Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About the Activities Download API

This REST endpoint fetches activities for a given Anomaly (anomaly Id). This can be used for forensic investigations where an administrator wants to drill down into which user activity resulted in the creation of the anomaly. The API provides activities for the last 15 days from date of query. Access to the API is enabled on a case-by-case basis. 

Activities Availability

  • Activities are made available 12 hours after an anomaly is created.
  • Activities are available for anomalies created in the last 15 days.
  • The API returns the latest 100,000 activities for an anomaly.

REST Endpoint v2


POST <dashboardURL>/shnapi/rest/external/api/v2/queryActivities


  "incident_id": <anomalyId<>


Auth required

Data Retrieval

Other Details

  • A clear message is produced if a feature is not enabled for a tenant.

    "code": 401,
    "message": "Feature is not enabled for this tenant"
  • This API is enabled on a case-by-case basis. So, if you don't have access, please contact Skyhigh Support to get access to the API data. 
  • If the feature flag has been turned on for the last x days, and the request comes in for y (where x < y < 15), all available data is shared.
  • No activities are returned if an Anomaly for a provided incident ID does not exist or does not have any activities in the last 15 days.

Response for a Successful Call

Response Sample: SUCCESS 200 OK

Activity Timestamp,Account ID,Activity Name,ASN,ASN Name,City,Device Type,User Agent,OS,Domain,Country,CSP Name,Device Managed,Directory?,Number of events,File/Folder Path,File/Report Name,File Owner,Sharing Enabled?,File Size,File Type,IP Organization,Instance Name,Activity Trust,Network Type,Operation,Profile,Proxy Description,Proxy Type,Region,Service Name,Site Url,Source IP,Target Id,Workflow Id,Trusted for,Trust Reason,URL,User Name

1633523160000,,"File downloaded",9583,"sify limited","new delhi",Tablet,"Mozilla/5.0 (iPad; CPU OS 10_1_1 like Mac OS X) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0 Mobile/14B100 Safari/602.1",iOS,,IN,"Microsoft Office 365 and OneDrive",false,false,21,,"Week 49 PC MB Opportunity Planner.xlsx",,false,,xlsx,"sify limited",Default,false,broadband,FileDownloaded,,N/A,N/A,dl,OneDrive,"",," Planners/Week 49 PC MB Opportunity Planner.xlsx",5976,None,"No Reason",,""

  • Was this article helpful?