HomeDocumentation and Guides
Home
Documentation and Guides

Incident Aggregates Endpoint

The incident aggregates endpoints return aggregations for incidents (by policies/users/status).

Incident Aggregates

(id:incident aggregates)

Field IDTypeDescription
aggresourceThe aggregates object
infointegerNumber of info severity incidents
totalintegerOverall number of incidents
warningintegerNumber of warning severity incidents
criticalintegerNumber of critical severity incidents
alertintegerNumber of alert severity incidents
idstringThe id of the policy/status/user
namestringThe name of the policy/status/user

Incident Aggregates Filters

FilterUsageExample
created_afterFilter based on incidents created after a given datehttps://callapi.cloudlock.com/pi/v2/incidents/aggregates/users?created_after=2018-01-18T16:55
vendorFilter based on the platform (i.e. google, salesforce, etc)https://callapi.cloudlock.com/incidents/aggregates/users?vendor=google
orderOrder based on the severity (at this time only descending severity is supported)https://callapi.cloudlock.com/incidents/aggregates/users?order=-severity
policiesReturn aggregates by policieshttps://callapi.cloudlock.com/incidents/aggregates/policies
usersReturn aggregates by usershttps://callapi.cloudlock.com/incidents/aggregates/users
statusReturn aggregates by statushttps://callapi.cloudlock.com/incidents/aggregates/status

Incident Aggregates for Policies

[/incidents/aggregates/policies]
List incident aggregates policies [GET]

Response 200 (application/json) 
 [
 {
  "agg": {
   "info": 34,
   "total": 1247,
   "warning": 0,
   "critical": 770,
   "alert": 443
  },
  "id": "G8qz0vb49V",
  "name": "Social Security Number"
 },
 {
  "agg": {
   "info": 1,
   "total": 1,
   "warning": 0,
   "critical": 0,
   "alert": 0
  },
  "id": "RObzYGd4AL",
  "name": "Report Export"
 },
 {
  "agg": {
   "info": 2549,
   "total": 2549,
   "warning": 0,
   "critical": 0,
   "alert": 0
  },
  "id": "GbO4Q6lxLp",
  "name": "Custom Regex"
 },
 {
  "agg": {
   "info": 0,
   "total": 11,
   "warning": 11,
   "critical": 0,
   "alert": 0
  },
  "id": "rNP3DKdzBy",
  "name": "Risky Access Scopes"
 },
 {
  "agg": {
   "info": 0,
   "total": 2,
   "warning": 0,
   "critical": 2,
   "alert": 0
  },
  "id": "oLZ48JWzev",
  "name": "policy for salesforce"
 }
]

incident aggregates for users 
[/incidents/aggregates/users]
List incident aggregates users [GET]

Response 200 (application/json) 
[
 {
  "agg": {
   "info": 134,
   "total": 2049,
   "warning": 1913,
   "critical": 2,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 929,
   "total": 1414,
   "warning": 5,
   "critical": 11,
   "alert": 469
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 70,
   "total": 423,
   "warning": 39,
   "critical": 279,
   "alert": 35
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 55,
   "total": 110,
   "warning": 35,
   "critical": 20,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 53,
   "total": 111,
   "warning": 37,
   "critical": 21,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 }
]

Incident Aggregates for Users

[/incidents/aggregates/users]
List incident aggregates users [GET]

Response 200 (application/json) 
[
 {
  "agg": {
   "info": 134,
   "total": 2049,
   "warning": 1913,
   "critical": 2,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 929,
   "total": 1414,
   "warning": 5,
   "critical": 11,
   "alert": 469
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 70,
   "total": 423,
   "warning": 39,
   "critical": 279,
   "alert": 35
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 55,
   "total": 110,
   "warning": 35,
   "critical": 20,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 53,
   "total": 111,
   "warning": 37,
   "critical": 21,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 }
]

Incident Aggregates for Status

[/incidents/aggregates/status]
List incident aggregates status [GET]

Response 200 (application/json) 
[
 {
  "agg": {
   "info": 1433,
   "total": 1433,
   "warning": 0,
   "critical": 0,
   "alert": 0
  },
  "id": "IN PROGRESS",
  "name": "IN PROGRESS"
 },
 {
  "agg": {
   "info": 1154,
   "total": 3295,
   "warning": 822,
   "critical": 776,
   "alert": 543
  },
  "id": "NEW",
  "name": "NEW"
 }
]