List threat count
POST/mt/monitor/v1/agg/threats
Retrieve an aggregated count of threats across tenants.
Request
Query Parameters
Must be tenant
. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.
Header Parameters
Must be one of the following: de
, americas
, europe
, uk
, sg
, ca
, jp
, au
, in
. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response is americas
CDL region.
- application/json
Body
- TimeFilter
- UrlLogsRule
- Array [
- ]
- Array [
- ]
- Array [
- ]
filter objectrequired
filter json object
Always set to AND
rules object[]
Filter operator that is one of the example values and is run on the property field
Filter property field that is one of the example values
Filter property value
Filter operator that is one of the example values and is run on the property field
Filter property field that is one of the example values
Filter property values
properties object[]required
List of property json objects
Property field name. Property fields will be returned in the API response.
Responses
- 200
- 400
- 500
Success
- application/json
- Schema
- Threats Distribution by Threat Type
- Threats Trend
- Top Users with Critical Threats
Schema
- any
[
{
"threat_count": 10,
"threat_sub_type": "<threat_sub_type>",
"unique_threat_count": 5
}
]
[
{
"count": 10,
"event_time": "<event_time_ms>"
}
]
[
{
"source_user": "<source-user>",
"source_user_info_name": "<source-user-info-name>",
"total_threat_count": 3999,
"unique_threat_count": 3924
}
]
Bad Request
Server Error