Filter object

The filter object parameter allows you to specify values of certain data types to include or exclude from your report. You must provide this object as the filter parameter and not in the body of the request. For example, you can target historical config details for a specific domain while excluding certain actions that are not relevant to the target report data.

Here is an expanded JSON for use as a URL-encoded GET parameter:

{
  "action": {
    "in": [ "1" ]
  },
  "isAlert": {
    "in": [ "true" ]
  },
  "site": {
    "in": [ "-1" ]
  },
  "list": {
    "in": [ "1" ]
  },
  "policy": {
    "in": [ "164" ]
  },
  "category": {
    "in": [ "1" ]
  },
  "domain": {
    "in": [ "njit.edu." ]
  }
}

Object members include:

MemberTypeDescription
actionStringJSON criteria object representing in and not-in clauses for action.
categoryStringJSON criteria object representing in and not-in clauses for category.
confidenceStringJSON criteria object representing in and not-in clauses for confidence.
destinationIpStringJSON criteria object representing in and not-in clauses for destination IP.
destinationPortStringJSON criteria object representing in and not-in clauses for destination port.
domainStringJSON criteria object representing in and not-in clauses for detection domain.
hostnameStringJSON criteria object representing in and not-in clauses for hostname.
internalIpStringJSON criteria object representing in and not-in clauses for internal IP.
isAlertStringJSON criteria object representing in and not-in clauses for alerts.
listStringJSON criteria object representing in and not-in clauses for list.
machineNameStringJSON criteria object representing in and not-in clauses for machine name.
policyStringJSON criteria object representing in and not-in clauses for policy.
sinkholeIdStringJSON criteria object representing in and not-in clauses for sinkhole ID.
sinkholeIpStringJSON criteria object representing in and not-in clauses for sinkhole IP.
siteStringJSON criteria object representing in and not-in clauses for site. A site ID of -1 points to the roaming location.
sourcePortStringJSON criteria object representing in and not-in clauses for source port.
uuidStringJSON criteria object representing in and not-in clauses for UUID.

Each filter specifies a set of terms that are in or nin (not in) the report:

MemberTypeDescription
inArrayAn array of strings containing unique identifiers for any filter parameter to include in the report.
ninArrayAn array of strings containing unique identifiers for any filter parameter to exclude in the report.