List threats by source
POST/mt/monitor/v1/agg/threats/source
Retrieve an aggregated count of critical threats by source across tenants, such as: remote networks, mobile users, or proxy nodes.
Request
Query Parameters
Must be tenant
. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.
Header Parameters
Must be one of the following: de
, americas
, europe
, uk
, sg
, ca
, jp
, au
, in
. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response is americas
CDL region.
- application/json
Body
- ThreatSrcRule
- TimeFilter
- Array [
- ]
- Array [
- ]
- Array [
- ]
filter object
Threats by source filter. Consists of a required operator and an array of rules objects.
Must be AND
.
rules object[]
See ThreatSrcRule and TimeFilter.
Filter operator that is one of the example values and is run on the property field
Filter property field that is one of the example values
Filter property values
Filter operator that is one of the example values and is run on the property field
Filter property field that is one of the example values
Filter property value
properties object[]required
List of property json objects
Threats by source property. See ThreatSrcProperty.
Responses
- 200
- 400
- 500
Success
- application/json
- Schema
- Threat Count by Source
- Threat Count by Source per Tenant
Schema
- any
[
{
"total_mobile_users": 10,
"total_proxy_nodes": 10,
"total_remote_network": 10,
"total_threats": 10
}
]
[
{
"sub_tenant_id": "<sub_tenant_id>",
"total_mobile_users": 10,
"total_proxy_nodes": 10,
"total_remote_network": 10,
"total_threats": 10
}
]
Bad Request
Server Error