Get Reports Data
This endpoint returns the result of a report generated on one of the fields in the summarization database.
Request Endpoint
https://<tenant-name>.goskope.com/api/v1/report
Valid query parameters are:
Key | Value | Description |
---|---|---|
| string | Required. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL. |
| Valid event query. | This acts as a filter for all the cloud app events in the events database. |
|
| Selects application events, connection events or alerts (Policy, DLP, Quarantine, Watchlist). |
|
| Activity is only available for type = application or alert. |
|
| Last 60 mins | Last 24 Hrs | Last 7 Days | Last 30 Days |
| Unix epoch time | Restrict events to those that have timestamps greater than this. Needed only if |
| Unix epoch time | Restrict events to those that have timestamps less than or equal to this. Needed only if |
| Positive integer less than 10000 | REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results. |
| Positive integer | Skip over some of the events (useful for pagination in combination with limit). |
Example Report Request
POST https://<tenant-name>
.goskope.com/api/v1/report?query=alert_type%20eq%20DLP&type=alert&groupby=user&timeperiod=3600
{ "token": "f32a973eddd7bc1602fc0f48dc0a"
}
Query for DLP violations grouped by user:
POST https://<tenant-name>
.goskope.com/api/v1/report?query=
alert_type eq DLP&type=alert&groupby=user&timeperiod=2592000
{ "token": "f32a973eddd7bc1602fc0f48dc0a"
}
Set endpoint name as
report
Set
query=alert_type eq DLP
to query for DLP alertsSet
type=alert to query
for DLP alertsSet
groupby=user