Incident Aggregates Endpoint
The incident aggregates endpoints return aggregations for incidents (by policies/users/status).
Incident Aggregates
(id:incident aggregates)
| Field ID | Type | Description |
|---|---|---|
| agg | resource | The aggregates object |
| info | integer | Number of info severity incidents |
| total | integer | Overall number of incidents |
| warning | integer | Number of warning severity incidents |
| critical | integer | Number of critical severity incidents |
| alert | integer | Number of alert severity incidents |
| id | string | The id of the policy/status/user |
| name | string | The name of the policy/status/user |
Incident Aggregates Filters
| Filter | Usage | Example |
|---|---|---|
| created_after | Filter based on incidents created after a given date | https://callapi.cloudlock.com/pi/v2/incidents/aggregates/users?created_after=2018-01-18T16:55 |
| vendor | Filter based on the platform (i.e. google, salesforce, etc) | https://callapi.cloudlock.com/incidents/aggregates/users?vendor=google |
| order | Order based on the severity (at this time only descending severity is supported) | https://callapi.cloudlock.com/incidents/aggregates/users?order=-severity |
| policies | Return aggregates by policies | https://callapi.cloudlock.com/incidents/aggregates/policies |
| users | Return aggregates by users | https://callapi.cloudlock.com/incidents/aggregates/users |
| status | Return aggregates by status | https://callapi.cloudlock.com/incidents/aggregates/status |
Incident Aggregates for Policies
[/incidents/aggregates/policies]
List incident aggregates policies [GET]
Response 200 (application/json)
[
{
"agg": {
"info": 34,
"total": 1247,
"warning": 0,
"critical": 770,
"alert": 443
},
"id": "G8qz0vb49V",
"name": "Social Security Number"
},
{
"agg": {
"info": 1,
"total": 1,
"warning": 0,
"critical": 0,
"alert": 0
},
"id": "RObzYGd4AL",
"name": "Report Export"
},
{
"agg": {
"info": 2549,
"total": 2549,
"warning": 0,
"critical": 0,
"alert": 0
},
"id": "GbO4Q6lxLp",
"name": "Custom Regex"
},
{
"agg": {
"info": 0,
"total": 11,
"warning": 11,
"critical": 0,
"alert": 0
},
"id": "rNP3DKdzBy",
"name": "Risky Access Scopes"
},
{
"agg": {
"info": 0,
"total": 2,
"warning": 0,
"critical": 2,
"alert": 0
},
"id": "oLZ48JWzev",
"name": "policy for salesforce"
}
]
incident aggregates for users
[/incidents/aggregates/users]
List incident aggregates users [GET]
Response 200 (application/json)
[
{
"agg": {
"info": 134,
"total": 2049,
"warning": 1913,
"critical": 2,
"alert": 0
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 929,
"total": 1414,
"warning": 5,
"critical": 11,
"alert": 469
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 70,
"total": 423,
"warning": 39,
"critical": 279,
"alert": 35
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 55,
"total": 110,
"warning": 35,
"critical": 20,
"alert": 0
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 53,
"total": 111,
"warning": 37,
"critical": 21,
"alert": 0
},
"id": "[email protected]",
"name": "[email protected]"
}
]
Incident Aggregates for Users
[/incidents/aggregates/users]
List incident aggregates users [GET]
Response 200 (application/json)
[
{
"agg": {
"info": 134,
"total": 2049,
"warning": 1913,
"critical": 2,
"alert": 0
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 929,
"total": 1414,
"warning": 5,
"critical": 11,
"alert": 469
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 70,
"total": 423,
"warning": 39,
"critical": 279,
"alert": 35
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 55,
"total": 110,
"warning": 35,
"critical": 20,
"alert": 0
},
"id": "[email protected]",
"name": "[email protected]"
},
{
"agg": {
"info": 53,
"total": 111,
"warning": 37,
"critical": 21,
"alert": 0
},
"id": "[email protected]",
"name": "[email protected]"
}
]
Incident Aggregates for Status
[/incidents/aggregates/status]
List incident aggregates status [GET]
Response 200 (application/json)
[
{
"agg": {
"info": 1433,
"total": 1433,
"warning": 0,
"critical": 0,
"alert": 0
},
"id": "IN PROGRESS",
"name": "IN PROGRESS"
},
{
"agg": {
"info": 1154,
"total": 3295,
"warning": 822,
"critical": 776,
"alert": 543
},
"id": "NEW",
"name": "NEW"
}
]
Updated about 4 years ago