WebsiteBlogLogin

Alert Endpoints

Overview

Get a list of all or filtered alerts. The alerts listed are what remains after alert exclusions are applied by Netskope.

Configuration

Parameters

  • Domain (netskopeDomain)

  • Index (netskopeIndex) - The index parameter in the Netskope API for Data Export is used to:

    • Uniquely identify an export session.

    • Prevent multiple API consumers from overlapping their collections.

    • Allow incremental paging without losing events.

Secrets

After entering the required parameters and secrets, you can choose to manually enter the Netskope API Alerts fields, or simply paste the desired YAML.

Configure as YAML

/withTemporalWindow: true
temporalWindow:
  duration: 5m
  offset: 0
  tz: UTC
  format: Epoch
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "cursor"
  cursor: ".timestamp_hwm"
  initialRequest:
    method: GET
    url: "https://${parameters.domain}/api/v2/events/dataexport/alerts/compromisedcredential?index=${parameters.netskopeIndex}&operation=${temporalWindow.from}"
    headers:
      - name: Accept
        value: application/json
      - name: Netskope-Api-Token
        value: "${secrets.netskopeApiToken}"
  nextRequest:
    method: GET
    url: "https://${parameters.domain}/api/v2/events/dataexport/alerts/compromisedcredential?operation=next&index=${parameters.netskopeIndex}"
    headers:
      - name: Accept
        value: application/json
      - name: Netskope-Api-Token
        value: "${secrets.netskopeApiToken}"
  output:
    select: ".result"
    map: "."
    outputMode: element
withTemporalWindow: true
temporalWindow:
  duration: 5m
  offset: 0
  tz: UTC
  format: Epoch
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "cursor"
  cursor: ".timestamp_hwm"
  initialRequest:
    method: GET
    url: "https://${parameters.domain}/api/v2/events/dataexport/alerts/quarantine?index=${parameters.netskopeIndex}&operation=${temporalWindow.from}"
    headers:
      - name: Accept
        value: application/json
      - name: Netskope-Api-Token
        value: "${secrets.netskopeApiToken}"
  nextRequest:
    method: GET
    url: "https://${parameters.domain}/api/v2/events/dataexport/alerts/quarantine?operation=next&index=${parameters.netskopeIndex}"
    headers:
      - name: Accept
        value: application/json
      - name: Netskope-Api-Token
        value: "${secrets.netskopeApiToken}"
  output:
    select: ".result"
    map: "."
    outputMode: element

Manually Configure

Temporal Window

Toggle ON to add a temporal window for events. This repeatedly shifts the time window over which data is collected.

  • Duration - 5 minutes (5m) as default, adjust based on your needs.

  • Offset - initial offset should be 0 (the latest alert).

  • Format - Epoch

Authentication Phase

OFF

Enumeration Phase

OFF

Collection Phase

  • Pagination Type* - cursor

  • Cursor Selector* - .timestamp_hwm

  • Initial Request

    • Method* - GET

    • URL* - https://${parameters.domain}/api/v2/events/dataexport/alerts/INSERT NAME FROM YAMLS ABOVE ?index=${parameters.netskopeIndex}&operation=${temporalWindow.from}

    • Headers -

      • Name - Accept

      • Value - application/json

      • Name - Netskope-Api-Token

      • Value - ${secrets.netskopeApiToken}

    Next Request

    • Method* - GET

    • URL* - https://${parameters.domain}/api/v2/events/dataexport/alerts/INSERT NAME?operation=next&index=${parameters.netskopeIndex}

    • Headers -

      • Name - Accept

      • Value - application/json

      • Name - Netskope-Api-Token

      • Value - ${secrets.netskopeApiToken}

  • Output

    • Select - .result

    • Map - .

    • Output Mode - element

Click Create labels to move on to the next step and define the required Labels if needed.

PreviousCollect data from NetskopeNextEvent

Last updated

Was this helpful?