Get Alert Count by Policy Groups
POST/alert/v1/aggregate
Get policy groups with alert count based on the group by policy and input filters. The list is paginated and to fetch the remaining data, provide the nextPageToken.
Request
- application/json
Body
required
- Array [
- ]
- AbsoluteTimeRangeConfig
- FromNowTimeRangeConfig
- RelativeTimeRangeConfig
- ToNowTimeRangeConfig
filters object[]
Filter parameters
Array of sort properties.
Append :asc or :desc to the key to sort by ascending or descending order, respectively. Example: id:asc.
Possible values: [policy.type, policy.severity, policy.label, compliance.standard]
Group by field.
Maximum number of items to return per page when data is paginated. The value cannot exceed 500 and default value is 50.
The nextPageToken value from the previous response object, which is used to get the next page of data.
timeRange object
Possible values: [to_now,absolute,relative,from_now]
Possible values: [epoch]
Possible values: [lastOpenStateTs, lastStatusChangeTs, lastOpenStateTs]
value object
Possible values: [to_now,absolute,relative,from_now]
Possible values: [epoch]
Possible values: [lastOpenStateTs, lastStatusChangeTs, lastOpenStateTs]
Possible values: [minute, hour, day, week, month, year, epoch, login]
Possible values: [to_now,absolute,relative,from_now]
Possible values: [epoch]
Possible values: [lastOpenStateTs, lastStatusChangeTs, lastOpenStateTs]
value object
Possible values: [minute, hour, day, week, month, year, epoch, login]
Possible values: [BACKWARD, FORWARD]
Possible values: [to_now,absolute,relative,from_now]
Possible values: [epoch]
Possible values: [lastOpenStateTs, lastStatusChangeTs, lastOpenStateTs]
Possible values: [minute, hour, day, week, month, year, epoch, login]
Responses
- 200
- 400
- 4XX
Successful operation
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
groups object[]
group by field, for example : policy type, compliance standard etc
sum of all alert count for all policies in the group
number of policies in the group
alert count for policies with critical severity in the group
alert count for policies with high severity in the group
alert count for policies with medium severity in the group
alert count for policies with low severity in the group
alert count for policies with informational severity in the group
number of build policy
number of run policy
List of finding types
Possible values: [all, aws, azure, gcp, alibaba_cloud, oci, other, ibm]
List of cloud types
List of policy ids
{
"groups": [
{
"group": "string",
"totalAlerts": 0,
"totalPolicies": 0,
"criticalAlertCount": 0,
"highAlertCount": 0,
"mediumAlertCount": 0,
"lowAlertCount": 0,
"informationalAlertCount": 0,
"buildPolicyCount": 0,
"runPolicyCount": 0,
"findingTypes": [
"string"
],
"cloudTypes": [
"all"
],
"policyIds": [
"string"
]
}
],
"groupBy": "string",
"nextPageToken": "string"
}
Bad Request
- */*
- Schema
Schema
string
Client error
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
errorDetails object[]
{
"timestamp": "string",
"status": 0,
"error": "string",
"errorDetails": [
{
"name": "string",
"message": "string"
}
],
"message": "string",
"path": "string"
}