List threat count
Retrieve an aggregated count of threats across tenants.
Query Parameters
- agg_by string
Must be
tenant. Using the query parameter returns all the aggregated responses for the current parent tenant and its child tenants. If not used, the results for just the current tenant are returned.Example: tenant
Header Parameters
- X-PANW-Region string
Must be one of the following:
de,americas,europe,uk,sg,ca,jp,au,in. Returns details from the Cortex Data Lake (CDL) region specified. If no region is specified, the default response isamericasCDL region.Example: americas
- application/json
Request Body
filter object
Resource count filter. Consists of a required operator and an array of rules objects.
operator string requiredMust be
AND.rules object[]
See UrlLogsRule and TimeFilter.
- anyOf
- TimeFilter
- UrlLogsRule
Array [operator stringFilter operator that is one of the example values and is run on the property field
property stringFilter property field that is one of the example values
values string[]Filter property value
]Array [operator stringFilter operator that is one of the example values and is run on the property field
property stringFilter property field that is one of the example values
values string[]Filter property values
]Array [object]properties object[] required
List of property json objects
Array [alias stringproperty stringApp summary property. See ResourceProperty.
]
- 200
- 400
- 500
Success
- application/json
- Schema
- Threats Distribution by Threat Type
- Threats Trend
- Top Users with Critical Threats
Schema
- any
[
{
"threat_count": 10,
"threat_sub_type": "<threat_sub_type>",
"unique_threat_count": 5
}
]
[
{
"count": 10,
"event_time": "<event_time_ms>"
}
]
[
{
"source_user": "<source-user>",
"source_user_info_name": "<source-user-info-name>",
"total_threat_count": 3999,
"unique_threat_count": 3924
}
]
Bad Request
Server Error