List threats
Retrieve an aggregated list of all threats across tenants.
Query Parameters
- agg_by string
Must be
tenant
. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.Example: tenant
Header Parameters
- X-PANW-Region string
Must be one of the following:
de
,americas
,europe
,uk
,sg
,ca
,jp
,au
,in
. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response isamericas
CDL region.Example: americas
- application/json
Request Body
filter object
Threats list filter. Consists of a required operator and an array of rules objects.
operator string requiredMust be
AND
.rules object[]
See ThreatRule and TimeFilter.
- anyOf
- ThreatRule
- TimeFilter
Array [operator stringMust be
AND
.property stringFilter property field that is one of the example values
values string[]Filter property value
]Array [operator stringFilter operator that is one of the example values and is run on the property field
property stringFilter property field that is one of the example values
values string[]Filter property value
]Array [object]properties object[] required
List of property json objects
Array [alias stringfunction stringOperations that need to be run on the property field. Operations can be run only on number properties.
property stringThreat list property. See ThreatProperty.
sort object
order stringSort Order for the property
]
- 200
- 400
- 500
Success
- application/json
- Schema
- Threat List
- Threats Summary Full
Schema
- any
[
{
"tenant_id": "1234",
"tenant_name": "Tenant_1234",
"threat_count": 100,
"threat_severity": "critical",
"threat_severity_count": 10,
"unique_threat_count": 10,
"url_count": 10,
"url_type": "URL Type"
}
]
[
{
"blocked_count": 10,
"malicious_count": 10,
"sub_tenant_id": "<sub_tenant_id>",
"total_threats": 10,
"unblocked_count": 10,
"unknown_count": 10
}
]
Bad Request
Server Error