Post Alert List
Description
Get cloud service account alert details.
URL
/api/v1/alert/list
Request Method: Post
Request Headers
Key |
Value |
Type |
Description |
---|---|---|---|
Authorization | Bearer <Authorization Token> | String | Authorization credential generated by FortiCASB |
Content-Type | application/json | String | |
companyId | <Company ID> | Integer | Company ID of which the business unit is under, can be obtained through Get Resource Map. |
roleId |
<User ID> |
Integer |
Login user ID, can be obtained through Get Resource Map. |
buId |
<Business Unit ID> |
Long |
The targeted business unit ID on FortiCASB. Business unit ID can be obtained through . Alternatively, it can also be obtained from the REST API Get Resource Map |
Request Body Parameters
Name |
Required |
Type |
Description |
---|---|---|---|
service |
<Cloud Service> |
String |
Cloud service name such as Salesforce,Office365, etc. |
startTime | Required | long | Timestamp, filter to get open alert time after start date |
endTime | Required | long | Timestamp, filter to get open alert time before start date |
skip | Required | integer | Indexes in a result set. Used to exclude response from the first N items of a resource collection. |
limit | Required | integer | Maximum number of return items |
user | Optional | List<String> | Filter to search user email |
policy | Optional | List<String> | Filter to search alert id |
activity | Optional | List<String> | Filter to search alert by activities |
objectIdList | Optional | List<String> | Filter to search alert by object identity |
objectName | Optional | String | Filter to search alert by object name |
severity | Optional | List<String> | Filter to search alert by severity |
status | Optional | List<String> | Filter to search by status |
idList | Optional | List<String> | Filter to search alert by alert IDs |
alertType | Optional | List<String> | Filter to search alert by alert types |
countryList | Optional | List<String> | Filter to search alert by countries |
asc | Optional | String |
Sort and display all alerts by ascending order. The optional string parameters provide sort options: "policyName": sort by the policy names that triggered the alert. "severity": sort by the severity levels of the alert. "createTimestamp": sort by the alert creation time. "timestamp": sort by the last updated alerts. |
desc |
Optional |
String |
Sort and display all alerts by descending order. The optional string parameters provide sort options: "policyName": sort by the policy names that triggered the alert. "severity": sort by the severity levels of the alert. "createTimestamp": sort by the alert creation time. "timestamp": sort by the last updated alerts. |
Sample Request
Request URL |
POST https://www.forticasb.com/api/v1/alert/list |
Request Header |
Authorization: Bearer <Authorization_Token> Content-Type: application/json buid: 6384 service: Salesforce roleId:36241 companyId: 62598
|
Request Body |
{ "service":"Salesforce", "startTime":1583792777000, "endTime":1583879177000, "id":"", "user":[ ], "policy":[ ], "activity":[ ], "objectid":[ ], "severity":[ ], "status":[ ], "city":[ ], "idList":[ ], "alertType":[ ], "asc":"severity", "desc":"", "end_dt":"2020-03-10T15:26:17-0700", "start_dt":"2020-03-09T15:26:17-0700", "id_list":[ ], "skip":0, "limit":20 } |
Response Variables
Name |
Type |
Description |
---|---|---|
buId | Long | Business ID |
companyId | String | Company ID |
id | String | Alert ID |
object | String | Object name that triggered the alert |
objectType | String | Object type of alert |
objectId | String | Object id that triggered the alert |
severity | String | Severity of the alert |
serviceId | String | ID to distinguish different account of the cloud service |
violationActivity | String | Activity violation that triggered alert |
displayOperation | String | Operation that triggered alert |
createTime | long | Timestamp of when the alert is created in UTC |
updateTime | long | Timestamp of when the alert is updated in UTC |
policyName | String | Violation policy name |
policyId | String | Name of the policy that alert is triggered by |
policyCode | String | ID of the policy that alert is triggered by |
contextName | String | Context name of violation policy |
userId | String | ID of the user who trigger the alert |
eventId | String | ID of the event |
eventIdList | Array | List id of the events |
service | Application | Cloud service |
resultDesc | String | Description for violation context |
geoLocationList | Array | Place where the activity occurred. |
alertType | String | Classification of the alert |
alertSubType | String | Sub classification of the alert |
defineType | String | Type of policy, predefined or customized |
state | String | Alert state |
totalPage | long | Total page of alert results |
skip | integer | Indexes in a result set. Used to exclude a response from the first N items of a resource collection. |
limit | integer | Maximum number of return alerts in one page |
totalCount | integer | Total number of activities on file |
user | String | The registered user name of FCASB |
userName | String | The registered user email of FCASB |
Sample Response
{
"data":[
{
"buId":6384,
"companyId":"6",
"timestampUUID":"203A8qR797nn390d6CQhOH6DjrdiGx9A",
"id":"203A8qR797nn390d6CQhOH6DjrdiGx9A",
"objectType":"USER",
"objectId":"0050P000006d7J1QAI",
"user":"0050P000006d7J1QAI",
"userName":"0050P000006d7J1QAI",
"severity":"Alert",
"applicationId":"00D0P000000Db1XUAS",
"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",
"displayOperation":"Modify Permission Set",
"createTime":1583830347799,
"updateTime":1583830347000,
"policyName":"Restricted User",
"policyId":"16615",
"policyCode":"FC-ACT-010",
"contextName":"Restricted User",
"userId":"0050P000006d7J1QAI",
"eventId":"203A8hk004-akeXpvvQdWBzRhXAwDyJw",
"eventIdList":[
"203A8hk004-akeXpvvQdWBzRhXAwDyJw"
],
"service":"Salesforce",
"resultDesc":"hit the rule: all user include and all event include",
"matches":0,
"geoLocationList":[
],
"alertType":"Threat protection",
"defineType":"Predefined",
"state":"Open"
},
{
"buId":6384,
"companyId":"6",
"timestampUUID":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",
"id":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",
"objectType":"USER",
"objectId":"0050P000006d7J1QAI",
"user":"0050P000006d7J1QAI",
"userName":"0050P000006d7J1QAI",
"severity":"Alert",
"applicationId":"00D0P000000Db1XUAS",
"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",
"displayOperation":"Modify Permission Set",
"createTime":1583830347798,
"updateTime":1583830347000,
"policyName":"Restricted User",
"policyId":"16615",
"policyCode":"FC-ACT-010",
"contextName":"Restricted User",
"userId":"0050P000006d7J1QAI",
"eventId":"203A8hk003U7DBS8g5ScuSgpxwM_TUTw",
"eventIdList":[
"203A8hk003U7DBS8g5ScuSgpxwM_TUTw"
],
"service":"Salesforce",
"resultDesc":"hit the rule: all user include and all event include",
"matches":0,
"geoLocationList":[
],
"alertType":"Threat protection",
"defineType":"Predefined",
"state":"Open"
},
{
"buId":6384,
"companyId":"6",
"timestampUUID":"203A8qR661F8irdySGQZ2gT5BxOk3plg",
"id":"203A8qR661F8irdySGQZ2gT5BxOk3plg",
"objectType":"USER",
"objectId":"0050P000006d7J1QAI",
"user":"0050P000006d7J1QAI",
"userName":"0050P000006d7J1QAI",
"severity":"Alert",
"applicationId":"00D0P000000Db1XUAS",
"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",
"displayOperation":"Modify Permission Set",
"createTime":1583830347664,
"updateTime":1583830347000,
"policyName":"Restricted User",
"policyId":"16615",
"policyCode":"FC-ACT-010",
"contextName":"Restricted User",
"userId":"0050P000006d7J1QAI",
"eventId":"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ",
"eventIdList":[
"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ"
],
"service":"Salesforce",
"resultDesc":"hit the rule: all user include and all event include",
"matches":0,
"geoLocationList":[
],
"alertType":"Threat protection",
"defineType":"Predefined",
"state":"Open"
},
],
"totalPage":0,
"limit":20,
"skip":0,
"totalCount":6
}