List threat count
Retrieve an aggregated count of threats across tenants.
Query Parameters
- agg_by string
Must be
tenant
. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.Example: tenant
Header Parameters
- X-PANW-Region string
Must be one of the following:
de
,americas
,europe
,uk
,sg
,ca
,jp
,au
,in
. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response isamericas
CDL region.Example: americas
- application/json
Request Body
filter object
Resource count filter. Consists of a required operator and an array of rules objects.
operator string requiredMust be
AND
.rules object[]
See UrlLogsRule and TimeFilter.
- anyOf
- TimeFilter
- UrlLogsRule
Array [operator stringFilter operator that is one of the example values and is run on the property field
property stringFilter property field that is one of the example values
values string[]Filter property value
]Array [operator stringFilter operator that is one of the example values and is run on the property field
property stringFilter property field that is one of the example values
values string[]Filter property values
]Array [object]properties object[] required
List of property json objects
Array [alias stringproperty stringApp summary property. See ResourceProperty.
]
- 200
- 400
- 500
Success
- application/json
- Schema
- Threats Distribution by Threat Type
- Threats Trend
- Top Users with Critical Threats
Schema
- any
[
{
"threat_count": 10,
"threat_sub_type": "<threat_sub_type>",
"unique_threat_count": 5
}
]
[
{
"count": 10,
"event_time": "<event_time_ms>"
}
]
[
{
"source_user": "<source-user>",
"source_user_info_name": "<source-user-info-name>",
"total_threat_count": 3999,
"unique_threat_count": 3924
}
]
Bad Request
Server Error