Filter object

The filter object parameter allows you to specify values of certain data types to include or exclude from your report. You must provide this object as the filter parameter and not in the body of the request. For example, you can target historical config details for a specific domain while excluding certain actions that are not relevant to the target report data.

Here is an expanded JSON for use as a URL-encoded GET parameter:

{
  "action": {
    "in": [ "1" ]
  },
  "isAlert": {
    "in": [ "true" ]
  },
  "site": {
    "in": [ "-1" ]
  },
  "list": {
    "in": [ "1" ]
  },
  "policy": {
    "in": [ "164" ]
  },
  "category": {
    "in": [ "1" ]
  },
  "domain": {
    "in": [ "njit.edu." ]
  }
}

Object members include:

Member	Type	Description
`action`	String	JSON criteria object representing in and not-in clauses for action.
`category`	String	JSON criteria object representing in and not-in clauses for category.
`confidence`	String	JSON criteria object representing in and not-in clauses for confidence.
`destinationIp`	String	JSON criteria object representing in and not-in clauses for destination IP.
`destinationPort`	String	JSON criteria object representing in and not-in clauses for destination port.
`domain`	String	JSON criteria object representing in and not-in clauses for detection domain.
`hostname`	String	JSON criteria object representing in and not-in clauses for hostname.
`internalIp`	String	JSON criteria object representing in and not-in clauses for internal IP.
`isAlert`	String	JSON criteria object representing in and not-in clauses for alerts.
`list`	String	JSON criteria object representing in and not-in clauses for list.
`machineName`	String	JSON criteria object representing in and not-in clauses for machine name.
`policy`	String	JSON criteria object representing in and not-in clauses for policy.
`sinkholeId`	String	JSON criteria object representing in and not-in clauses for sinkhole ID.
`sinkholeIp`	String	JSON criteria object representing in and not-in clauses for sinkhole IP.
`site`	String	JSON criteria object representing in and not-in clauses for site. A site ID of `-1` points to the roaming location.
`sourcePort`	String	JSON criteria object representing in and not-in clauses for source port.
`uuid`	String	JSON criteria object representing in and not-in clauses for UUID.

Each filter specifies a set of terms that are in or nin (not in) the report:

Member	Type	Description
`in`	Array	An array of strings containing unique identifiers for any filter parameter to include in the report.
`nin`	Array	An array of strings containing unique identifiers for any filter parameter to exclude in the report.