cancel
Showing results for 
Search instead for 
Did you mean: 

What is the difference between Alert and Security_assessment endpoints in API?

jayjoshi-crest
New Contributor

Hi All, 

 

I am looking for getting alerts from the Netskope tenant. So far I am seeing 2 API endpoints which gives me similar results.  

  1. https://docs.netskope.com/en/get-alerts-data.html 

  2. https://docs.netskope.com/en/view-security-assessment-violations.html

Can someone please help me understand the difference between them? And when should I use which endpoints?  

I am very new here, let me know if I started the discussion at the wrong place. thanks!

1 ACCEPTED SOLUTION
jayjoshi-crest
New Contributor

So far I have gathered the following details. Please feel free to add more if I missed something. 

 

                                             Alerts                                   Security Assessment
  • It is a generic endpoint providing alerts for multiple categories
  • The security assessment is just one category of alert
  • It provides historical data. that means you can even get the alerts that were generated in past. 
  • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
  • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
  • The status parameter can tell if the rule is passed or not in the present time. 
  • start-time & end-time parameters are required to get the historical data. 
  • It will only provide the latest data. 
  • Since the alert endpoint is used for many categories, it provides much more details in the response. 
  • Only the details specific to the security alert are provided. but so far, it does the job. 
  • For filtering, only the "query" request param is available.
  • For filtering, multiple params are available. But so far, both ways are equally good.  

View solution in original post

3 REPLIES 3
CommunityChris
Contributor II

@nking @ekorhonen @jhwong would any of you be able to provide some insight into the 2 API endpoints and when a user should use them?

 

 


Chris Shernaman
Online Community Manager
jayjoshi-crest
New Contributor

So far I have gathered the following details. Please feel free to add more if I missed something. 

 

                                             Alerts                                   Security Assessment
  • It is a generic endpoint providing alerts for multiple categories
  • The security assessment is just one category of alert
  • It provides historical data. that means you can even get the alerts that were generated in past. 
  • It provides the alerts which are currently open. Only the last snapshot instead of historical. 
  • For Security assessment alerts, there's no way to check if the alert is resolved or not. 
  • The status parameter can tell if the rule is passed or not in the present time. 
  • start-time & end-time parameters are required to get the historical data. 
  • It will only provide the latest data. 
  • Since the alert endpoint is used for many categories, it provides much more details in the response. 
  • Only the details specific to the security alert are provided. but so far, it does the job. 
  • For filtering, only the "query" request param is available.
  • For filtering, multiple params are available. But so far, both ways are equally good.  
ekorhonen
Moderator
Moderator

That looks correct to me. A useful way to think the security-assessment endpoint vs. the alerts endpoint is to see the first one as an alias for a subset of the latter with some useful additional filter shortcuts built in.

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In