all the cloud app events in the events database. |
type | application | connection | alert | network | Selects application events, connection events or alerts (Policy, DLP, Quarantine, Watchlist). |
groupby | application | user | device | activity | Activity is only available for type = application or alert. |
timeperiod | 3600 | 86400 | 604800 | 2592000 | Last 60 mins | Last 24 Hrs | Last 7 Days | Last 30 Days |
starttime | Unix epoch time | Restrict events to those that have timestamps greater than this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed. |
endtime | Unix epoch time | Restrict events to those that have timestamps less than or equal to this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed. |
limit | Positive integer less than 5000 | REST API responses can return up to 5000 events in a single response. You can use pagination to retrieve more results. |
skip | Positive integer | Skip over some of the events (useful for pagination in combination with limit). |
Example Report Request
POST https://<tenant-URL>
/api/v1/report?query=alert_type%20eq%20DLP&type=alert&groupby=user&timeperiod=3600
{ "token": "f32a973eddd7bc1602fc0f48dc0a"
}
Query for DLP violations grouped by user:
POST https://<tenant-URL>
/api/v1/report?query=alert_type eq DLP&type=alert&groupby=user&timeperiod=2592000
{ "token": "f32a973eddd7bc1602fc0f48dc0a"
}
- Set endpoint name as
report
- Set
query=alert_type eq DLP
to query for DLP alerts - Set
type=alert to query
for DLP alerts - Set
groupby=user