The filters object parameter allows you to specify an array of parameters and values to include or exclude from your report. You must provide this object as the filters query parameter and not in the body of the request.
For example, you can target historical configuration details for a specific domain while excluding certain actions that are not relevant to the target report data.
| Member | Type | Description |
|---|---|---|
in | Array | An array of strings containing filter parameters to include in the report. |
nin | Array | An array of strings containing filter parameters to exclude from the report. |
{
"action": {
"in": [ "1" ]
},
"isAlert": {
"in": [ "true" ]
},
"site": {
"in": [ "-1" ]
},
"list": {
"in": [ "1" ]
},
"policy": {
"in": [ "164" ]
},
"category": {
"in": [ "1" ]
},
"domain": {
"in": [ "njit.edu." ]
}
}
Object members include:
| Member | Type | Description |
|---|---|---|
action | String | Filter by action ID. |
blockDescription | String | Block based on a description string. |
category | String | Filter by category ID. |
clientRequestId | String | Filter by client request ID. |
confidence | String | Filter by confidence level. |
destinationIP | String | Filter by destination IP address. |
destinationPort | String | Filter by destination port. |
detectionType | String | Filter data by detection type. One of inline, lookback, offline-dynamic, or offline. |
deviceId | String | Filter by device ID. |
deviceOwnerId | String | Filter by device owner ID. |
dohAttribution | String | Filter by user-defined DNS over HTTP attribute value. |
dlpFileHash | String | Filter by DLP file hash. |
dlpDictionaryId | String | Filter data by DLP dictionary IDs. |
fileType | String | Filter by file type. |
hasSinkholeCorrelation | Boolean | Filter based on if the resource has Security Connector-related records. |
httpRequestMethod | String | Filter data by HTTP request method. One of PUT, POST, PATCH, OPTIONS, HEAD, GET, DELETE, or CONNECT. |
domain | String | Filter by detection domain. |
hostname | String | Filter by hostname. |
internalIP | String | Filter by internal IP address. |
isAlert | Boolean | Whether the there is an alert. |
list | String | Filter by list ID. |
machineName | String | Filter by machine name. |
onRamp | String | Filter by whether the onramp is enabled, Yes or No. |
policy | String | Filter by policy ID. |
severityId | Integer | Filter by severity ID: 0 - Unclassified, 1 - Critical, 2 - High, 3 - Medium, 4 - Low. |
sinkholeId | String | Filter by sinkhole ID |
sinkholeIP | String | Filter by sinkhole IP address. |
site | String | Filter by site ID. A site ID of -1 points to the roaming location. |
sourcePort | String | Filter by source port. |
uuid | String | JSON criteria object representing in and not-in clauses for UUID. |
Each filter specifies a set of terms that are in or nin (not in) the report: