Fortinet black logo

Online Help

Post Alert List

Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:291101

Post Alert List

Description

Get cloud service account alert details.

URL

/api/v1/alert/list

Request Method: Post

Request Headers

Key

Value

Type

Description

Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCASB
Content-Type application/json String
companyId <Company ID> Integer Company ID of which the business unit is under, can be obtained through Get Resource Map.

roleId

<User ID>

Integer

Login user ID, can be obtained through Get Resource Map.

buId

<Business Unit ID>

Long

The targeted business unit ID on FortiCASB. Business unit ID can be obtained through . Alternatively, it can also be obtained from the REST API Get Resource Map

Request Body Parameters

Name

Required

Type

Description

service

<Cloud Service>

String

Cloud service name such as Salesforce,Office365, etc.

startTime Required long Timestamp, filter to get open alert time after start date
endTime Required long Timestamp, filter to get open alert time before start date
skip Required integer Indexes in a result set. Used to exclude response from the first N items of a resource collection.
limit Required integer Maximum number of return items
user Optional List<String> Filter to search user email
policy Optional List<String> Filter to search alert id
activity Optional List<String> Filter to search alert by activities
objectIdList Optional List<String> Filter to search alert by object identity
objectName Optional String Filter to search alert by object name
severity Optional List<String> Filter to search alert by severity
status Optional List<String> Filter to search by status
idList Optional List<String> Filter to search alert by alert IDs
alertType Optional List<String> Filter to search alert by alert types
countryList Optional List<String> Filter to search alert by countries
asc Optional String

Sort and display all alerts by ascending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severity": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

desc

Optional

String

Sort and display all alerts by descending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severity": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

Sample Request

Request URL

POST https://www.forticasb.com/api/v1/alert/list

Request Header

Authorization: Bearer <Authorization_Token>

Content-Type: application/json

buid: 6384

service: Salesforce

roleId:36241

companyId: 62598

Request Body

{

"service":"Salesforce",

"startTime":1583792777000,

"endTime":1583879177000,

"id":"",

"user":[

],

"policy":[

],

"activity":[

],

"objectid":[

],

"severity":[

],

"status":[

],

"city":[

],

"idList":[

],

"alertType":[

],

"asc":"severity",

"desc":"",

"end_dt":"2020-03-10T15:26:17-0700",

"start_dt":"2020-03-09T15:26:17-0700",

"id_list":[

],

"skip":0,

"limit":20

}

Response Variables

Name

Type

Description

buId Long Business ID
companyId String Company ID
id String Alert ID
object String Object name that triggered the alert
objectType String Object type of alert
objectId String Object id that triggered the alert
severity String Severity of the alert
serviceId String ID to distinguish different account of the cloud service
violationActivity String Activity violation that triggered alert
displayOperation String Operation that triggered alert
createTime long Timestamp of when the alert is created in UTC
updateTime long Timestamp of when the alert is updated in UTC
policyName String Violation policy name
policyId String Name of the policy that alert is triggered by
policyCode String ID of the policy that alert is triggered by
contextName String Context name of violation policy
userId String ID of the user who trigger the alert
eventId String ID of the event
eventIdList Array List id of the events
service Application Cloud service
resultDesc String Description for violation context
geoLocationList Array Place where the activity occurred.
alertType String Classification of the alert
alertSubType String Sub classification of the alert
defineType String Type of policy, predefined or customized
state String Alert state
totalPage long Total page of alert results
skip integer Indexes in a result set. Used to exclude a response from the first N items of a resource collection.
limit integer Maximum number of return alerts in one page
totalCount integer Total number of activities on file
user String The registered user name of FCASB
userName String The registered user email of FCASB

Sample Response

{

"data":[

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"id":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347799,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk004-akeXpvvQdWBzRhXAwDyJw",

"eventIdList":[

"203A8hk004-akeXpvvQdWBzRhXAwDyJw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"id":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347798,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk003U7DBS8g5ScuSgpxwM_TUTw",

"eventIdList":[

"203A8hk003U7DBS8g5ScuSgpxwM_TUTw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"id":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347664,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ",

"eventIdList":[

"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

],

"totalPage":0,

"limit":20,

"skip":0,

"totalCount":6

}

Post Alert List

Description

Get cloud service account alert details.

URL

/api/v1/alert/list

Request Method: Post

Request Headers

Key

Value

Type

Description

Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCASB
Content-Type application/json String
companyId <Company ID> Integer Company ID of which the business unit is under, can be obtained through Get Resource Map.

roleId

<User ID>

Integer

Login user ID, can be obtained through Get Resource Map.

buId

<Business Unit ID>

Long

The targeted business unit ID on FortiCASB. Business unit ID can be obtained through . Alternatively, it can also be obtained from the REST API Get Resource Map

Request Body Parameters

Name

Required

Type

Description

service

<Cloud Service>

String

Cloud service name such as Salesforce,Office365, etc.

startTime Required long Timestamp, filter to get open alert time after start date
endTime Required long Timestamp, filter to get open alert time before start date
skip Required integer Indexes in a result set. Used to exclude response from the first N items of a resource collection.
limit Required integer Maximum number of return items
user Optional List<String> Filter to search user email
policy Optional List<String> Filter to search alert id
activity Optional List<String> Filter to search alert by activities
objectIdList Optional List<String> Filter to search alert by object identity
objectName Optional String Filter to search alert by object name
severity Optional List<String> Filter to search alert by severity
status Optional List<String> Filter to search by status
idList Optional List<String> Filter to search alert by alert IDs
alertType Optional List<String> Filter to search alert by alert types
countryList Optional List<String> Filter to search alert by countries
asc Optional String

Sort and display all alerts by ascending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severity": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

desc

Optional

String

Sort and display all alerts by descending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severity": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

Sample Request

Request URL

POST https://www.forticasb.com/api/v1/alert/list

Request Header

Authorization: Bearer <Authorization_Token>

Content-Type: application/json

buid: 6384

service: Salesforce

roleId:36241

companyId: 62598

Request Body

{

"service":"Salesforce",

"startTime":1583792777000,

"endTime":1583879177000,

"id":"",

"user":[

],

"policy":[

],

"activity":[

],

"objectid":[

],

"severity":[

],

"status":[

],

"city":[

],

"idList":[

],

"alertType":[

],

"asc":"severity",

"desc":"",

"end_dt":"2020-03-10T15:26:17-0700",

"start_dt":"2020-03-09T15:26:17-0700",

"id_list":[

],

"skip":0,

"limit":20

}

Response Variables

Name

Type

Description

buId Long Business ID
companyId String Company ID
id String Alert ID
object String Object name that triggered the alert
objectType String Object type of alert
objectId String Object id that triggered the alert
severity String Severity of the alert
serviceId String ID to distinguish different account of the cloud service
violationActivity String Activity violation that triggered alert
displayOperation String Operation that triggered alert
createTime long Timestamp of when the alert is created in UTC
updateTime long Timestamp of when the alert is updated in UTC
policyName String Violation policy name
policyId String Name of the policy that alert is triggered by
policyCode String ID of the policy that alert is triggered by
contextName String Context name of violation policy
userId String ID of the user who trigger the alert
eventId String ID of the event
eventIdList Array List id of the events
service Application Cloud service
resultDesc String Description for violation context
geoLocationList Array Place where the activity occurred.
alertType String Classification of the alert
alertSubType String Sub classification of the alert
defineType String Type of policy, predefined or customized
state String Alert state
totalPage long Total page of alert results
skip integer Indexes in a result set. Used to exclude a response from the first N items of a resource collection.
limit integer Maximum number of return alerts in one page
totalCount integer Total number of activities on file
user String The registered user name of FCASB
userName String The registered user email of FCASB

Sample Response

{

"data":[

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"id":"203A8qR797nn390d6CQhOH6DjrdiGx9A",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347799,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk004-akeXpvvQdWBzRhXAwDyJw",

"eventIdList":[

"203A8hk004-akeXpvvQdWBzRhXAwDyJw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"id":"203A8qR796Xvf-yGqIQvSPwS7831UnKA",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347798,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk003U7DBS8g5ScuSgpxwM_TUTw",

"eventIdList":[

"203A8hk003U7DBS8g5ScuSgpxwM_TUTw"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

{

"buId":6384,

"companyId":"6",

"timestampUUID":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"id":"203A8qR661F8irdySGQZ2gT5BxOk3plg",

"objectType":"USER",

"objectId":"0050P000006d7J1QAI",

"user":"0050P000006d7J1QAI",

"userName":"0050P000006d7J1QAI",

"severity":"Alert",

"applicationId":"00D0P000000Db1XUAS",

"violationActivity":"SALESFORCE_MODIFY_PERMISSION_SET",

"displayOperation":"Modify Permission Set",

"createTime":1583830347664,

"updateTime":1583830347000,

"policyName":"Restricted User",

"policyId":"16615",

"policyCode":"FC-ACT-010",

"contextName":"Restricted User",

"userId":"0050P000006d7J1QAI",

"eventId":"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ",

"eventIdList":[

"203A8hk002J2FkUSUIQjaCHtr9UDBLXQ"

],

"service":"Salesforce",

"resultDesc":"hit the rule: all user include and all event include",

"matches":0,

"geoLocationList":[

],

"alertType":"Threat protection",

"defineType":"Predefined",

"state":"Open"

},

],

"totalPage":0,

"limit":20,

"skip":0,

"totalCount":6

}