Get detections by severity

Request a list of Aurora Focus aggregated detection resources by severity for a tenant. This is useful for making histograms.

Service endpoint

/detections/v2/severity?start={detection_start_timestamp}&end{detection_end_timestamp}

&interval={detection_interval}

Optional query string parameters
  • start: This is the start date-time of the query range.
  • end: This is the end date-time of the query range.
  • interval: This is the timer interval used for grouping detection resources.
  • detection_type: This is the detection type filter.
  • detected_on: This is the detected on filter.
  • event_number: This is the event number filter.
  • device: This is the device name filter.
  • status: The values for this are new, in progress, follow up, reviewed, done, false positive.

Example

https://protectapi.cylance.com/detections/v2/severity?start=2019-09-13T00:00:00Z&end=2019-09-15T23:59:59Z&interval=1d

Method

HTTP/1.1 GET

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the opticsdetect:list scope encoded

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name Description

counts

This is the number of detections found, grouped by severity (informational, medium, and high).

detected_on

This is the time when the detection was received by Endpoint Defense's cloud services.

facet

This is the facet used for the search. This is severity.

filters

This is the list of filters used on the request.