cancel
Showing results for 
Search instead for 
Did you mean: 

What is the difference between Alert and Security_assessment endpoints in API?

jayjoshi-crest
New Contributor

Hi All, 

 

I am looking for getting alerts from the Netskope tenant. So far I am seeing 2 API endpoints which gives me similar results.  

  1. https://docs.netskope.com/en/get-alerts-data.html 

  2. https://docs.netskope.com/en/view-security-assessment-violations.html

Can someone please help me understand the difference between them? And when should I use which endpoints?  

I am very new here, let me know if I started the discussion at the wrong place. thanks!

1 ACCEPTED SOLUTION
jayjoshi-crest
New Contributor

So far I have gathered the following details. Please feel free to add more if I missed something. 

 

                                             Alerts                                   Security Assessment
  • It is a generic endpoint providing alerts for multiple categories
  • The security assessment is just one category of alert
  • It provides historical data. that means you can even get the alerts that were generated in past. 
  • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
  • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
  • The status parameter can tell if the rule is passed or not in the present time. 
  • start-time & end-time parameters are required to get the historical data. 
  • It will only provide the latest data. 
  • Since the alert endpoint is used for many categories, it provides much more details in the response. 
  • Only the details specific to the security alert are provided. but so far, it does the job. 
  • For filtering, only the "query" request param is available.
  • For filtering, multiple params are available. But so far, both ways are equally good.  

View solution in original post

3 REPLIES 3
CommunityChris
Contributor II

@nking @ekorhonen @jhwong would any of you be able to provide some insight into the 2 API endpoints and when a user should use them?

 

 


Chris Shernaman
Online Community Manager
jayjoshi-crest
New Contributor

So far I have gathered the following details. Please feel free to add more if I missed something. 

 

                                             Alerts                                   Security Assessment
  • It is a generic endpoint providing alerts for multiple categories
  • The security assessment is just one category of alert
  • It provides historical data. that means you can even get the alerts that were generated in past. 
  • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
  • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
  • The status parameter can tell if the rule is passed or not in the present time. 
  • start-time & end-time parameters are required to get the historical data. 
  • It will only provide the latest data. 
  • Since the alert endpoint is used for many categories, it provides much more details in the response. 
  • Only the details specific to the security alert are provided. but so far, it does the job. 
  • For filtering, only the "query" request param is available.
  • For filtering, multiple params are available. But so far, both ways are equally good.  
ekorhonen
Moderator
Moderator

That looks correct to me. A useful way to think the security-assessment endpoint vs. the alerts endpoint is to see the first one as an alias for a subset of the latter with some useful additional filter shortcuts built in.