Incident Aggregates Endpoint

The incident aggregates endpoints return aggregations for incidents (by policies/users/status).

Incident Aggregates

(id:incident aggregates)

Field ID
Type
Description

agg

resource

The aggregates object

info

integer

Number of info severity incidents

total

integer

Overall number of incidents

warning

integer

Number of warning severity incidents

critical

integer

Number of critical severity incidents

alert

integer

Number of alert severity incidents

id

string

The id of the policy/status/user

name

string

The name of the policy/status/user

Incident Aggregates Filters

Filter
Usage
Example

created_after

Filter based on incidents created after a given date

vendor

Filter based on the platform (i.e. google, salesforce, etc)

order

Order based on the severity (at this time only descending severity is supported)

policies

Return aggregates by policies

Incident Aggregates for Policies

[/incidents/aggregates/policies]
List incident aggregates policies [GET]

Response 200 (application/json) 
 [
 {
  "agg": {
   "info": 34,
   "total": 1247,
   "warning": 0,
   "critical": 770,
   "alert": 443
  },
  "id": "G8qz0vb49V",
  "name": "Social Security Number"
 },
 {
  "agg": {
   "info": 1,
   "total": 1,
   "warning": 0,
   "critical": 0,
   "alert": 0
  },
  "id": "RObzYGd4AL",
  "name": "Report Export"
 },
 {
  "agg": {
   "info": 2549,
   "total": 2549,
   "warning": 0,
   "critical": 0,
   "alert": 0
  },
  "id": "GbO4Q6lxLp",
  "name": "Custom Regex"
 },
 {
  "agg": {
   "info": 0,
   "total": 11,
   "warning": 11,
   "critical": 0,
   "alert": 0
  },
  "id": "rNP3DKdzBy",
  "name": "Risky Access Scopes"
 },
 {
  "agg": {
   "info": 0,
   "total": 2,
   "warning": 0,
   "critical": 2,
   "alert": 0
  },
  "id": "oLZ48JWzev",
  "name": "policy for salesforce"
 }
]

incident aggregates for users 
[/incidents/aggregates/users]
List incident aggregates users [GET]

Response 200 (application/json) 
[
 {
  "agg": {
   "info": 134,
   "total": 2049,
   "warning": 1913,
   "critical": 2,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 929,
   "total": 1414,
   "warning": 5,
   "critical": 11,
   "alert": 469
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 70,
   "total": 423,
   "warning": 39,
   "critical": 279,
   "alert": 35
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 55,
   "total": 110,
   "warning": 35,
   "critical": 20,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 53,
   "total": 111,
   "warning": 37,
   "critical": 21,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 }
]

Incident Aggregates for Users

[/incidents/aggregates/users]
List incident aggregates users [GET]

Response 200 (application/json) 
[
 {
  "agg": {
   "info": 134,
   "total": 2049,
   "warning": 1913,
   "critical": 2,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 929,
   "total": 1414,
   "warning": 5,
   "critical": 11,
   "alert": 469
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 70,
   "total": 423,
   "warning": 39,
   "critical": 279,
   "alert": 35
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 55,
   "total": 110,
   "warning": 35,
   "critical": 20,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 },
 {
  "agg": {
   "info": 53,
   "total": 111,
   "warning": 37,
   "critical": 21,
   "alert": 0
  },
  "id": "[email protected]",
  "name": "[email protected]"
 }
]

Incident Aggregates for Status

[/incidents/aggregates/status]
List incident aggregates status [GET]

Response 200 (application/json) 
[
 {
  "agg": {
   "info": 1433,
   "total": 1433,
   "warning": 0,
   "critical": 0,
   "alert": 0
  },
  "id": "IN PROGRESS",
  "name": "IN PROGRESS"
 },
 {
  "agg": {
   "info": 1154,
   "total": 3295,
   "warning": 822,
   "critical": 776,
   "alert": 543
  },
  "id": "NEW",
  "name": "NEW"
 }
]

Updated 2 years ago

Incident Aggregates Endpoint


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.