You can work with the REST API that is provided, also known as Forensics API, to create commands that download data for reporting and run them.
The data is related to the processing of web requests. For example, when a user requests access to the web, the user ID, the source IP address, or the type of action that was performed, such as HTTP GET or POST, can be retrieved.
Data can also be downloaded for traffic that is isolated using Remote Browser Isolation (RBI) and for Private Access traffic.
After logging on to the REST API, you enter a download command, using an HTTP client tool, such as curl or wget. To limit the amount of data that is downloaded, you specify a version header to determine the data fields that are included in a report and timestamp filters to set a time range for running it.
For more information about the download command, see Create a Report with the REST API.
The REST API is available when you are running one of these Skyhigh Security products:
Security Service Edge (SSE)
Secure Web Gateway Cloud Service (Secure WGCS)
NOTE: Secure Web Gateway Cloud Service will reach end-of-life (EOL) status on December 31, 2022. No support will be provided for this product after this date.
The data that is downloaded for reporting is related to the processing of web requests performed by each of the two products.
When you are working with the REST API, the command that you enter to download data for reporting returns the names of the data fields that were downloaded and the values for each of the fields.
Data fields contain data that is related to the processing of web requests. They include, for example:
A version header, for example, x-mwg-api-version: 9, is specified as a parameter of the download command. It determines which data fields are included in a report.
For a list of the available version headers with their data fields, see Reporting Fields.