Skip to main content
Skyhigh Security

Create a Report with the Forensics API

You can use the Forensics API to create a report that includes data on processing web requests.

  1. Log on to the Forensics API.

    To log on, you must provide a URL with a country or region prefix to indicate where you log on. It also includes
    logapi.skyhigh.cloud as the domain name and your customer ID.

    Example: us.logapi.skyhigh.cloud/mwg/api/reporting/forensic/<customer ID>

    Use the customer ID here that you received when you purchased the product, but leave out the initial c before the string of numbers, for example, 1234567890.

    Prefixes can be used here as follows:

    ae — United Arab Emirates
    au — Australia
    ca — Canada   
    de — Germany (Europe)
    gb — United Kingdom
    in  — India
    sa — Kingdom of Saudi Arabia
    sg — Singapore
    us — United States (North America)

  2. Enter a command to download data for your report.

    Use an HTTP client tool for this, such as curl or wget. Include required and optional parameters as needed. Important required parameters are:

  • Version header — Depending on his header, different combination of data fields, for example, user_id, source_ip, and http_action, can be downloaded for reporting.

    For a list of all available version headers with their data fields, see Reporting Fields.

  • Timestamp filters — Specify the time range during which data is downloaded

    For more information about these filters, see Reporting Filters and Reporting Timestamp.

A complete download command looks like this:

curl --insecure --verbose --header 'Accept: text/csv' --header 'x-mwg-api-version: 3' --compressed
--user <user name>:<password> https://logapi.skyhigh.cloud/mwg/api/reporting/forensic/12345678
?filter.requestTimestampFrom=1527279524&filter.requestTimestampTo=1527283124&order.0.requestTimestamp=asc

Depending on the HTTP client tool that you are using, you may have to escape the & (ampersand) character by a preceding \ (backslash) to run the command properly. Use \& instead of simply & then.

For more information about this command and the output it returns, see Reporting Examples

When the report has been run, you can review the downloaded data and analyze them.

  • Was this article helpful?