Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    Home FortiCWP 21.2.0 Online Help
    21.2.0
    22.2.a
    22.1.0
    21.3.0
    21.2.1
    21.2.0
    21.1.0
    20.3.0
    20.2.0
    20.1.0
    4.4.0
    4.2.0

    Get Alert by Filter

    Get Alert by Filter

    Description

    Get alerts of all accounts by filtering through alert filters. File ID of the documents residing in the cloud account can be retrieved through this request. To get File ID from the response body, the request body parameter alertType needs to be "Data Analysis". After submitting the rest, in the response body, the objectType will be "Document Type", and the objectID returned will be the file ID of the document.

    URL

    /api/v1/alert/list

    Request Method: Post

    Request Headers

    Key

    Value

    Type

    Description
    companyId <12345> Integer Company ID - Company ID can be obtained through Get Resource Map
    Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCWP
    Content-Type application/json String

    Request Body Parameters

    Name Required Type Description
    startTime Required Long Starting time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
    endTime Required Long Ending time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
    skip Required integer Indexes in a result set, used to exclude response from the first N items of a resource collection.
    limit Required integer Maximum number of returned items.
    id Optional String Filter to search input alert id

    user

    Optional

    Array

    Filter to search alert by user
    activity Optional Array Filter to search alert by activities
    objectIdList Optional Array Filter to search alert by object identity
    objectName Optional String Filter to search alert by object name
    objectId Optional String Filter to search alert by object identity
    severity Optional Array Filter to search alert by severity
    countryList Optional Array Filter to search alert by countries
    idList Optional Array Filter to search alert by alert ids
    city Optional Array Filter to search alert by city
    alertType Optional Array Filter to search alert by alert types
    alertState Optional Array Filter to search alert by alert states
    policyCodeList Optional Array Filter to search alert by policy code

    policyCategories

    Optional

    Array

    Filter to search alert by policy category

    status

    Optional

    Array

    Filter to search alert by status
    serviceList Optional Array Filter to search alert by services
    accountID Optional Array Filter to search alert by account ids
    activityType Optional Array Filter to search alert by activity types
    asc Optional String

    Sort and display all alerts by ascending order. The optional string parameters provide sort options:

    "policyName": sort by the policy names that triggered the alert.

    "severityLevel": sort by the severity levels of the alert.

    "createTimestamp": sort by the alert creation time.

    "timestamp": sort by the last updated alerts.

    desc

    Optional

    String

    Sort and display all alerts by descending order. The optional string parameters provide sort options:

    "policyName": sort by the policy names that triggered the alert.

    "severityLevel": sort by the severity levels of the alert.

    "createTimestamp": sort by the alert creation time.

    "timestamp": sort by the last updated alerts.

    Sample Request

    In this example, the request parameter alertType is "Data Analysis". It will request for details of all Data Analysis alerts. When getting the response, the objectType will be "Document Type", and the objectID will be the file ID of the document. Please see the Sample Response below.

    Request URL

    POST https://www.forticwp.com/api/v1/alert/list

    Request Header

    Authorization: Bearer <Authorization_Token>

    companyId: <Company_ID>

    Content-Type: application/json
    Request Body

    {

    "startTime":1586459080637,

    "endTime":1586545480637,

    "id":"",

    "user":[

    ],

    "activity":[

    ],

    "objectIdList":[

    ],

    "objectName":"",

    "objectId":"",

    "severity":[

    ],

    "status":[

    ],

    "city":[

    ],

    "idList":[

    ],

    "alertType":[

    "Data Analysis"

    ],

    "alertState":[

    "Open"

    ],

    "policyCodeList":[

    ],

    "policyCategories":[

    ],

    "serviceList":[

    ],

    "accountID":[

    ],

    "countryList":[

    ],

    "activityType":[

    ],

    "asc":"severityLevel",

    "desc":"",

    "skip":0,

    "limit":20

    }

    Response Variables

    Name Required / Optional Type Description
    buId Required integer Business ID, one service ID per one buId
    companyId Required String Company ID
    id Required String Alert identity
    object Optional String Object name that triggered the alert
    objectType Required String Object type of alert
    objectId (File ID) Required String Object ID or the File ID that triggered the alert. When objectType is "Document" type, objectId is the fileId of the document. See the Sample Request Body above and Sample Response below for example. The alertType in request body needs to be "Data Analysis" to retrieve API response with objectType as "Document" type. Other types of objectType cannot use objectId as fileId.
    user Optional String User information
    userName Optional String User name
    severity Required String Severity of the alert
    serviceId Required String ID to distinguish between different accounts of the same cloud service in forticwp
    violationActivity Required String Violating activity that triggered the alert
    displayOperation Required String Operation that triggered the alert
    createTime Required long Timestamp of when the alert is created
    updateTime Required long Timestamp of when the alert is updated
    policyName Required String Name of the policy that alert is triggered by
    policyId Required String ID of the policy that alert is triggered by
    policyCode Required String Policy code of the policy violation in alert
    contextName Required String Context name of violation policy
    userId Required String ID of the user who triggered the alert
    eventId Required String Event ID
    eventIdList Required Array List of the event IDs
    service Required Application Cloud service (e.g. AWS, Google Cloud etc.)
    resultDesc Required String Description for violation context
    geoLocationList Required Array Place where the activity occurred.
    alertType Required String Classification of the alert
    alertSubType Required String Sub calcification of the alert
    defineType Required String Type of policy, predefined or customized
    state Required String Alert state
    totalPage Required integer Total page of searched alerts
    limit Required integer Maximum number of return alerts in one page
    skip Required integer Indexes in a result set, used to exclude a response from the first N items of a resource collection.
    totalCount Required integer Total number of alerts

    Sample Response

    {

    "data":[

    {

    "buId":2,

    "companyId":"2",

    "timestampUUID":"2049LLk601USB7ROzORMSetnnKDA39hA",

    "id":"2049LLk601USB7ROzORMSetnnKDA39hA",

    "object":"DemoRDPKILL1 _gcp.exe",

    "objectType":"DOCUMENT",

    "objectId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

    "objectContext":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

    "user":"qatest",

    "userName":"qatest",

    "severity":"Critical",

    "applicationId":"677383417454",

    "violationActivity":"AWS_UPLOAD_FILE",

    "displayOperation":"Upload File",

    "createTime":1586467306607,

    "updateTime":1586467306000,

    "policyName":"AV Scan Policy",

    "policyId":"03317426-92d1-40f5-8491-12b18fe58b32",

    "policyCode":"FC-ACT-254",

    "contextName":"AV Scan Policy",

    "userId":"AIDAZ3NZSVZXDZ7BFTVKR",

    "eventId":"2049L2T000dOsZkG7PS96X7OaM3I6KLg",

    "eventIdList":[

    "2049L2T000dOsZkG7PS96X7OaM3I6KLg"

    ],

    "service":"AWS",

    "resultDesc":"Detected Malware Riskware/RDPKill.A!tr in File.",

    "matches":0,

    "fileId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

    "geoLocationList":[

    {

    "ip":"76.126.19.27",

    "geonameId":"5392171",

    "countryName":"United States of America",

    "countryCode":"US",

    "city":"San Jose"

    }

    ],

    "avType":1,

    "avInfo":{

    "vid":8020838,

    "sigid":31942774,

    "sigtype":"W",

    "virusname":"Riskware/RDPKill.A!tr",

    "filename":"/tmp/1248360421207969792/a97ca649-0837-47e4-b384-3eccae93ad43_2049L2T000dOsZkG7PS96X7OaM3I6KLg_DemoRDPKILL1 _gcp.exe",

    "av2_rating":0,

    "spam_rating":0,

    "av2_source":"",

    "av2db_version":"",

    "spamhashdbVersion":""

    },

    "region":"us-east-1",

    "alertType":"Data Analysis",

    "defineType":"Predefined",

    "state":"Open"

    },

    ],

    "totalPage":0,

    "limit":20,

    "skip":0,

    "totalCount":1

    }

    Previous
    Next

    Get Alert by Filter

    Get Alert by Filter

    Description

    Get alerts of all accounts by filtering through alert filters. File ID of the documents residing in the cloud account can be retrieved through this request. To get File ID from the response body, the request body parameter alertType needs to be "Data Analysis". After submitting the rest, in the response body, the objectType will be "Document Type", and the objectID returned will be the file ID of the document.

    URL

    /api/v1/alert/list

    Request Method: Post

    Request Headers

    Key

    Value

    Type

    Description
    companyId <12345> Integer Company ID - Company ID can be obtained through Get Resource Map
    Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCWP
    Content-Type application/json String

    Request Body Parameters

    Name Required Type Description
    startTime Required Long Starting time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
    endTime Required Long Ending time of filtered open alerts in Unix Epoch timestamp. To convert date and time to Unix Epoch timestamp, refer to https://www.epochconverter.com/.
    skip Required integer Indexes in a result set, used to exclude response from the first N items of a resource collection.
    limit Required integer Maximum number of returned items.
    id Optional String Filter to search input alert id

    user

    Optional

    Array

    Filter to search alert by user
    activity Optional Array Filter to search alert by activities
    objectIdList Optional Array Filter to search alert by object identity
    objectName Optional String Filter to search alert by object name
    objectId Optional String Filter to search alert by object identity
    severity Optional Array Filter to search alert by severity
    countryList Optional Array Filter to search alert by countries
    idList Optional Array Filter to search alert by alert ids
    city Optional Array Filter to search alert by city
    alertType Optional Array Filter to search alert by alert types
    alertState Optional Array Filter to search alert by alert states
    policyCodeList Optional Array Filter to search alert by policy code

    policyCategories

    Optional

    Array

    Filter to search alert by policy category

    status

    Optional

    Array

    Filter to search alert by status
    serviceList Optional Array Filter to search alert by services
    accountID Optional Array Filter to search alert by account ids
    activityType Optional Array Filter to search alert by activity types
    asc Optional String

    Sort and display all alerts by ascending order. The optional string parameters provide sort options:

    "policyName": sort by the policy names that triggered the alert.

    "severityLevel": sort by the severity levels of the alert.

    "createTimestamp": sort by the alert creation time.

    "timestamp": sort by the last updated alerts.

    desc

    Optional

    String

    Sort and display all alerts by descending order. The optional string parameters provide sort options:

    "policyName": sort by the policy names that triggered the alert.

    "severityLevel": sort by the severity levels of the alert.

    "createTimestamp": sort by the alert creation time.

    "timestamp": sort by the last updated alerts.

    Sample Request

    In this example, the request parameter alertType is "Data Analysis". It will request for details of all Data Analysis alerts. When getting the response, the objectType will be "Document Type", and the objectID will be the file ID of the document. Please see the Sample Response below.

    Request URL

    POST https://www.forticwp.com/api/v1/alert/list

    Request Header

    Authorization: Bearer <Authorization_Token>

    companyId: <Company_ID>

    Content-Type: application/json
    Request Body

    {

    "startTime":1586459080637,

    "endTime":1586545480637,

    "id":"",

    "user":[

    ],

    "activity":[

    ],

    "objectIdList":[

    ],

    "objectName":"",

    "objectId":"",

    "severity":[

    ],

    "status":[

    ],

    "city":[

    ],

    "idList":[

    ],

    "alertType":[

    "Data Analysis"

    ],

    "alertState":[

    "Open"

    ],

    "policyCodeList":[

    ],

    "policyCategories":[

    ],

    "serviceList":[

    ],

    "accountID":[

    ],

    "countryList":[

    ],

    "activityType":[

    ],

    "asc":"severityLevel",

    "desc":"",

    "skip":0,

    "limit":20

    }

    Response Variables

    Name Required / Optional Type Description
    buId Required integer Business ID, one service ID per one buId
    companyId Required String Company ID
    id Required String Alert identity
    object Optional String Object name that triggered the alert
    objectType Required String Object type of alert
    objectId (File ID) Required String Object ID or the File ID that triggered the alert. When objectType is "Document" type, objectId is the fileId of the document. See the Sample Request Body above and Sample Response below for example. The alertType in request body needs to be "Data Analysis" to retrieve API response with objectType as "Document" type. Other types of objectType cannot use objectId as fileId.
    user Optional String User information
    userName Optional String User name
    severity Required String Severity of the alert
    serviceId Required String ID to distinguish between different accounts of the same cloud service in forticwp
    violationActivity Required String Violating activity that triggered the alert
    displayOperation Required String Operation that triggered the alert
    createTime Required long Timestamp of when the alert is created
    updateTime Required long Timestamp of when the alert is updated
    policyName Required String Name of the policy that alert is triggered by
    policyId Required String ID of the policy that alert is triggered by
    policyCode Required String Policy code of the policy violation in alert
    contextName Required String Context name of violation policy
    userId Required String ID of the user who triggered the alert
    eventId Required String Event ID
    eventIdList Required Array List of the event IDs
    service Required Application Cloud service (e.g. AWS, Google Cloud etc.)
    resultDesc Required String Description for violation context
    geoLocationList Required Array Place where the activity occurred.
    alertType Required String Classification of the alert
    alertSubType Required String Sub calcification of the alert
    defineType Required String Type of policy, predefined or customized
    state Required String Alert state
    totalPage Required integer Total page of searched alerts
    limit Required integer Maximum number of return alerts in one page
    skip Required integer Indexes in a result set, used to exclude a response from the first N items of a resource collection.
    totalCount Required integer Total number of alerts

    Sample Response

    {

    "data":[

    {

    "buId":2,

    "companyId":"2",

    "timestampUUID":"2049LLk601USB7ROzORMSetnnKDA39hA",

    "id":"2049LLk601USB7ROzORMSetnnKDA39hA",

    "object":"DemoRDPKILL1 _gcp.exe",

    "objectType":"DOCUMENT",

    "objectId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

    "objectContext":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

    "user":"qatest",

    "userName":"qatest",

    "severity":"Critical",

    "applicationId":"677383417454",

    "violationActivity":"AWS_UPLOAD_FILE",

    "displayOperation":"Upload File",

    "createTime":1586467306607,

    "updateTime":1586467306000,

    "policyName":"AV Scan Policy",

    "policyId":"03317426-92d1-40f5-8491-12b18fe58b32",

    "policyCode":"FC-ACT-254",

    "contextName":"AV Scan Policy",

    "userId":"AIDAZ3NZSVZXDZ7BFTVKR",

    "eventId":"2049L2T000dOsZkG7PS96X7OaM3I6KLg",

    "eventIdList":[

    "2049L2T000dOsZkG7PS96X7OaM3I6KLg"

    ],

    "service":"AWS",

    "resultDesc":"Detected Malware Riskware/RDPKill.A!tr in File.",

    "matches":0,

    "fileId":"c6BpuCQxzFi3B8OYrxR6nVBZCgQQvT_4yXzfsf2LDn8",

    "geoLocationList":[

    {

    "ip":"76.126.19.27",

    "geonameId":"5392171",

    "countryName":"United States of America",

    "countryCode":"US",

    "city":"San Jose"

    }

    ],

    "avType":1,

    "avInfo":{

    "vid":8020838,

    "sigid":31942774,

    "sigtype":"W",

    "virusname":"Riskware/RDPKill.A!tr",

    "filename":"/tmp/1248360421207969792/a97ca649-0837-47e4-b384-3eccae93ad43_2049L2T000dOsZkG7PS96X7OaM3I6KLg_DemoRDPKILL1 _gcp.exe",

    "av2_rating":0,

    "spam_rating":0,

    "av2_source":"",

    "av2db_version":"",

    "spamhashdbVersion":""

    },

    "region":"us-east-1",

    "alertType":"Data Analysis",

    "defineType":"Predefined",

    "state":"Open"

    },

    ],

    "totalPage":0,

    "limit":20,

    "skip":0,

    "totalCount":1

    }

    Previous
    Next