Get alert histogram
POST {{cb_url}}/api/alerts/v7/orgs/{{cb_org_key}}/alerts/_histogram
Get statistics about the Alerts. This is designed for use by the widget in the Carbon Black Cloud console.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| org.alerts | READ |
Request Schema
{
"bucket_size": "<string>",
"query": "<string>",
"time_range": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"criteria": {
"org_key": [
"<string>"
],
"id": [
"<string>"
],
"type": [
"<string>"
],
"backend_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"user_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"backend_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"detection_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"first_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"last_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"category": [
"<string>"
],
"minimum_severity": "<integer>",
"reason_code": [
"<string>"
],
"threat_id": [
"<string>"
],
"primary_event_id": [
"<string>"
],
"policy_applied": [
"<string>"
],
"run_state": [
"<string>"
],
"sensor_action": [
"<string>"
],
"workflow_status": [
"<string>"
],
"workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"workflow_changed_by_type": [
"<string>"
],
"workflow_changed_by_autoclose_rule_id": [
"<string>"
],
"workflow_closure_reason": [
"<string>"
],
"determination_value": [
"<string>"
],
"determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"determination_changed_by_type": [
"<string>"
],
"tags": [
"<string>"
],
"alert_notes_present": <boolean>,
"threat_notes_present": <boolean>,
"device_id": [
<long>
],
"device_name": [
"<string>"
],
"device_uem_id": [
"<string>"
],
"device_policy": [
"<string>"
],
"device_policy_id": [
<long>
],
"device_target_value": [
"<string>"
],
"device_os": [
"<string>"
],
"device_os_version": [
"<string>"
],
"device_username": [
"<string>"
],
"device_location": [
"<string>"
],
"device_external_ip": [
"<string>"
],
"device_internal_ip": [
"<string>"
],
"rule_config_type": [
"<string>"
],
"rule_config_name": [
"<string>"
],
"rule_config_id": [
"<string>"
],
"rule_category_id": [
"<string>"
],
"rule_id": [
"<string>"
],
"process_guid": [
"<string>"
],
"process_pid": [
"<integer>"
],
"process_name": [
"<string>"
],
"process_sha256": [
"<string>"
],
"process_md5": [
"<string>"
],
"process_effective_reputation": [
"<string>"
],
"process_reputation": [
"<string>"
],
"process_cmdline": [
"<string>"
],
"process_username": [
"<string>"
],
"process_signatures_certificate_authority": [
"<string>"
],
"process_signatures_publisher": [
"<string>"
],
"parent_guid": [
"<string>"
],
"parent_pid": [
<integer>
],
"parent_name": [
"<string>"
],
"parent_sha256": [
"<string>"
],
"parent_md5": [
"<string>"
],
"parent_effective_reputation": [
"<string>"
],
"parent_reputation": [
"<string>"
],
"parent_cmdline": [
"<string>"
],
"parent_username": [
"<string>"
],
"childproc_guid": [
"<string>"
],
"childproc_name": [
"<string>"
],
"childproc_sha256": [
"<string>"
],
"childproc_md5": [
"<string>"
],
"childproc_effective_reputation": [
"<string>"
],
"childproc_username": [
"<string>"
],
"childproc_cmdline": [
"<string>"
],
"netconn_remote_port": [
<integer>
],
"netconn_local_port": [
<integer>
],
"netconn_protocol": [
"<string>"
],
"netconn_remote_domain": [
"<string>"
],
"netconn_remote_ip": [
"<string>"
],
"netconn_local_ip": [
"<string>"
],
"netconn_remote_ipv4": [
"<string>"
],
"netconn_local_ipv4": [
"<string>"
],
"netconn_remote_ipv6": [
"<string>"
],
"netconn_local_ipv6": [
"<string>"
],
"threat_category": [
"<string>"
],
"ttps": [
"<string>"
],
"attack_tactic": [
"<string>"
],
"attack_technique": [
"<string>"
],
"report_id": [
"<string>"
],
"report_name": [
"<string>"
],
"report_link": [
"<string>"
],
"watchlists_id": [
"<string>"
],
"watchlists_name": [
"<string>"
],
"k8s_policy_id": [
"<string>"
],
"k8s_policy": [
"<string>"
],
"k8s_rule_id": [
"<string>"
],
"k8s_rule": [
"<string>"
],
"cluster_name": [
"<string>"
],
"namespace": [
"<string>"
],
"workload_kind": [
"<string>"
],
"workload_name": [
"<string>"
],
"replica_id": [
"<string>"
],
"connection_type": [
"<string>"
],
"egress_group_id": [
"<string>"
],
"egress_group_name": [
"<string>"
],
"ip_reputation": [
<integer>
],
"remote_is_private": <boolean>,
"remote_namespace": [
"<string>"
],
"remote_replica_id": [
"<string>"
],
"remote_workload_kind": [
"<string>"
],
"remote_workload_name": [
"<string>"
],
"tms_rule_id": [
"<string>"
],
"threat_name": [
"<string>"
],
"vendor_name": [
"<string>"
],
"vendor_id": [
"<string>"
],
"product_name": [
"<string>"
],
"product_id": [
"<string>"
],
"external_device_friendly_name": [
"<string>"
],
"serial_number": [
"<string>"
],
"blocked_name": [
"<string>"
],
"blocked_sha256": [
"<string>"
],
"blocked_md5": [
"<string>"
],
"blocked_effective_reputation": [
"<string>"
],
"ml_classification_final_verdict": [
"<string>"
],
"ml_classification_global_prevalence": [
"<string>"
],
"ml_classification_org_prevalence": [
"<string>"
],
"mdr_alert": <boolean>,
"mdr_workflow_status": [
"<string>"
],
"mdr_workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"mdr_workflow_is_assigned": <boolean>,
"mdr_determination_value": [
"<string>"
],
"mdr_determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"mdr_alert_notes_present": <boolean>,
"mdr_threat_notes_present": <boolean>
},
"exclusions": {
"org_key": [
"<string>"
],
"id": [
"<string>"
],
"type": [
"<string>"
],
"backend_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"user_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"backend_update_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"detection_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"first_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"last_event_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"category": [
"<string>"
],
"minimum_severity": <integer>,
"reason_code": [
"<string>"
],
"threat_id": [
"<string>"
],
"primary_event_id": [
"<string>"
],
"policy_applied": [
"<string>"
],
"run_state": [
"<string>"
],
"sensor_action": [
"<string>"
],
"workflow_status": [
"<string>"
],
"workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"workflow_changed_by_type": [
"<string>"
],
"workflow_changed_by_autoclose_rule_id": [
"<string>"
],
"workflow_closure_reason": [
"<string>"
],
"determination_value": [
"<string>"
],
"determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"determination_changed_by_type": [
"<string>"
],
"tags": [
"<string>"
],
"alert_notes_present": <boolean>,
"threat_notes_present": <boolean>,
"device_id": [
<long>
],
"device_name": [
"<string>"
],
"device_uem_id": [
"<string>"
],
"device_policy": [
"<string>"
],
"device_policy_id": [
"<long>"
],
"device_target_value": [
"<string>"
],
"device_os": [
"<string>"
],
"device_os_version": [
"<string>"
],
"device_username": [
"<string>"
],
"device_location": [
"<string>"
],
"device_external_ip": [
"<string>"
],
"device_internal_ip": [
"<string>"
],
"rule_config_type": [
"<string>"
],
"rule_config_name": [
"<string>"
],
"rule_config_id": [
"<string>"
],
"rule_category_id": [
"<string>"
],
"rule_id": [
"<string>"
],
"process_guid": [
"<string>"
],
"process_pid": [
"<integer>"
],
"process_name": [
"<string>"
],
"process_sha256": [
"<string>"
],
"process_md5": [
"<string>"
],
"process_effective_reputation": [
"<string>"
],
"process_reputation": [
"<string>"
],
"process_cmdline": [
"<string>"
],
"process_username": [
"<string>"
],
"process_signatures_certificate_authority": [
"<string>"
],
"process_signatures_publisher": [
"<string>"
],
"parent_guid": [
"<string>"
],
"parent_pid": [
"<integer>",
"<integer>"
],
"parent_name": [
"<string>"
],
"parent_sha256": [
"<string>"
],
"parent_md5": [
"<string>"
],
"parent_effective_reputation": [
"<string>"
],
"parent_reputation": [
"<string>"
],
"parent_cmdline": [
"<string>"
],
"parent_username": [
"<string>"
],
"childproc_guid": [
"<string>"
],
"childproc_name": [
"<string>"
],
"childproc_sha256": [
"<string>"
],
"childproc_md5": [
"<string>"
],
"childproc_effective_reputation": [
"<string>"
],
"childproc_username": [
"<string>"
],
"childproc_cmdline": [
"<string>"
],
"netconn_remote_port": [
<integer>
],
"netconn_local_port": [
<integer>
],
"netconn_protocol": [
"<string>"
],
"netconn_remote_domain": [
"<string>"
],
"netconn_remote_ip": [
"<string>"
],
"netconn_local_ip": [
"<string>"
],
"netconn_remote_ipv4": [
"<string>"
],
"netconn_local_ipv4": [
"<string>"
],
"netconn_remote_ipv6": [
"<string>"
],
"netconn_local_ipv6": [
"<string>"
],
"threat_category": [
"<string>"
],
"ttps": [
"<string>"
],
"attack_tactic": [
"<string>"
],
"attack_technique": [
"<string>"
],
"report_id": [
"<string>"
],
"report_name": [
"<string>"
],
"report_link": [
"<string>"
],
"watchlists_id": [
"<string>"
],
"watchlists_name": [
"<string>"
],
"k8s_policy_id": [
"<string>"
],
"k8s_policy": [
"<string>"
],
"k8s_rule_id": [
"<string>"
],
"k8s_rule": [
"<string>"
],
"cluster_name": [
"<string>"
],
"namespace": [
"<string>"
],
"workload_kind": [
"<string>"
],
"workload_name": [
"<string>"
],
"replica_id": [
"<string>"
],
"connection_type": [
"<string>"
],
"egress_group_id": [
"<string>"
],
"egress_group_name": [
"<string>"
],
"ip_reputation": [
"<integer>"
],
"remote_is_private": <boolean>,
"remote_namespace": [
"<string>"
],
"remote_replica_id": [
"<string>"
],
"remote_workload_kind": [
"<string>"
],
"remote_workload_name": [
"<string>"
],
"tms_rule_id": [
"<string>"
],
"threat_name": [
"<string>"
],
"vendor_name": [
"<string>"
],
"vendor_id": [
"<string>"
],
"product_name": [
"<string>"
],
"product_id": [
"<string>"
],
"external_device_friendly_name": [
"<string>"
],
"serial_number": [
"<string>"
],
"blocked_name": [
"<string>"
],
"blocked_sha256": [
"<string>"
],
"blocked_md5": [
"<string>"
],
"blocked_effective_reputation": [
"<string>"
],
"ml_classification_final_verdict": [
"<string>"
],
"ml_classification_global_prevalence": [
"LOW",
"HIGH"
],
"ml_classification_org_prevalence": [
"LOW",
"LOW"
],
"mdr_alert": "<boolean>",
"mdr_workflow_status": [
"TRIAGE_COMPLETE",
"IN_PROGRESS"
],
"mdr_workflow_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"mdr_workflow_is_assigned": "<boolean>",
"mdr_determination_value": [
"<string>"
],
"mdr_determination_change_timestamp": {
"start": "<dateTime>",
"end": "<dateTime>",
"range": "<string>"
},
"mdr_alert_notes_present": "mdr_threat_notes_present": <boolean>
},
"field": "<string>",
"min_count": 0
}
Request Body
{"bucket_size"=>"+5DAY", "field"=>"LAST_EVENT_TIMESTAMP", "min_count"=>0}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"start":"2023-04-03T00:00:00.000Z","end":"2023-04-18T00:00:00.000Z","results":[{"step_start":"2023-04-03T00:00:00.000Z","total":470},{"step_start":"2023-04-08T00:00:00.000Z","total":671},{"step_start":"2023-04-13T00:00:00.000Z","total":612},{"step_start":"2023-04-18T00:00:00.000Z","total":10}]}