List threats
POST/mt/monitor/v1/agg/threats/list
Retrieve an aggregated list of all threats across tenants.
Request
Query Parameters
Must be tenant
. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.
Header Parameters
Must be one of the following: de
, americas
, europe
, uk
, sg
, ca
, jp
, au
, in
. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response is americas
CDL region.
- application/json
Body
- ThreatRule
- TimeFilter
- Array [
- ]
- Array [
- ]
- Array [
- ]
filter object
Threats list filter. Consists of a required operator and an array of rules objects.
Must be AND
.
rules object[]
See ThreatRule and TimeFilter.
Must be AND
.
Filter property field that is one of the example values
Filter property value
Filter operator that is one of the example values and is run on the property field
Filter property field that is one of the example values
Filter property value
properties object[]required
List of property json objects
Operations that need to be run on the property field. Operations can be run only on number properties.
Threat list property. See ThreatProperty.
sort object
Sort Order for the property
Responses
- 200
- 400
- 500
Success
- application/json
- Schema
- Threat List
- Threats Summary Full
Schema
- any
[
{
"tenant_id": "1234",
"tenant_name": "Tenant_1234",
"threat_count": 100,
"threat_severity": "critical",
"threat_severity_count": 10,
"unique_threat_count": 10,
"url_count": 10,
"url_type": "URL Type"
}
]
[
{
"blocked_count": 10,
"malicious_count": 10,
"sub_tenant_id": "<sub_tenant_id>",
"total_threats": 10,
"unblocked_count": 10,
"unknown_count": 10
}
]
Bad Request
Server Error