Get all records
get
/api/v1/reports/all
This API will retrieve all the ingested records. Filters can be applied using the query parameters.
Request
Supported Media Types
- application/json
Query Parameters
-
action(optional): string
The event or action taken on the resource.
-
actor(optional): string
The user who takes action on the resource.
-
applicationInstanceName: string
The name of the application instance whose records are to be retrieved.
-
applicationType(optional): string
Application type, such as 'AWS', 'BOX', 'SFDC', 'O365', 'Slack', 'ServiceNow'.
-
city(optional): string
The name of the city in the physical address that's associated with the IP address
-
country(optional): string
The name of country, in the physical address that's associated with the IP address
-
endDate: string
End date indicating the time up to which the events are to be searched.
-
ipAddress(optional): string
IP address of the device from where the action was taken.
-
markerPosition(optional): string
Marker position, indicating pagination, from which to begin retrieving the next set of records.
-
resource(optional): string
Resource name that the user acted upon (for example, file names, folders names, or EC2 instances names)
-
resourceType(optional): string
Type of the resource (for example, files, folders, or EC2 instances)
-
startDate: string
Start date indicating the starting time from which the events need to be searched.
-
state(optional): string
The name of the the state or province, in the physical address that's associated with the IP address
Header Parameters
-
Authorization: string
Contains authorization token receieved by making create token request. The format is 'Bearer' followed by the token, which starts with v2.
-
X-Apprity-Tenant-Id: string
The tenant ID for which you are making this call.
Response
Supported Media Types
- application/json
200 Response
Successfully fetched records.
Root Schema : Report
Type:
Show Source
object
-
nextMarkerPosition:
string
Marker position, indicating pagination, to fetch the next set of rows.
-
rows(optional):
array rows
-
size(optional):
integer(int32)
Number of records present in the response.
-
totalCount(optional):
integer(int64)
Total number of records returned.
Nested Schema : ReportRow
Type:
Show Source
object
-
action:
string
The event or action taken on the resource.
-
actionNormalized:
string
Normalized action names.
-
actor:
string
The user who takes action on the resource.
-
applicationInstanceId:
string
The application instance id.
-
applicationInstanceName:
string
The application instance name.
-
applicationType:
string
The application type.
-
city:
string
The city from where the event was generated.
-
country:
string
The country from where the event was generated.
-
deviceType:
string
The type of the device from which the event was generated.
-
eventTime:
string
The time when the event was detected.
-
ipAddress:
string
IP address of the device from where the event was generated.
-
ipAddressClassification:
string
The IP address is classified as regular or suspicious.
-
latitude:
string
The latitude of the geo-cordinates from where the event was generated.
-
longitude:
string
The longitude of the geo-cordinates from where the event was generated.
-
platform:
string
The operation system of the device from which the event was generated.
-
resource:
string
Resource name that the user acted upon (for example, file names, folders names, or EC2 instances names).
-
resourceType:
string
Type of the resource (for example, files, folders, or EC2 instances).
-
rowId:
string
The unique identifier of the record.
-
state:
string
The state from where the event was generated.
-
subType:
string
The subtype of the event source.
-
userAgent:
string
The user agent helps to identify the browser used for the actions.
400 Response
Bad request format. Check the response for more information on which fields are inaccurate. Ensure that you have a request which follows the format.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
401 Response
Unauthorized get API call. See response for more details.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
403 Response
Retrieving all records is forbidden. It is likely that the CASB APIs aren't enabled for the tenant.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
404 Response
Requested Resource(instance ID) is not present.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
500 Response
Internal Server error occured. See response for more details.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
503 Response
Service is unavailable.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
504 Response
Gateway timed out. Please retry.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
Examples
The following example shows how to export data that is available through Report Builder in Oracle CASB Cloud Service.
Example Request Body
import requests
import json
def getAllData():
auth_t = '' ### add token id
tenantId = '' ### add tenantId
headers = {
'content-type': "application/json",
'cache-control': "no-cache",
'X-Apprity-Tenant-Id': tenantId,
'Authorization': 'Bearer ' + auth_t
}
riskEventUrlTest = "https://api-<stackname>.palerra.net/api/v1/reports/all"
startDate = "" ### startdate example - 2018-10-15T00:00:00.000Z
endDate = "" ### Enddate example - 2018-10-15T00:00:00.000Z
### Please make sure the difference of start date and date should be only one day.
nextMarkerPosition = ''
polling = 'no'
totalRecords = 0
noOfCallsToCasb = 1
parameterss = None
while True:
if (polling == "no"):
parameterss = {
'applicationInstanceName': "No_Del_AWS_Loric",
'startDate': startDate,
'endDate': endDate
}
elif (polling == "yes"):
parameterss = {
'markerPosition': nextMarkerPosition
}
print("noOfCallsToCasb:" + str(noOfCallsToCasb))
print("totalRecords:" + str(totalRecords))
noOfCallsToCasb += 1
response = requests.get(riskEventUrlTest, params=parameterss, headers=headers)
print("response.status_code " + str(response.status_code))
rawJsonFromCASBResp = json.loads(response.content.decode('utf-8'))
print(" ============ =========Response======== =======================>")
print
rawJsonFromCASBResp
print("rawJsonFromCASBResp:" + str(rawJsonFromCASBResp))
print("rawJsonFromCASBResp.content:" + str(rawJsonFromCASBResp['rows']))
pageSize = rawJsonFromCASBResp['size']
print("pageSize:" + str(pageSize))
totalRecords += pageSize
print("totalRecords:" + str(totalRecords))
if (totalRecords > 0):
if pageSize >= 100:
polling = "yes"
nextMarkerPosition = rawJsonFromCASBResp['nextMarkerPosition']
print("nextMarkerPosition:" + str(nextMarkerPosition))
print(" ===== ================= ==============================>")
else:
print("retrieved all records from casb /no records available")
polling = "no"
return
getAllData()
Example Response Body
The following example shows the contents of the response body in JSON format:
{
"rows": [
{
"applicationType": "AWS",
"applicationInstanceName": "No_Del_AWS_Trial",
"applicationInstanceId": "8f5d028e-d7e8-4ad9-9a96-72f57ca9c8c1",
"actor": "loric-thirdparty-session-1539733528152",
"action": "Get account summary",
"actionNormalized": "GETACCOUNTSUMMARY",
"subType": "IAM",
"ipAddress": "52.2.194.62",
"ipAddressClassification": "Regular",
"resource": "{}",
"resourceType": "IAM Account",
"deviceType": "API Call",
"userAgent": "aws-sdk-java/1.11.290",
"platform": "Linux",
"city": "Ashburn",
"state": "Virginia",
"country": "US",
"latitude": "39.0329",
"longitude": "-77.4866",
"eventTime": "2018-10-16T23:58:07Z",
"rowId": "8a5e1fe8-d406-462f-95ef-5414e3e4a773"
},
{
"applicationType": "AWS",
"applicationInstanceName": "No_Del_AWS_Trial",
"applicationInstanceId": "8f5d028e-d7e8-4ad9-9a96-72f57ca9c8c1",
"actor": "loric-thirdparty-session-1539733528152",
"action": "REST.GET.ACL",
"actionNormalized": "REST_GET_ACL",
"subType": "S3",
"ipAddress": "52.2.194.62",
"ipAddressClassification": "Regular",
"resource": "/trail.auto.bucket.no.delete",
"resourceType": "S3 Bucket",
"deviceType": "API Call",
"userAgent": "aws-sdk-java/1.11.290",
"platform": "Other",
"city": "Ashburn",
"state": "Virginia",
"country": "US",
"latitude": "39.0329",
"longitude": "-77.4866",
"eventTime": "2018-10-16T23:58:07Z",
"rowId": "f50f62b3-8a85-353b-953f-cb2f59633aea"
}
],
"nextMarkerPosition": "eyJhcHBpbnN0bmFtZSI6Ik5vX0RlbF9BV1NfVHJpYWwiLCJlbmREYXRlIjoiMTUzOTY0ODAwMDAwMCIsInBhZ2VTaXplIjoiMTAwIiwicGFnZSI6IjIiLCJzdGFydERhdGUiOiIxNTM5NTYxNjAwMDAwIn0=",
"totalCount": 144748,
"size": 100
}