List threats by source

POST 
/mt/monitor/v1/agg/threats/source

Retrieve an aggregated count of critical threats by source across tenants, such as: remote networks, mobile users, or proxy nodes.

Request

Query Parameters

agg_by string
Must be tenant. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.
Example: tenant

Header Parameters

X-PANW-Region string
Must be one of the following: de, americas, europe, uk, sg, ca, jp, au, in. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response is americas CDL region.
Example: americas

application/json

Body

filter object
Threats by source filter. Consists of a required operator and an array of rules objects.
operator stringrequired
Must be AND.
rules object[]
See ThreatSrcRule and TimeFilter.
anyOf
ThreatSrcRule
Array [
operator string
Filter operator that is one of the example values and is run on the property field
property string
Filter property field that is one of the example values
values string[]
Filter property values
]
TimeFilter
Array [
operator string
Filter operator that is one of the example values and is run on the property field
property string
Filter property field that is one of the example values
values string[]
Filter property value
]
properties object[]required
List of property json objects
Array [
alias string
property string
Threats by source property. See ThreatSrcProperty.
]

Responses

200

Success

application/json

Schema

Schema

any

Threat Count by Source

[
  {
    "total_mobile_users": 10,
    "total_proxy_nodes": 10,
    "total_remote_network": 10,
    "total_threats": 10
  }
]

Threat Count by Source per Tenant

[
  {
    "sub_tenant_id": "<sub_tenant_id>",
    "total_mobile_users": 10,
    "total_proxy_nodes": 10,
    "total_remote_network": 10,
    "total_threats": 10
  }
]

400

Bad Request

500

Server Error

Loading...