cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

What is the difference between Alert and Security_assessment endpoints in API?

Go to solution
jayjoshi-crest
New Contributor

‎12-15-2021 05:37 AM

Hi All, 

 

I am looking for getting alerts from the Netskope tenant. So far I am seeing 2 API endpoints which gives me similar results.  

  1. https://docs.netskope.com/en/get-alerts-data.html 

  2. https://docs.netskope.com/en/view-security-assessment-violations.html

Can someone please help me understand the difference between them? And when should I use which endpoints?  

I am very new here, let me know if I started the discussion at the wrong place. thanks!

0 Likes
1 Solution
Go to solution
jayjoshi-crest
New Contributor

‎12-16-2021 04:23 AM

So far I have gathered the following details. Please feel free to add more if I missed something. 

 

                                             Alerts                                   Security Assessment
  • It is a generic endpoint providing alerts for multiple categories
  • The security assessment is just one category of alert
  • It provides historical data. that means you can even get the alerts that were generated in past. 
  • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
  • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
  • The status parameter can tell if the rule is passed or not in the present time. 
  • start-time & end-time parameters are required to get the historical data. 
  • It will only provide the latest data. 
  • Since the alert endpoint is used for many categories, it provides much more details in the response. 
  • Only the details specific to the security alert are provided. but so far, it does the job. 
  • For filtering, only the "query" request param is available.
  • For filtering, multiple params are available. But so far, both ways are equally good.  

View solution in original post

3 Replies 3
Go to solution
Community_Team
Contributor II

‎12-15-2021 04:02 PM

@nking @ekorhonen @jhwong would any of you be able to provide some insight into the 2 API endpoints and when a user should use them?

 

 


Netskope Community
0 Likes
Go to solution
jayjoshi-crest
New Contributor

‎12-16-2021 04:23 AM

So far I have gathered the following details. Please feel free to add more if I missed something. 

 

                                             Alerts                                   Security Assessment
  • It is a generic endpoint providing alerts for multiple categories
  • The security assessment is just one category of alert
  • It provides historical data. that means you can even get the alerts that were generated in past. 
  • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
  • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
  • The status parameter can tell if the rule is passed or not in the present time. 
  • start-time & end-time parameters are required to get the historical data. 
  • It will only provide the latest data. 
  • Since the alert endpoint is used for many categories, it provides much more details in the response. 
  • Only the details specific to the security alert are provided. but so far, it does the job. 
  • For filtering, only the "query" request param is available.
  • For filtering, multiple params are available. But so far, both ways are equally good.  
Go to solution
ekorhonen
Moderator
Moderator

‎12-17-2021 12:34 AM

That looks correct to me. A useful way to think the security-assessment endpoint vs. the alerts endpoint is to see the first one as an alias for a subset of the latter with some useful additional filter shortcuts built in.

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In