List threat summary

Retrieve an aggregated summary of threats across tenants.

Query Parameters

agg_by string
Must be tenant. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.
Example: tenant

Header Parameters

X-PANW-Region string
Must be one of the following: de, americas, europe, uk, sg, ca, jp, au, in. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response is americas CDL region.
Example: americas

application/json

Request Body

filter object
Threats summary filter. Consists of a required operator and an array of rules objects.
operator string required
Must be AND.
rules object[]
See ThreatSummaryRule and TimeFilter.
anyOf
ThreatSummaryRule
TimeFilter
Array [
operator string
Filter operator that is one of the example values and is run on the property field
property string
Filter property field that is one of the example values
values string[]
Filter property values
]
Array [
object
]

properties object[] required

List of property json objects

Array [

alias string

property string

Threat summary property. See ThreatSummaryProperty.

]

Responses

Success

application/json

Schema

any

[
  {
    "blocked_count": 10,
    "total_threats": 10
  }
]

[
  {
    "blocked_count": 79760,
    "malicious_count": 16654,
    "sub_tenant_id": "<sub-tenant-id>",
    "total_threats": 99574,
    "unblocked_count": 19814,
    "unknown_count": 0,
    "wildfire_verdict": 0
  }
]

[
  {
    "sub_tenant_id": "<sub-tenant-id>",
    "total": 99574,
    "value": 19814
  }
]

[
  {
    "total_threats": 10
  }
]

[
  {
    "sub_tenant_id": "<sub_tenant_id>",
    "total_threats": 10
  }
]

[
  {
    "total_threats": 10,
    "unblocked_count": 10
  }
]

List threat summary​

List threat summary