Fortinet black logo

online help

Get Alert List

Copy Link
Copy Doc ID d2c8e2ba-6afb-11ea-9384-00505692583a:291101

Get Alert List

Description

Get cloud service account alert details.

URL

/api/v1/alert/list

Request Method: Post

Request Header

Key

Value

Type

Description

companyId <Company ID> Integer Company ID
Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCASB

buId

<Business Unit ID>

Long

The targeted business unit ID on FortiCASB. Business unit ID can be obtained through View or Remove Business User. Alternatively, it can also be obtained from the REST API Get Resource Map

service

<Cloud Service>

String

Cloud service name such as Salesforce,Office365, etc.

Content-Type application/json String

Request Body Parameters

Name

Required

Type

Description

startTime Required long Timestamp, filter to get open alert time after start date
endTime Required long Timestamp, filter to get open alert time before start date
skip Required integer Indexes in a result set. Used to exclude response from the first N items of a resource collection.
limit Required integer Maximum number of return items
user Optional List<String> Filter to search user email
policy Optional List<String> Filter to search alert id
activity Optional List<String> Filter to search alert by activities
objectIdList Optional List<String> Filter to search alert by object identity
objectName Optional String Filter to search alert by object name
severity Optional List<String> Filter to search alert by severity
status Optional List<String> Filter to search by status
idList Optional List<String> Filter to search alert by alert IDs
alertType Optional List<String> Filter to search alert by alert types
countryList Optional List<String> Filter to search alert by countries

Sample Request

Request URL

POST https://www.forticasb.com/api/v1/alert/list

Request Header

Authorization: Bearer <Authorization_Token>

companyId: 6

Content-Type: application/json

buid: 6384

service: Salesforce

Request Body

{

"service":"Salesforce",

"startTime":1583792777000,

"endTime":1583879177000,

"id":"",

"user":[

],

"policy":[

],

"activity":[

],

"objectid":[

],

"severity":[

],

"status":[

],

"city":[

],

"idList":[

],

"alertType":[

],

"asc":"severity",

"desc":"",

"end_dt":"2020-03-10T15:26:17-0700",

"start_dt":"2020-03-09T15:26:17-0700",

"id_list":[

],

"skip":0,

"limit":20

}

Response Variable

Name

Type

Description

buId Long Business ID
companyId Long Company ID
id String Alert ID
object String Object name that triggered the alert
objectType String Object type of alert
objectId String Object id that triggered the alert
severity String Severity of the alert
serviceId String ID to distinguish different account of the cloud service
violationActivity String Activity violation that triggered alert
displayOperation String Operation that triggered alert
createTime long Timestamp of when the alert is created in UTC
updateTime long Timestamp of when the alert is updated in UTC
policyName String Violation policy name
policyId String Name of the policy that alert is triggered by
policyCode String ID of the policy that alert is triggered by
contextName String Context name of violation policy
userId String ID of the user who trigger the alert
eventId String ID of the event
eventIdList Array List id of the events
service Application Cloud service
resultDesc String Description for violation context
geoLocationList Array Place where the activity occurred.
alertType String Classification of the alert
alertSubType String Sub classification of the alert
defineType String Type of policy, predefined or customized
state String Alert state
totalPage long Total page of alert results
skip integer Indexes in a result set. Used to exclude a response from the first N items of a resource collection.
limit integer Maximum number of return alerts in one page
totaCount integer Total number of activities on file
user String The registered user name of FCASB
userName String The registered user email of FCASB

Sample Response

{

"data":[

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"id":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347799,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk004-akeXpvvQdWBzRhXAwDyJw",

"eventIdList":[

"203A8hk004-akeXpvvQdWBzRhXAwDyJw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"id":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347798,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk003U7DBS8g5ScuSgpxwM_TUTw",

"eventIdList":[

"203A8hk003U7DBS8g5ScuSgpxwM_TUTw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"id":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347664,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ",

"eventIdList":[

"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

],

"totalPage":0,

"limit":20,

"skip":0,

"totalCount":6

}

Get Alert List

Description

Get cloud service account alert details.

URL

/api/v1/alert/list

Request Method: Post

Request Header

Key

Value

Type

Description

companyId <Company ID> Integer Company ID
Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCASB

buId

<Business Unit ID>

Long

The targeted business unit ID on FortiCASB. Business unit ID can be obtained through View or Remove Business User. Alternatively, it can also be obtained from the REST API Get Resource Map

service

<Cloud Service>

String

Cloud service name such as Salesforce,Office365, etc.

Content-Type application/json String

Request Body Parameters

Name

Required

Type

Description

startTime Required long Timestamp, filter to get open alert time after start date
endTime Required long Timestamp, filter to get open alert time before start date
skip Required integer Indexes in a result set. Used to exclude response from the first N items of a resource collection.
limit Required integer Maximum number of return items
user Optional List<String> Filter to search user email
policy Optional List<String> Filter to search alert id
activity Optional List<String> Filter to search alert by activities
objectIdList Optional List<String> Filter to search alert by object identity
objectName Optional String Filter to search alert by object name
severity Optional List<String> Filter to search alert by severity
status Optional List<String> Filter to search by status
idList Optional List<String> Filter to search alert by alert IDs
alertType Optional List<String> Filter to search alert by alert types
countryList Optional List<String> Filter to search alert by countries

Sample Request

Request URL

POST https://www.forticasb.com/api/v1/alert/list

Request Header

Authorization: Bearer <Authorization_Token>

companyId: 6

Content-Type: application/json

buid: 6384

service: Salesforce

Request Body

{

"service":"Salesforce",

"startTime":1583792777000,

"endTime":1583879177000,

"id":"",

"user":[

],

"policy":[

],

"activity":[

],

"objectid":[

],

"severity":[

],

"status":[

],

"city":[

],

"idList":[

],

"alertType":[

],

"asc":"severity",

"desc":"",

"end_dt":"2020-03-10T15:26:17-0700",

"start_dt":"2020-03-09T15:26:17-0700",

"id_list":[

],

"skip":0,

"limit":20

}

Response Variable

Name

Type

Description

buId Long Business ID
companyId Long Company ID
id String Alert ID
object String Object name that triggered the alert
objectType String Object type of alert
objectId String Object id that triggered the alert
severity String Severity of the alert
serviceId String ID to distinguish different account of the cloud service
violationActivity String Activity violation that triggered alert
displayOperation String Operation that triggered alert
createTime long Timestamp of when the alert is created in UTC
updateTime long Timestamp of when the alert is updated in UTC
policyName String Violation policy name
policyId String Name of the policy that alert is triggered by
policyCode String ID of the policy that alert is triggered by
contextName String Context name of violation policy
userId String ID of the user who trigger the alert
eventId String ID of the event
eventIdList Array List id of the events
service Application Cloud service
resultDesc String Description for violation context
geoLocationList Array Place where the activity occurred.
alertType String Classification of the alert
alertSubType String Sub classification of the alert
defineType String Type of policy, predefined or customized
state String Alert state
totalPage long Total page of alert results
skip integer Indexes in a result set. Used to exclude a response from the first N items of a resource collection.
limit integer Maximum number of return alerts in one page
totaCount integer Total number of activities on file
user String The registered user name of FCASB
userName String The registered user email of FCASB

Sample Response

{

"data":[

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"id":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347799,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk004-akeXpvvQdWBzRhXAwDyJw",

"eventIdList":[

"203A8hk004-akeXpvvQdWBzRhXAwDyJw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"id":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347798,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk003U7DBS8g5ScuSgpxwM_TUTw",

"eventIdList":[

"203A8hk003U7DBS8g5ScuSgpxwM_TUTw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"id":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347664,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ",

"eventIdList":[

"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

],

"totalPage":0,

"limit":20,

"skip":0,

"totalCount":6

}