Skip to main content

Netskope Help

Get Reports Data

This endpoint returns the result of a report generated on one of the fields in the summarization database.

Request Endpoint
https://<tenant-name>.goskope.com/api/v1/report

Valid query parameters are:

Key

Value

Description

token

string

Required. The token obtained from the REST API page in the Netskope UI ( Settings > Tools > Rest API v1) is required. We recommend that you place the token in the body of the request, not in the endpoint URL.

query

Valid event query.

This acts as a filter for all the cloud app events in the events database.

type

application | connection | alert | network

Selects application events, connection events or alerts (Policy, DLP, Quarantine, Watchlist).

groupby

application | user | device | activity

Activity is only available for type = application or alert.

timeperiod

3600 | 86400 | 604800 | 2592000

Last 60 mins | Last 24 Hrs | Last 7 Days | Last 30 Days

starttime

Unix epoch time

Restrict events to those that have timestamps greater than this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.

endtime

Unix epoch time

Restrict events to those that have timestamps less than or equal to this. Needed only if timeperiod or insertionstarttime/insertionendtime is not passed.

limit

Positive integer less than 10000

REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.

skip

Positive integer

Skip over some of the events (useful for pagination in combination with limit).

Example Report Request
POST https://<tenant-name>.goskope.com/api/v1/report?query=alert_type%20eq%20DLP&type=alert&groupby=user&timeperiod=3600 
{    "token": "f32a973eddd7bc1602fc0f48dc0a"
}

Query for DLP violations grouped by user:

POST https://<tenant-name>.goskope.com/api/v1/report?query=
alert_type eq DLP&type=alert&groupby=user&timeperiod=2592000
{    "token": "f32a973eddd7bc1602fc0f48dc0a"
}
  • Set endpoint name as report

  • Set query=alert_type eq DLP to query for DLP alerts

  • Set type=alert to query for DLP alerts

  • Set groupby=user