List threat summary
POST/mt/monitor/v1/agg/threats/summary
Retrieve an aggregated summary of threats across tenants.
Request
Query Parameters
Must be tenant
. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.
Header Parameters
Must be one of the following: de
, americas
, europe
, uk
, sg
, ca
, jp
, au
, in
. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response is americas
CDL region.
- application/json
Body
- ThreatSummaryRule
- TimeFilter
- Array [
- ]
- Array [
- ]
- Array [
- ]
filter objectrequired
filter json object
Always set to AND
rules object[]
Filter operator that is one of the example values and is run on the property field
Filter property field that is one of the example values
Filter property values
Filter operator that is one of the example values and is run on the property field
Filter property field that is one of the example values
Filter property value
properties object[]required
List of property json objects
Property field name. Property fields will be returned in the API response.
Responses
- 200
- 400
- 500
Success
- application/json
- Schema
- Blocked Threats
- Threat Summary
- Top Tenants with Unblocked Threats
- Total Critical Threats
- Total Critical Threats Per Tenant
- Unblocked Threats
Schema
- any
[
{
"blocked_count": 10,
"total_threats": 10
}
]
[
{
"blocked_count": 79760,
"malicious_count": 16654,
"sub_tenant_id": "<sub-tenant-id>",
"total_threats": 99574,
"unblocked_count": 19814,
"unknown_count": 0,
"wildfire_verdict": 0
}
]
[
{
"sub_tenant_id": "<sub-tenant-id>",
"total": 99574,
"value": 19814
}
]
[
{
"total_threats": 10
}
]
[
{
"sub_tenant_id": "<sub_tenant_id>",
"total_threats": 10
}
]
[
{
"total_threats": 10,
"unblocked_count": 10
}
]
Bad Request
Server Error