Docy

Get Events Data

Get Events Data

This API call returns events extracted from SaaS traffic and or logs.

Request Endpoint

https://<tenant-URL>/api/v1/events

Valid query parameters are:

KeyValueDescription
tokenstringRequired. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL.
queryValid event query.This acts as a filter for all the cloud app events in the events database.
typepage | application | audit | infrastructure | networkSelects page events, application events, audit events, or infrastructure events. Application events are triggered for user actions inside the cloud app. Page events are triggered for the http/https connection. Audit and infrastructure events are logged for administrator activity in the Netskope UI.
timeperiod3600 | 86400 | 604800 | 2592000Last 60 mins | Last 24 Hrs | Last 7 Days | Last 30 Days

Only use one of these parameters at a time, not a combination: timeperiod, or starttime/endtime, or insertionstarttime/insertionendtime.

starttimeUnix epoch timeRestrict events to those that have timestamps greater than this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.

Only use one of these parameters at a time, not a combination: timeperiod, or starttime/endtime, or insertionstarttime/insertionendtime.

endtimeUnix epoch timeRestrict events to those that have timestamps less than or equal to this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.
insertionstarttimeUnix epoch timeUse insertion time to retrieve all events from Netskope. For example: insertionstarttime >= X and insertionendtime <= Y where X is the UTC time of 10/1/2019 0:00:00 and Y is the UTC time of 11/1/2019 0:00:00. This shows the events/alerts that were inserted into the system during the month of Oct 2019. If you use the same values for starttime and endtime, then you get the events/alerts that were generated during the month of Oct 2019.

Only use one of these parameters at a time, not a combination: timeperiod, or starttime/endtime, or insertionstarttime/insertionendtime.

insertionendtimeUnix epoch timeUse insertion time to retrieve all events from Netskope. For example: insertionstarttime >= X and insertionendtime <= Y where X is the UTC time of 10/1/2019 0:00:00 and Y is the UTC time of 11/1/2019 0:00:00. This shows the events/alerts that were inserted into the system during the month of Oct 2019. If you use the same values for starttime and endtime, then you get the events/alerts that were generated during the month of Oct 2019. Use only if timeperiod or starttime/endtime is not passed.
limitPositive integer less than 5000REST API responses can return up to 5000 events in a single response. You can use pagination to retrieve more results.
skipPositive integerSkip over some of the events (useful for pagination in combination with limit).
unsortedtrue | falseIf true, the returned data will not be sorted (useful for improved performance).

Request Examples

Query for application events for the past 24 hours:

POST https://<tenant-URL>/api/v1/events?type=application&timeperiod=86400
{    
    "token": "f32a973eddd7bc1602fc0f48dc0a"
}
  • Set endpoint name as event
  • Set type = application
  • Set timeperiod = 86400

Query for all the application events for “app eq Dropbox” for the past 24 hours:

POST https://<tenant-URL>/api/v1/events?query=app%20eq%20Dropbox&type=application&timeperiod=86400
{    
    "token": "f32a973eddd7bc1602fc0f48dc0a"
}

You will see an http response: Future uploads of this file by user <username> to application <appname> will be allowed.

Response

For response information, refer to REST API Events and Alerts Response Descriptions.

Share this Doc
In this topic ...