List threat count

Retrieve an aggregated count of threats across tenants.

Query Parameters

agg_by string

Must be tenant. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.

Example: tenant

Header Parameters

X-PANW-Region string

Must be one of the following: de, americas, europe, uk, sg, ca, jp, au, in. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response is americas CDL region.

Example: americas

application/json

Request Body

filter object

Resource count filter. Consists of a required operator and an array of rules objects.

operator string required

Must be AND.

rules object[]

See UrlLogsRule and TimeFilter.

anyOf

TimeFilter

UrlLogsRule

operator string

Filter operator that is one of the example values and is run on the property field

property string

Filter property field that is one of the example values

values string[]

Filter property value

properties object[] required

List of property json objects

Array [

alias string

property string

App summary property. See ResourceProperty.

]

Responses

Success

application/json

Schema

Threats Distribution by Threat Type

Threats Trend

Top Users with Critical Threats

Schema

any

[
  {
    "threat_count": 10,
    "threat_sub_type": "<threat_sub_type>",
    "unique_threat_count": 5
  }
]

[
  {
    "count": 10,
    "event_time": "<event_time_ms>"
  }
]

[
  {
    "source_user": "<source-user>",
    "source_user_info_name": "<source-user-info-name>",
    "total_threat_count": 3999,
    "unique_threat_count": 3924
  }
]

List threat count​

List threat count