Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Import Incident Activities to SIEM

You can import the incident activities in a compressed CSV file format and send them to SIEM.

The Skyhigh Cloud Connector can:

  • Query the CSV file and send it to the SIEM.
  • Expose the endpoint to invoke SIEM and pass the Incident ID or Date Range. These parameters are passed to SHNAPI to get the activity data and send it to the SIEM.

 To import the incident /query activities to SIEM, run the following curl command:

curl -k -X POST \
'https://SKYHIGH CASB URL/shnapi/rest/external/api/v1/queryActivities'
-H 'content-type: application/json' \
-H 'Authorization: Basic AuthToken'\
-H 'Cookie:JSESSION ID=SessionNumber'\
-d '{ "incidentId": "incidentNumber","start_time: "yyyy-mm-dd","end_time": "yyyy-mm-dd"}'

//Response shows the list of column names in the CSV file format

 NOTE: The Incident ID is a mandatory field. The Start time and End time are optional fields.

Example:

curl -k -X POST \
'https://www.myshn.net/shnapi/rest/external/api/v1/queryActivities'
-H 'content-type: application/json' \
-H 'Authorization: Basic c2hpdmFzYWkxMzkzNEBnbWFpbC5jb206QWJjZF8xMjM0NTY3OA=='\
-H 'Cookie:JSESSION ID= C04B1336A0FEFFA0A5C3C45B6B6B7602.shnapi-08ce8b66c61bc873b'\
-d '{ "incidentId": "469","start_time: "2020-10-29","end_time": "2020-11-03"}'

//Response shows the list of column names in the CSV file format

timestamp,accountId,actionName,asn,asnName,city,clientCategory,clientName,
clientOS,collabGroup,collabGroupAndTarget,count,country,cspId,deviceManaged,
directory,downloadBytes,eventCount,fileFolderPath,fileName,fileOwner,fileSharingEnabled,
fileSize,fileType,geoOrgNameV1,httpMethod,instanceId,isSourceTrusted,
locationId,monitoringStatusMetric,networkType,noOfObjects,objectType,
operation,profile,proxyDescription,proxyServerTime,proxyTotalTime,proxyType,
region,serviceName,shnProcessTimestamp,siteUrl,sourceIP,sourceIdentifier,
subCspId,targetId,targetType,tenantId,threatCategory,trustEntity,trustReason,
uploadBytes,url,user,userCount
  • Was this article helpful?