Skip to main content
Solved

What is the difference between Alert and Security_assessment endpoints in API?

  • December 15, 2021
  • 3 replies
  • 72 views
J
Forum|alt.badge.img+5

Hi All, 

 

I am looking for getting alerts from the Netskope tenant. So far I am seeing 2 API endpoints which gives me similar results.  

  1. https://docs.netskope.com/en/get-alerts-data.html 

  2. https://docs.netskope.com/en/view-security-assessment-violations.html

Can someone please help me understand the difference between them? And when should I use which endpoints?  

I am very new here, let me know if I started the discussion at the wrong place. thanks!

Best answer by jayjoshi-crest

So far I have gathered the following details. Please feel free to add more if I missed something. 

 

                                             Alerts                                   Security Assessment
  • It is a generic endpoint providing alerts for multiple categories
  • The security assessment is just one category of alert
  • It provides historical data. that means you can even get the alerts that were generated in past. 
  • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
  • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
  • The status parameter can tell if the rule is passed or not in the present time. 
  • start-time & end-time parameters are required to get the historical data. 
  • It will only provide the latest data. 
  • Since the alert endpoint is used for many categories, it provides much more details in the response. 
  • Only the details specific to the security alert are provided. but so far, it does the job. 
  • For filtering, only the "query" request param is available.
  • For filtering, multiple params are available. But so far, both ways are equally good.  
    This topic has been closed for replies.

    3 replies

    C
    Forum|alt.badge.img+19

    @nking @ekorhonen @jhwong would any of you be able to provide some insight into the 2 API endpoints and when a user should use them?

     

     

    Netskope Community
    J
    Forum|alt.badge.img+5
    • jayjoshi-crest
    • Author
    • Explorer
    • Answer
    • December 16, 2021

    So far I have gathered the following details. Please feel free to add more if I missed something. 

     

                                                 Alerts                                   Security Assessment
    • It is a generic endpoint providing alerts for multiple categories
    • The security assessment is just one category of alert
    • It provides historical data. that means you can even get the alerts that were generated in past. 
    • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
    • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
    • The status parameter can tell if the rule is passed or not in the present time. 
    • start-time & end-time parameters are required to get the historical data. 
    • It will only provide the latest data. 
    • Since the alert endpoint is used for many categories, it provides much more details in the response. 
    • Only the details specific to the security alert are provided. but so far, it does the job. 
    • For filtering, only the "query" request param is available.
    • For filtering, multiple params are available. But so far, both ways are equally good.  
    pvilarino
    N
    C
    ekorhonen
    Netskope Employee
    Forum|alt.badge.img+11
    • ekorhonen
    • Netskope Employee
    • December 17, 2021

    That looks correct to me. A useful way to think the security-assessment endpoint vs. the alerts endpoint is to see the first one as an alias for a subset of the latter with some useful additional filter shortcuts built in.

    J

    Badges Winner

    Show all badges

    Not finding what you're looking for?

    Don't be shy and let us know about your challenge.

    Ask your question here!
    Terms & ConditionsCookie settingsAccessibility statement