Fortinet black logo

Online Help

Get Alert by Filter

Copy Link
Copy Doc ID 4a6f3c4b-8d0f-11eb-a7dc-00505692583a:532342

Get Alert by Filter

Description

Get alerts of all accounts by filtering through alert filters. File ID of the documents residing in the cloud account can be retrieved through this request. To get File ID from the response body, the request body parameter alertType needs to be "Data Analysis". After submitting the rest, in the response body, the objectType will be "Document Type", and the objectID returned will be the file ID of the document.

URL

/api/v1/alert/list

Request Method: Post

Request Headers

Key

Value

Type

Description

companyId <12345> Integer Company ID - Company ID can be obtained through Get Resource Map
Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCWP
Content-Type application/json String

Request Body Parameters

Name Required Type Description
startTime Required Long Starting time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
endTime Required Long Ending time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
skip Required integer Indexes in a result set, used to exclude response from the first N items of a resource collection.
limit Required integer Maximum number of returned items.
id Optional String Filter to search input alert id

user

Optional

Array

Filter to search alert by user

activity Optional Array Filter to search alert by activities
objectIdList Optional Array Filter to search alert by object identity
objectName Optional String Filter to search alert by object name
objectId Optional String Filter to search alert by object identity
severity Optional Array Filter to search alert by severity
countryList Optional Array Filter to search alert by countries
idList Optional Array Filter to search alert by alert ids
city Optional Array Filter to search alert by city
alertType Optional Array Filter to search alert by alert types
alertState Optional Array Filter to search alert by alert states
policyCodeList Optional Array Filter to search alert by policy code

policyCategories

Optional

Array

Filter to search alert by policy category

status

Optional

Array

Filter to search alert by status

serviceList Optional Array Filter to search alert by services
accountID Optional Array Filter to search alert by account ids
activityType Optional Array Filter to search alert by activity types
asc Optional String

Sort and display all alerts by ascending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severityLevel": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

desc

Optional

String

Sort and display all alerts by descending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severityLevel": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

Sample Request

In this example, the request parameter alertType is "Data Analysis". It will request for details of all Data Analysis alerts. When getting the response, the objectType will be "Document Type", and the objectID will be the file ID of the document. Please see the Sample Response below.

Request URL

POST https://www.forticwp.com/api/v1/alert/list

Request Header

Authorization: Bearer <Authorization_Token>

companyId: <Company_ID>

Content-Type: application/json

Request Body

{

"startTime":1586459080637,

"endTime":1586545480637,

"id":"",

"user":[

],

"activity":[

],

"objectIdList":[

],

"objectName":"",

"objectId":"",

"severity":[

],

"status":[

],

"city":[

],

"idList":[

],

"alertType":[

"Data Analysis"

],

"alertState":[

"Open"

],

"policyCodeList":[

],

"policyCategories":[

],

"serviceList":[

],

"accountID":[

],

"countryList":[

],

"activityType":[

],

"asc":"severityLevel",

"desc":"",

"skip":0,

"limit":20

}

Response Variables

Name Required / Optional Type Description
buId Required integer Business ID, one service ID per one buId
companyId Required String Company ID
id Required String Alert identity
object Optional String Object name that triggered the alert
objectType Required String Object type of alert
objectId (File ID) Required String Object ID or the File ID that triggered the alert. When objectType is "Document" type, objectId is the fileId of the document. See the Sample Request Body above and Sample Response below for example. The alertType in request body needs to be "Data Analysis" to retrieve API response with objectType as "Document" type. Other types of objectType cannot use objectId as fileId.
user Optional String User information
userName Optional String User name
severity Required String Severity of the alert
serviceId Required String ID to distinguish between different accounts of the same cloud service in forticwp
violationActivity Required String Violating activity that triggered the alert
displayOperation Required String Operation that triggered the alert
createTime Required long Timestamp of when the alert is created
updateTime Required long Timestamp of when the alert is updated
policyName Required String Name of the policy that alert is triggered by
policyId Required String ID of the policy that alert is triggered by
policyCode Required String Policy code of the policy violation in alert
contextName Required String Context name of violation policy
userId Required String ID of the user who triggered the alert
eventId Required String Event ID
eventIdList Required Array List of the event IDs
service Required Application Cloud service (e.g. AWS, Google Cloud etc.)
resultDesc Required String Description for violation context
geoLocationList Required Array Place where the activity occurred.
alertType Required String Classification of the alert
alertSubType Required String Sub calcification of the alert
defineType Required String Type of policy, predefined or customized
state Required String Alert state
totalPage Required integer Total page of searched alerts
limit Required integer Maximum number of return alerts in one page
skip Required integer Indexes in a result set, used to exclude a response from the first N items of a resource collection.
totalCount Required integer Total number of alerts

Sample Response

{

"data":[

{

"buId":2,

"companyId":"2",

"timestampUUID":"2049LLk601USB7ROzORMSetnnKDA39hA",

"id":"2049LLk601USB7ROzORMSetnnKDA39hA",

"object":"DemoRDPKILL1 _gcp.exe",

"objectType":"DOCUMENT",

"objectId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

"objectContext":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

"user":"qatest",

"userName":"qatest",

"severity":"Critical",

"applicationId":"677383417454",

"violationActivity":"AWS_UPLOAD_FILE",

"displayOperation":"Upload File",

"createTime":1586467306607,

"updateTime":1586467306000,

"policyName":"AV Scan Policy",

"policyId":"03317426-92d1-40f5-8491-12b18fe58b32",

"policyCode":"FC-ACT-254",

"contextName":"AV Scan Policy",

"userId":"AIDAZ3NZSVZXDZ7BFTVKR",

"eventId":"2049L2T000dOsZkG7PS96X7OaM3I6KLg",

"eventIdList":[

"2049L2T000dOsZkG7PS96X7OaM3I6KLg"

],

"service":"AWS",

"resultDesc":"Detected Malware Riskware/RDPKill.A!tr in File.",

"matches":0,

"fileId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

"geoLocationList":[

{

"ip":"76.126.19.27",

"geonameId":"5392171",

"countryName":"United States of America",

"countryCode":"US",

"city":"San Jose"

}

],

"avType":1,

"avInfo":{

"vid":8020838,

"sigid":31942774,

"sigtype":"W",

"virusname":"Riskware/RDPKill.A!tr",

"filename":"/tmp/1248360421207969792/a97ca649-0837-47e4-b384-3eccae93ad43_2049L2T000dOsZkG7PS96X7OaM3I6KLg_DemoRDPKILL1 _gcp.exe",

"av2_rating":0,

"spam_rating":0,

"av2_source":"",

"av2db_version":"",

"spamhashdbVersion":""

},

"region":"us-east-1",

"alertType":"Data Analysis",

"defineType":"Predefined",

"state":"Open"

},

],

"totalPage":0,

"limit":20,

"skip":0,

"totalCount":1

}

Get Alert by Filter

Description

Get alerts of all accounts by filtering through alert filters. File ID of the documents residing in the cloud account can be retrieved through this request. To get File ID from the response body, the request body parameter alertType needs to be "Data Analysis". After submitting the rest, in the response body, the objectType will be "Document Type", and the objectID returned will be the file ID of the document.

URL

/api/v1/alert/list

Request Method: Post

Request Headers

Key

Value

Type

Description

companyId <12345> Integer Company ID - Company ID can be obtained through Get Resource Map
Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCWP
Content-Type application/json String

Request Body Parameters

Name Required Type Description
startTime Required Long Starting time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
endTime Required Long Ending time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
skip Required integer Indexes in a result set, used to exclude response from the first N items of a resource collection.
limit Required integer Maximum number of returned items.
id Optional String Filter to search input alert id

user

Optional

Array

Filter to search alert by user

activity Optional Array Filter to search alert by activities
objectIdList Optional Array Filter to search alert by object identity
objectName Optional String Filter to search alert by object name
objectId Optional String Filter to search alert by object identity
severity Optional Array Filter to search alert by severity
countryList Optional Array Filter to search alert by countries
idList Optional Array Filter to search alert by alert ids
city Optional Array Filter to search alert by city
alertType Optional Array Filter to search alert by alert types
alertState Optional Array Filter to search alert by alert states
policyCodeList Optional Array Filter to search alert by policy code

policyCategories

Optional

Array

Filter to search alert by policy category

status

Optional

Array

Filter to search alert by status

serviceList Optional Array Filter to search alert by services
accountID Optional Array Filter to search alert by account ids
activityType Optional Array Filter to search alert by activity types
asc Optional String

Sort and display all alerts by ascending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severityLevel": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

desc

Optional

String

Sort and display all alerts by descending order. The optional string parameters provide sort options:

"policyName": sort by the policy names that triggered the alert.

"severityLevel": sort by the severity levels of the alert.

"createTimestamp": sort by the alert creation time.

"timestamp": sort by the last updated alerts.

Sample Request

In this example, the request parameter alertType is "Data Analysis". It will request for details of all Data Analysis alerts. When getting the response, the objectType will be "Document Type", and the objectID will be the file ID of the document. Please see the Sample Response below.

Request URL

POST https://www.forticwp.com/api/v1/alert/list

Request Header

Authorization: Bearer <Authorization_Token>

companyId: <Company_ID>

Content-Type: application/json

Request Body

{

"startTime":1586459080637,

"endTime":1586545480637,

"id":"",

"user":[

],

"activity":[

],

"objectIdList":[

],

"objectName":"",

"objectId":"",

"severity":[

],

"status":[

],

"city":[

],

"idList":[

],

"alertType":[

"Data Analysis"

],

"alertState":[

"Open"

],

"policyCodeList":[

],

"policyCategories":[

],

"serviceList":[

],

"accountID":[

],

"countryList":[

],

"activityType":[

],

"asc":"severityLevel",

"desc":"",

"skip":0,

"limit":20

}

Response Variables

Name Required / Optional Type Description
buId Required integer Business ID, one service ID per one buId
companyId Required String Company ID
id Required String Alert identity
object Optional String Object name that triggered the alert
objectType Required String Object type of alert
objectId (File ID) Required String Object ID or the File ID that triggered the alert. When objectType is "Document" type, objectId is the fileId of the document. See the Sample Request Body above and Sample Response below for example. The alertType in request body needs to be "Data Analysis" to retrieve API response with objectType as "Document" type. Other types of objectType cannot use objectId as fileId.
user Optional String User information
userName Optional String User name
severity Required String Severity of the alert
serviceId Required String ID to distinguish between different accounts of the same cloud service in forticwp
violationActivity Required String Violating activity that triggered the alert
displayOperation Required String Operation that triggered the alert
createTime Required long Timestamp of when the alert is created
updateTime Required long Timestamp of when the alert is updated
policyName Required String Name of the policy that alert is triggered by
policyId Required String ID of the policy that alert is triggered by
policyCode Required String Policy code of the policy violation in alert
contextName Required String Context name of violation policy
userId Required String ID of the user who triggered the alert
eventId Required String Event ID
eventIdList Required Array List of the event IDs
service Required Application Cloud service (e.g. AWS, Google Cloud etc.)
resultDesc Required String Description for violation context
geoLocationList Required Array Place where the activity occurred.
alertType Required String Classification of the alert
alertSubType Required String Sub calcification of the alert
defineType Required String Type of policy, predefined or customized
state Required String Alert state
totalPage Required integer Total page of searched alerts
limit Required integer Maximum number of return alerts in one page
skip Required integer Indexes in a result set, used to exclude a response from the first N items of a resource collection.
totalCount Required integer Total number of alerts

Sample Response

{

"data":[

{

"buId":2,

"companyId":"2",

"timestampUUID":"2049LLk601USB7ROzORMSetnnKDA39hA",

"id":"2049LLk601USB7ROzORMSetnnKDA39hA",

"object":"DemoRDPKILL1 _gcp.exe",

"objectType":"DOCUMENT",

"objectId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

"objectContext":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

"user":"qatest",

"userName":"qatest",

"severity":"Critical",

"applicationId":"677383417454",

"violationActivity":"AWS_UPLOAD_FILE",

"displayOperation":"Upload File",

"createTime":1586467306607,

"updateTime":1586467306000,

"policyName":"AV Scan Policy",

"policyId":"03317426-92d1-40f5-8491-12b18fe58b32",

"policyCode":"FC-ACT-254",

"contextName":"AV Scan Policy",

"userId":"AIDAZ3NZSVZXDZ7BFTVKR",

"eventId":"2049L2T000dOsZkG7PS96X7OaM3I6KLg",

"eventIdList":[

"2049L2T000dOsZkG7PS96X7OaM3I6KLg"

],

"service":"AWS",

"resultDesc":"Detected Malware Riskware/RDPKill.A!tr in File.",

"matches":0,

"fileId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

"geoLocationList":[

{

"ip":"76.126.19.27",

"geonameId":"5392171",

"countryName":"United States of America",

"countryCode":"US",

"city":"San Jose"

}

],

"avType":1,

"avInfo":{

"vid":8020838,

"sigid":31942774,

"sigtype":"W",

"virusname":"Riskware/RDPKill.A!tr",

"filename":"/tmp/1248360421207969792/a97ca649-0837-47e4-b384-3eccae93ad43_2049L2T000dOsZkG7PS96X7OaM3I6KLg_DemoRDPKILL1 _gcp.exe",

"av2_rating":0,

"spam_rating":0,

"av2_source":"",

"av2db_version":"",

"spamhashdbVersion":""

},

"region":"us-east-1",

"alertType":"Data Analysis",

"defineType":"Predefined",

"state":"Open"

},

],

"totalPage":0,

"limit":20,

"skip":0,

"totalCount":1

}