Get user risk score report
get
/api/v1/reports/details/{reportName}
This call will retrieve the user risk score report. Filters can be applied using the query parameters.
Request
Supported Media Types
- application/json
Path Parameters
-
reportName: string
The name of the report to be retrieved. Sample value is 'Userrisk'. This report name must be present as a path parameter.
Query Parameters
-
applicationInstanceName(optional): string
The name of the application instance from which the risk score report is to be retrieved. Default is to include all application instances.
-
applicationType(optional): string
Application type, such as 'AWS', 'BOX', 'SFDC', 'O365', 'Slack', 'ServiceNow', etc. Default is to include all application types.
-
markerPosition(optional): string
Marker position, indicating pagination, from which to begin retrieving the next set of records. This should be fetched from the response of the first request and used in subsequent requests.
-
pagesize: string
Page size in number of events. The maximum value allowed is 100.
-
userName(optional): string
The name of the user for which the risk score report is to be retrieved.
Header Parameters
-
Authorization: string
Contains authorization token receieved by making create token API call. The format is 'Bearer' followed by the token which starts with v2.
-
X-Apprity-Tenant-Id: string
The tenant ID for which you are making this call.
Response
Supported Media Types
- application/json
- application/gzip
200 Response
Successfully read user risk score.
Root Schema : ReportResponse
Type:
Show Source
object-
description(optional):
string
The detailed description.
-
displayInstanceColumn(optional):
boolean
If value passed was true, the Instance column is included in the report.
-
maxCount(optional):
integer(int32)
Maximum page size, in records, to be returned. Default value is 100.
-
nextMarkerPosition(optional):
string
Marker position, from which to begin retrieving the next set of risk details
-
reportId(optional):
string
ID of the report for which results have been returned.
-
size(optional):
integer(int32)
Number of records present in the response.
-
tenantName(optional):
string
The name of the tenant from which the risk scores are reported.
-
title(optional):
string
The short description.
-
totalCount(optional):
integer(int64)
Total number of records returned.
-
userRiskScores(optional):
array userRiskScores
The list of users and their associated risk scores.
Nested Schema : userRiskScores
Type:
arrayThe list of users and their associated risk scores.
Show Source
Nested Schema : userRiskScores
Type:
Show Source
object-
appinstance(optional):
string
Application instance name for which the risk was detected.
-
appInstanceId(optional):
string
Application instance ID for which the risk was detected.
-
appname(optional):
string
Application type for which the risk was detected.
-
rowId(optional):
string
-
userRiskDetails(optional):
array userRiskDetails
Risk details that includes risk level, username, risk score, reasons for the risk, detected date, reasons and counts.
Nested Schema : userRiskDetails
Type:
arrayRisk details that includes risk level, username, risk score, reasons for the risk, detected date, reasons and counts.
Show Source
Nested Schema : userRiskDetails
Type:
Show Source
object-
displayname(optional):
string
The report's display name
-
name(optional):
string
The report's name
-
value(optional):
string
The report's value
400 Response
Bad request format. Check the response for more information on which fields are inaccurate. Ensure that you have a request which follows the format.
Root Schema : Error
Type:
Show Source
object-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
401 Response
Unauthorized get API call. See response for more details.
Root Schema : Error
Type:
Show Source
object-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
403 Response
Retrieving all user risk score events is forbidden. It is likely that the CASB APIs aren???t enabled for the tenant.
Root Schema : Error
Type:
Show Source
object-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
404 Response
Requested Resource(instance ID) is not present.
Root Schema : Error
Type:
Show Source
object-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
500 Response
Internal Server error occured. See response for more details.
Root Schema : Error
Type:
Show Source
object-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
503 Response
Service is unavailable.
Root Schema : Error
Type:
Show Source
object-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
504 Response
Gateway timed out. Please retry.
Root Schema : Error
Type:
Show Source
object-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
Examples
The following example shows how to retrieve a user risk report by submitting a GET request.
Example Response Body: Retrieving a User Risk Report
The following example shows the contents of the response body in JSON format:
{
"type": "ReportResponse",
"tenantName": "e6d29a75-cdaf-4dfa-b35d-90c77899eb10",
"reportId": "userrisk",
"maxCount": 100,
"totalCount": 6,
"size": 6,
"title": "Users at risk",
"description": "User risk scores based on LORIC's analysis of suspicious activity patterns",
"userRiskScores": [
{
"appname": "SFDC",
"appinstance": "publiceventsapi",
"appInstanceId": "bd4716ef-d9b3-4348-8793-347134edce7a",
"userRiskDetails": [
{
"displayname": "Risk Level",
"value": "Normal"
},
{
"displayname": "User name",
"value": "andylemarc@mycompany.com"
},
{
"displayname": "Maximum Risk Score",
"value": "00"
},
{
"displayname": "Reasons",
"value": "[\"bd4716ef-d9b3-4348-8793-347134edce7a\", \"2017-10-24T23:29:38Z\", {\"MSG_NO_RISK_FACTORS\":\"No risk factors\"}]"
},
{
"displayname": "Detected Date",
"value": "2017-10-24T00:00:00Z"
},
{
"displayname": "ReasonsAverage",
"value": "{}"
},
{
"displayname": "ReasonsCounts",
"value": "{}"
},
{
"displayname": "Detected Date ISOFormat",
"value": "2017-10-24T00:00:00Z"
}
]
},
{
"appname": "SFDC",
"appinstance": "publiceventsapi",
"appInstanceId": "bd4716ef-d9b3-4348-8793-347134edce7a",
"userRiskDetails": [
{
"displayname": "Risk Level",
"value": "Normal"
},
{
"displayname": "User name",
"value": "carlagomez@mycompany.com"
},
{
"displayname": "Maximum Risk Score",
"value": "00"
},
{
"displayname": "Reasons",
"value": "[\"bd4716ef-d9b3-4348-8793-347134edce7a\", \"2017-10-24T23:29:38Z\", {\"MSG_NO_RISK_FACTORS\":\"No risk factors\"}]"
},
{
"displayname": "Detected Date",
"value": "2017-10-24T00:00:00Z"
},
{
"displayname": "ReasonsAverage",
"value": "{}"
},
{
"displayname": "ReasonsCounts",
"value": "{}"
},
{
"displayname": "Detected Date ISOFormat",
"value": "2017-10-24T00:00:00Z"
}
]
},
{
"appname": "SFDC",
"appinstance": "publiceventsapi",
"appInstanceId": "bd4716ef-d9b3-4348-8793-347134edce7a",
"userRiskDetails": [
{
"displayname": "Risk Level",
"value": "Normal"
},
{
"displayname": "User name",
"value": "billwong@mycompany.com"
},
{
"displayname": "Maximum Risk Score",
"value": "00"
},
{
"displayname": "Reasons",
"value": "[\"bd4716ef-d9b3-4348-8793-347134edce7a\", \"2017-10-24T23:29:38Z\", {\"MSG_NO_RISK_FACTORS\":\"No risk factors\"}]"
},
{
"displayname": "Detected Date",
"value": "2017-10-24T00:00:00Z"
},
{
"displayname": "ReasonsAverage",
"value": "{}"
},
{
"displayname": "ReasonsCounts",
"value": "{}"
},
{
"displayname": "Detected Date ISOFormat",
"value": "2017-10-24T00:00:00Z"
}
]
},
{
"appname": "SFDC",
"appinstance": "publiceventsapi",
"appInstanceId": "bd4716ef-d9b3-4348-8793-347134edce7a",
"userRiskDetails": [
{
"displayname": "Risk Level",
"value": "Normal"
},
{
"displayname": "User name",
"value": "suelee@mycompany.com"
},
{
"displayname": "Maximum Risk Score",
"value": "00"
},
{
"displayname": "Reasons",
"value": "[\"bd4716ef-d9b3-4348-8793-347134edce7a\", \"2017-10-24T23:29:38Z\", {\"MSG_NO_RISK_FACTORS\":\"No risk factors\"}]"
},
{
"displayname": "Detected Date",
"value": "2017-10-24T00:00:00Z"
},
{
"displayname": "ReasonsAverage",
"value": "{}"
},
{
"displayname": "ReasonsCounts",
"value": "{}"
},
{
"displayname": "Detected Date ISOFormat",
"value": "2017-10-24T00:00:00Z"
}
]
},
{
"appname": "SFDC",
"appinstance": "publiceventsapi",
"appInstanceId": "bd4716ef-d9b3-4348-8793-347134edce7a",
"userRiskDetails": [
{
"displayname": "Risk Level",
"value": "Normal"
},
{
"displayname": "User name",
"value": "sashakopek@mycompany.com"
},
{
"displayname": "Maximum Risk Score",
"value": "00"
},
{
"displayname": "Reasons",
"value": "[\"bd4716ef-d9b3-4348-8793-347134edce7a\", \"2017-10-24T23:29:38Z\", {\"NETWRK_PREFIX_EVENTS\":\"Total IP network prefix for all events\"}]"
},
{
"displayname": "Detected Date",
"value": "2017-10-24T00:00:00Z"
},
{
"displayname": "ReasonsAverage",
"value": "{\"NETWRK_PREFIX_EVENTS\":\"1\"}"
},
{
"displayname": "ReasonsCounts",
"value": "{\"NETWRK_PREFIX_EVENTS\":\"1\"}"
},
{
"displayname": "Detected Date ISOFormat",
"value": "2017-10-24T00:00:00Z"
}
]
},
{
"appname": "SFDC",
"appinstance": "publiceventsapi",
"appInstanceId": "bd4716ef-d9b3-4348-8793-347134edce7a",
"userRiskDetails": [
{
"displayname": "Risk Level",
"value": "Normal"
},
{
"displayname": "User name",
"value": "leiamacintosh@mycompany.com"
},
{
"displayname": "Maximum Risk Score",
"value": "00"
},
{
"displayname": "Reasons",
"value": "[\"bd4716ef-d9b3-4348-8793-347134edce7a\", \"2017-10-24T23:29:38Z\", {\"NETWRK_PREFIX_EVENTS\":\"Total IP network prefix for all events\"}]"
},
{
"displayname": "Detected Date",
"value": "2017-10-24T00:00:00Z"
},
{
"displayname": "ReasonsAverage",
"value": "{\"NETWRK_PREFIX_EVENTS\":\"1\"}"
},
{
"displayname": "ReasonsCounts",
"value": "{\"NETWRK_PREFIX_EVENTS\":\"3\"}"
},
{
"displayname": "Detected Date ISOFormat",
"value": "2017-10-24T00:00:00Z"
}
]
}
]
}