Filters object

The filters object parameter allows you to specify an array of parameters and values to include or exclude from your report. You must provide this object as the filters query parameter and not in the body of the request.
For example, you can target historical configuration details for a specific domain while excluding certain actions that are not relevant to the target report data.

MemberTypeDescription
inArrayAn array of strings containing filter parameters to include in the report.
ninArrayAn array of strings containing filter parameters to exclude from the report.
{
  "action": {
    "in": [ "1" ]
  },
  "isAlert": {
    "in": [ "true" ]
  },
  "site": {
    "in": [ "-1" ]
  },
  "list": {
    "in": [ "1" ]
  },
  "policy": {
    "in": [ "164" ]
  },
  "category": {
    "in": [ "1" ]
  },
  "domain": {
    "in": [ "njit.edu." ]
  }
}

Object members include:

MemberTypeDescription
actionStringFilter by action ID.
blockDescriptionStringBlock based on a description string.
categoryStringFilter by category ID.
clientRequestIdStringFilter by client request ID.
confidenceStringFilter by confidence level.
destinationIPStringFilter by destination IP address.
destinationPortStringFilter by destination port.
detectionTypeStringFilter data by detection type. One of inline, lookback, offline-dynamic, or offline.
deviceIdStringFilter by device ID.
deviceOwnerIdStringFilter by device owner ID.
dohAttributionStringFilter by user-defined DNS over HTTP attribute value.
dlpFileHashStringFilter by DLP file hash.
dlpDictionaryIdStringFilter data by DLP dictionary IDs.
fileTypeStringFilter by file type.
hasSinkholeCorrelationBooleanFilter based on if the resource has Security Connector-related records.
httpRequestMethodStringFilter data by HTTP request method. One of PUT, POST, PATCH, OPTIONS, HEAD, GET, DELETE, or CONNECT.
domainStringFilter by detection domain.
hostnameStringFilter by hostname.
internalIPStringFilter by internal IP address.
isAlertBooleanWhether the there is an alert.
listStringFilter by list ID.
machineNameStringFilter by machine name.
onRampStringFilter by whether the onramp is enabled, Yes or No.
policyStringFilter by policy ID.
severityIdIntegerFilter by severity ID: 0 - Unclassified, 1 - Critical, 2 - High, 3 - Medium, 4 - Low.
sinkholeIdStringFilter by sinkhole ID
sinkholeIPStringFilter by sinkhole IP address.
siteStringFilter by site ID. A site ID of -1 points to the roaming location.
sourcePortStringFilter by source port.
uuidStringJSON criteria object representing in and not-in clauses for UUID.

Each filter specifies a set of terms that are in or nin (not in) the report: