Get Alert List
Description
Get cloud service account alert details.
URL
/api/v1/alert/list
Request Method: Post
Request Header
Key |
Value |
Type |
Description |
---|---|---|---|
companyId | <Company ID> | Integer | Company ID |
Authorization | Bearer <Authorization Token> | String | Authorization credential generated by FortiCASB |
buId |
<Business Unit ID> |
Long |
The targeted business unit ID on FortiCASB. Business unit ID can be obtained through View or Remove Business User. Alternatively, it can also be obtained from the REST API Get Resource Map |
service |
<Cloud Service> |
String |
Cloud service name such as Salesforce,Office365, etc. |
Content-Type | application/json | String |
Request Body Parameters
Name |
Required |
Type |
Description |
---|---|---|---|
startTime | Required | long | Timestamp, filter to get open alert time after start date |
endTime | Required | long | Timestamp, filter to get open alert time before start date |
skip | Required | integer | Indexes in a result set. Used to exclude response from the first N items of a resource collection. |
limit | Required | integer | Maximum number of return items |
user | Optional | List<String> | Filter to search user email |
policy | Optional | List<String> | Filter to search alert id |
activity | Optional | List<String> | Filter to search alert by activities |
objectIdList | Optional | List<String> | Filter to search alert by object identity |
objectName | Optional | String | Filter to search alert by object name |
severity | Optional | List<String> | Filter to search alert by severity |
status | Optional | List<String> | Filter to search by status |
idList | Optional | List<String> | Filter to search alert by alert IDs |
alertType | Optional | List<String> | Filter to search alert by alert types |
countryList | Optional | List<String> | Filter to search alert by countries |
Sample Request
Request URL |
POST https://www.forticasb.com/api/v1/alert/list |
Request Header |
Authorization: Bearer <Authorization_Token> companyId: 6 Content-Type: application/json buid: 6384 service: Salesforce |
Request Body |
{ "service":"Salesforce", "startTime":1583792777000, "endTime":1583879177000, "id":"", "user":[ ], "policy":[ ], "activity":[ ], "objectid":[ ], "severity":[ ], "status":[ ], "city":[ ], "idList":[ ], "alertType":[ ], "asc":"severity", "desc":"", "end_dt":"2020-03-10T15:26:17-0700", "start_dt":"2020-03-09T15:26:17-0700", "id_list":[ ], "skip":0, "limit":20 } |
Response Variable
Name |
Type |
Description |
---|---|---|
buId | Long | Business ID |
companyId | Long | Company ID |
id | String | Alert ID |
object | String | Object name that triggered the alert |
objectType | String | Object type of alert |
objectId | String | Object id that triggered the alert |
severity | String | Severity of the alert |
serviceId | String | ID to distinguish different account of the cloud service |
violationActivity | String | Activity violation that triggered alert |
displayOperation | String | Operation that triggered alert |
createTime | long | Timestamp of when the alert is created in UTC |
updateTime | long | Timestamp of when the alert is updated in UTC |
policyName | String | Violation policy name |
policyId | String | Name of the policy that alert is triggered by |
policyCode | String | ID of the policy that alert is triggered by |
contextName | String | Context name of violation policy |
userId | String | ID of the user who trigger the alert |
eventId | String | ID of the event |
eventIdList | Array | List id of the events |
service | Application | Cloud service |
resultDesc | String | Description for violation context |
geoLocationList | Array | Place where the activity occurred. |
alertType | String | Classification of the alert |
alertSubType | String | Sub classification of the alert |
defineType | String | Type of policy, predefined or customized |
state | String | Alert state |
totalPage | long | Total page of alert results |
skip | integer | Indexes in a result set. Used to exclude a response from the first N items of a resource collection. |
limit | integer | Maximum number of return alerts in one page |
totaCount | integer | Total number of activities on file |
user | String | The registered user name of FCASB |
userName | String | The registered user email of FCASB |
Sample Response
{
"data":[
{
"buId":6384,
"companyId":"6",
"timestampUUID":"203A8qR797nn390d6CQhOH6DjrdiGx9A",
"id":"203A8qR797nn390d6CQhOH6DjrdiGx9A",
"objectType":"USER",
"objectId":"0050P000006d7J1QAI",
"user":"0050P000006d7J1QAI",
"userName":"0050P000006d7J1QAI",
"severity":"Alert",
"applicationId":"00D0P000000Db1XUAS",
"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",
"displayOperation":"Modify Permission Set",
"createTime":1583830347799,
"updateTime":1583830347000,
"policyName":"Restricted User",
"policyId":"16615",
"policyCode":"FC-ACT-010",
"contextName":"Restricted User",
"userId":"0050P000006d7J1QAI",
"eventId":"203A8hk004-akeXpvvQdWBzRhXAwDyJw",
"eventIdList":[
"203A8hk004-akeXpvvQdWBzRhXAwDyJw"
],
"service":"Salesforce",
"resultDesc":"hit the rule: all user include and all event include",
"matches":0,
"geoLocationList":[
],
"alertType":"Threat protection",
"defineType":"Predefined",
"state":"Open"
},
{
"buId":6384,
"companyId":"6",
"timestampUUID":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",
"id":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",
"objectType":"USER",
"objectId":"0050P000006d7J1QAI",
"user":"0050P000006d7J1QAI",
"userName":"0050P000006d7J1QAI",
"severity":"Alert",
"applicationId":"00D0P000000Db1XUAS",
"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",
"displayOperation":"Modify Permission Set",
"createTime":1583830347798,
"updateTime":1583830347000,
"policyName":"Restricted User",
"policyId":"16615",
"policyCode":"FC-ACT-010",
"contextName":"Restricted User",
"userId":"0050P000006d7J1QAI",
"eventId":"203A8hk003U7DBS8g5ScuSgpxwM_TUTw",
"eventIdList":[
"203A8hk003U7DBS8g5ScuSgpxwM_TUTw"
],
"service":"Salesforce",
"resultDesc":"hit the rule: all user include and all event include",
"matches":0,
"geoLocationList":[
],
"alertType":"Threat protection",
"defineType":"Predefined",
"state":"Open"
},
{
"buId":6384,
"companyId":"6",
"timestampUUID":"203A8qR661F8irdySGQZ2gT5BxOk3plg",
"id":"203A8qR661F8irdySGQZ2gT5BxOk3plg",
"objectType":"USER",
"objectId":"0050P000006d7J1QAI",
"user":"0050P000006d7J1QAI",
"userName":"0050P000006d7J1QAI",
"severity":"Alert",
"applicationId":"00D0P000000Db1XUAS",
"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",
"displayOperation":"Modify Permission Set",
"createTime":1583830347664,
"updateTime":1583830347000,
"policyName":"Restricted User",
"policyId":"16615",
"policyCode":"FC-ACT-010",
"contextName":"Restricted User",
"userId":"0050P000006d7J1QAI",
"eventId":"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ",
"eventIdList":[
"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ"
],
"service":"Salesforce",
"resultDesc":"hit the rule: all user include and all event include",
"matches":0,
"geoLocationList":[
],
"alertType":"Threat protection",
"defineType":"Predefined",
"state":"Open"
},
],
"totalPage":0,
"limit":20,
"skip":0,
"totalCount":6
}