Get alert histogram

POST {{cb_url}}/api/alerts/v7/orgs/{{cb_org_key}}/alerts/_histogram

Get statistics about the Alerts. This is designed for use by the widget in the Carbon Black Cloud console.

RBAC Permissions Required

Permission (.notation name)Operation(s)
org.alertsREAD

See Documentation

Request Schema

{
  "bucket_size": "<string>",
  "query": "<string>",
  "time_range": {
    "start": "<dateTime>",
    "end": "<dateTime>",
    "range": "<string>"
  },
  "criteria": {
    "org_key": [
      "<string>"
    ],
    "id": [
      "<string>"
    ],
    "type": [
      "<string>"
    ],
    "backend_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "user_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "backend_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "detection_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "first_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "last_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "category": [
      "<string>"
    ],
    "minimum_severity": "<integer>",
    "reason_code": [
      "<string>"
    ],
    "threat_id": [
      "<string>"
    ],
    "primary_event_id": [
      "<string>"
    ],
    "policy_applied": [
      "<string>"
    ],
    "run_state": [
      "<string>"
    ],
    "sensor_action": [
      "<string>"
    ],
    "workflow_status": [
      "<string>"
    ],
    "workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "workflow_changed_by_type": [
      "<string>"
    ],
    "workflow_changed_by_autoclose_rule_id": [
      "<string>"
    ],
    "workflow_closure_reason": [
      "<string>"
    ],
    "determination_value": [
      "<string>"
    ],
    "determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "determination_changed_by_type": [
      "<string>"
    ],
    "tags": [
      "<string>"
    ],
    "alert_notes_present": <boolean>,
    "threat_notes_present": <boolean>,
    "device_id": [
      <long>
    ],
    "device_name": [
      "<string>"
    ],
    "device_uem_id": [
      "<string>"
    ],
    "device_policy": [
      "<string>"
    ],
    "device_policy_id": [
      <long>
    ],
    "device_target_value": [
      "<string>"
    ],
    "device_os": [
      "<string>"
    ],
    "device_os_version": [
      "<string>"
    ],
    "device_username": [
      "<string>"
    ],
    "device_location": [
      "<string>"
    ],
    "device_external_ip": [
      "<string>"
    ],
    "device_internal_ip": [
      "<string>"
    ],
    "rule_config_type": [
      "<string>"
    ],
    "rule_config_name": [
      "<string>"
    ],
    "rule_config_id": [
      "<string>"
    ],
    "rule_category_id": [
      "<string>"
    ],
    "rule_id": [
      "<string>"
    ],
    "process_guid": [
      "<string>"
    ],
    "process_pid": [
      "<integer>"
    ],
    "process_name": [
      "<string>"
    ],
    "process_sha256": [
      "<string>"
    ],
    "process_md5": [
      "<string>"
    ],
    "process_effective_reputation": [
      "<string>"
    ],
    "process_reputation": [
      "<string>"
    ],
    "process_cmdline": [
      "<string>"
    ],
    "process_username": [
      "<string>"
    ],
    "process_signatures_certificate_authority": [
      "<string>"
    ],
    "process_signatures_publisher": [
      "<string>"
    ],
    "parent_guid": [
      "<string>"
    ],
    "parent_pid": [
      <integer>
    ],
    "parent_name": [
      "<string>"
    ],
    "parent_sha256": [
      "<string>"
    ],
    "parent_md5": [
      "<string>"
    ],
    "parent_effective_reputation": [
      "<string>"
    ],
    "parent_reputation": [
      "<string>"
    ],
    "parent_cmdline": [
      "<string>"
    ],
    "parent_username": [
      "<string>"
    ],
    "childproc_guid": [
      "<string>"
    ],
    "childproc_name": [
      "<string>"
    ],
    "childproc_sha256": [
      "<string>"
    ],
    "childproc_md5": [
      "<string>"
    ],
    "childproc_effective_reputation": [
      "<string>"
    ],
    "childproc_username": [
      "<string>"
    ],
    "childproc_cmdline": [
      "<string>"
    ],
    "netconn_remote_port": [
      <integer>
    ],
    "netconn_local_port": [
      <integer>
    ],
    "netconn_protocol": [
      "<string>"
    ],
    "netconn_remote_domain": [
      "<string>"
    ],
    "netconn_remote_ip": [
      "<string>"
    ],
    "netconn_local_ip": [
      "<string>"
    ],
    "netconn_remote_ipv4": [
      "<string>"
    ],
    "netconn_local_ipv4": [
      "<string>"
    ],
    "netconn_remote_ipv6": [
      "<string>"
    ],
    "netconn_local_ipv6": [
      "<string>"
    ],
    "threat_category": [
      "<string>"
    ],
    "ttps": [
      "<string>"
    ],
    "attack_tactic": [
      "<string>"
    ],
    "attack_technique": [
      "<string>"
    ],
    "report_id": [
      "<string>"
    ],
    "report_name": [
      "<string>"
    ],
    "report_link": [
      "<string>"
    ],
    "watchlists_id": [
      "<string>"
    ],
    "watchlists_name": [
      "<string>"
    ],
    "k8s_policy_id": [
      "<string>"
    ],
    "k8s_policy": [
      "<string>"
    ],
    "k8s_rule_id": [
      "<string>"
    ],
    "k8s_rule": [
      "<string>"
    ],
    "cluster_name": [
      "<string>"
    ],
    "namespace": [
      "<string>"
    ],
    "workload_kind": [
      "<string>"
    ],
    "workload_name": [
      "<string>"
    ],
    "replica_id": [
      "<string>"
    ],
    "connection_type": [
      "<string>"
    ],
    "egress_group_id": [
      "<string>"
    ],
    "egress_group_name": [
      "<string>"
    ],
    "ip_reputation": [
      <integer>
    ],
    "remote_is_private": <boolean>,
    "remote_namespace": [
      "<string>"
    ],
    "remote_replica_id": [
      "<string>"
    ],
    "remote_workload_kind": [
      "<string>"
    ],
    "remote_workload_name": [
      "<string>"
    ],
    "tms_rule_id": [
      "<string>"
    ],
    "threat_name": [
      "<string>"
    ],
    "vendor_name": [
      "<string>"
    ],
    "vendor_id": [
      "<string>"
    ],
    "product_name": [
      "<string>"
    ],
    "product_id": [
      "<string>"
    ],
    "external_device_friendly_name": [
      "<string>"
    ],
    "serial_number": [
      "<string>"
    ],
    "blocked_name": [
      "<string>"
    ],
    "blocked_sha256": [
      "<string>"
    ],
    "blocked_md5": [
      "<string>"
    ],
    "blocked_effective_reputation": [
      "<string>"
    ],
    "ml_classification_final_verdict": [
      "<string>"
    ],
    "ml_classification_global_prevalence": [
      "<string>"
    ],
    "ml_classification_org_prevalence": [
      "<string>"
    ],
    "mdr_alert": <boolean>,
    "mdr_workflow_status": [
      "<string>"
    ],
    "mdr_workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_workflow_is_assigned": <boolean>,
    "mdr_determination_value": [
      "<string>"
    ],
    "mdr_determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_alert_notes_present": <boolean>,
    "mdr_threat_notes_present": <boolean>
  },
  "exclusions": {
    "org_key": [
      "<string>"
    ],
    "id": [
      "<string>"
    ],
    "type": [
      "<string>"
    ],
    "backend_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "user_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "backend_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "detection_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "first_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "last_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "category": [
      "<string>"
    ],
    "minimum_severity": <integer>,
    "reason_code": [
      "<string>"
    ],
    "threat_id": [
      "<string>"
    ],
    "primary_event_id": [
      "<string>"
    ],
    "policy_applied": [
      "<string>"
    ],
    "run_state": [
      "<string>"
    ],
    "sensor_action": [
      "<string>"
    ],
    "workflow_status": [
      "<string>"
    ],
    "workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "workflow_changed_by_type": [
      "<string>"
    ],
    "workflow_changed_by_autoclose_rule_id": [
      "<string>"
    ],
    "workflow_closure_reason": [
      "<string>"
    ],
    "determination_value": [
      "<string>"
    ],
    "determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "determination_changed_by_type": [
      "<string>"
    ],
    "tags": [
      "<string>"
    ],
    "alert_notes_present": <boolean>,
    "threat_notes_present": <boolean>,
    "device_id": [
      <long>
    ],
    "device_name": [
      "<string>"
    ],
    "device_uem_id": [
      "<string>"
    ],
    "device_policy": [
      "<string>"
    ],
    "device_policy_id": [
      "<long>"
    ],
    "device_target_value": [
      "<string>"
    ],
    "device_os": [
      "<string>"
    ],
    "device_os_version": [
      "<string>"
    ],
    "device_username": [
      "<string>"
    ],
    "device_location": [
      "<string>"
    ],
    "device_external_ip": [
      "<string>"
    ],
    "device_internal_ip": [
      "<string>"
    ],
    "rule_config_type": [
      "<string>"
    ],
    "rule_config_name": [
      "<string>"
    ],
    "rule_config_id": [
      "<string>"
    ],
    "rule_category_id": [
      "<string>"
    ],
    "rule_id": [
      "<string>"
    ],
    "process_guid": [
      "<string>"
    ],
    "process_pid": [
      "<integer>"
    ],
    "process_name": [
      "<string>"
    ],
    "process_sha256": [
      "<string>"
    ],
    "process_md5": [
      "<string>"
    ],
    "process_effective_reputation": [
      "<string>"
    ],
    "process_reputation": [
      "<string>"
    ],
    "process_cmdline": [
      "<string>"
    ],
    "process_username": [
      "<string>"
    ],
    "process_signatures_certificate_authority": [
      "<string>"
    ],
    "process_signatures_publisher": [
      "<string>"
    ],
    "parent_guid": [
      "<string>"
    ],
    "parent_pid": [
      "<integer>",
      "<integer>"
    ],
    "parent_name": [
      "<string>"
    ],
    "parent_sha256": [
      "<string>"
    ],
    "parent_md5": [
      "<string>"
    ],
    "parent_effective_reputation": [
      "<string>"
    ],
    "parent_reputation": [
      "<string>"
    ],
    "parent_cmdline": [
      "<string>"
    ],
    "parent_username": [
      "<string>"
    ],
    "childproc_guid": [
      "<string>"
    ],
    "childproc_name": [
      "<string>"
    ],
    "childproc_sha256": [
      "<string>"
    ],
    "childproc_md5": [
      "<string>"
    ],
    "childproc_effective_reputation": [
      "<string>"
    ],
    "childproc_username": [
      "<string>"
    ],
    "childproc_cmdline": [
      "<string>"
    ],
    "netconn_remote_port": [
      <integer>
    ],
    "netconn_local_port": [
      <integer>
    ],
    "netconn_protocol": [
      "<string>"
    ],
    "netconn_remote_domain": [
      "<string>"
    ],
    "netconn_remote_ip": [
      "<string>"
    ],
    "netconn_local_ip": [
      "<string>"
    ],
    "netconn_remote_ipv4": [
      "<string>"
    ],
    "netconn_local_ipv4": [
      "<string>"
    ],
    "netconn_remote_ipv6": [
      "<string>"
    ],
    "netconn_local_ipv6": [
      "<string>"
    ],
    "threat_category": [
      "<string>"
    ],
    "ttps": [
      "<string>"
    ],
    "attack_tactic": [
      "<string>"
    ],
    "attack_technique": [
      "<string>"
    ],
    "report_id": [
      "<string>"
    ],
    "report_name": [
      "<string>"
    ],
    "report_link": [
      "<string>"
    ],
    "watchlists_id": [
      "<string>"
    ],
    "watchlists_name": [
      "<string>"
    ],
    "k8s_policy_id": [
      "<string>"
    ],
    "k8s_policy": [
      "<string>"
    ],
    "k8s_rule_id": [
      "<string>"
    ],
    "k8s_rule": [
      "<string>"
    ],
    "cluster_name": [
      "<string>"
    ],
    "namespace": [
      "<string>"
    ],
    "workload_kind": [
      "<string>"
    ],
    "workload_name": [
      "<string>"
    ],
    "replica_id": [
      "<string>"
    ],
    "connection_type": [
      "<string>"
    ],
    "egress_group_id": [
      "<string>"
    ],
    "egress_group_name": [
      "<string>"
    ],
    "ip_reputation": [
      "<integer>"
    ],
    "remote_is_private": <boolean>,
    "remote_namespace": [
      "<string>"
    ],
    "remote_replica_id": [
      "<string>"
    ],
    "remote_workload_kind": [
      "<string>"
    ],
    "remote_workload_name": [
      "<string>"
    ],
    "tms_rule_id": [
      "<string>"
    ],
    "threat_name": [
      "<string>"
    ],
    "vendor_name": [
      "<string>"
    ],
    "vendor_id": [
      "<string>"
    ],
    "product_name": [
      "<string>"
    ],
    "product_id": [
      "<string>"
    ],
    "external_device_friendly_name": [
      "<string>"
    ],
    "serial_number": [
      "<string>"
    ],
    "blocked_name": [
      "<string>"
    ],
    "blocked_sha256": [
      "<string>"
    ],
    "blocked_md5": [
      "<string>"
    ],
    "blocked_effective_reputation": [
      "<string>"
    ],
    "ml_classification_final_verdict": [
      "<string>"
    ],
    "ml_classification_global_prevalence": [
      "LOW",
      "HIGH"
    ],
    "ml_classification_org_prevalence": [
      "LOW",
      "LOW"
    ],
    "mdr_alert": "<boolean>",
    "mdr_workflow_status": [
      "TRIAGE_COMPLETE",
      "IN_PROGRESS"
    ],
    "mdr_workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_workflow_is_assigned": "<boolean>",
    "mdr_determination_value": [
      "<string>"
    ],
    "mdr_determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_alert_notes_present":     "mdr_threat_notes_present": <boolean>
  },
  "field": "<string>",
  "min_count": 0
}

Request Body

{"bucket_size"=>"+5DAY", "field"=>"LAST_EVENT_TIMESTAMP", "min_count"=>0}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: OK

{&quot;start&quot;:&quot;2023-04-03T00:00:00.000Z&quot;,&quot;end&quot;:&quot;2023-04-18T00:00:00.000Z&quot;,&quot;results&quot;:[{&quot;step_start&quot;:&quot;2023-04-03T00:00:00.000Z&quot;,&quot;total&quot;:470},{&quot;step_start&quot;:&quot;2023-04-08T00:00:00.000Z&quot;,&quot;total&quot;:671},{&quot;step_start&quot;:&quot;2023-04-13T00:00:00.000Z&quot;,&quot;total&quot;:612},{&quot;step_start&quot;:&quot;2023-04-18T00:00:00.000Z&quot;,&quot;total&quot;:10}]}