GET /accounts/{account_id}/cloudforce-one/events/aggregate

Aggregate threat events by one or more columns (e.g., attacker, targetIndustry) with optional date filtering and daily grouping. Supports multi-dimensional aggregation for cross-analysis.

Servers

Path parameters

Name Type Required Description
account_id String Yes

Account ID.

Query parameters

Name Type Required Description
datasetId No

Dataset ID(s) to filter by. Can be a single dataset ID or array of dataset IDs. If not provided, uses default dataset

endDate String No

End date for filtering (ISO 8601 format, e.g., '2024-12-31')

aggregateBy String Yes

Column(s) to aggregate by - single column or comma-separated list (e.g., 'attacker', 'targetIndustry', 'attacker,targetIndustry')

limit Number No

Maximum number of results to return

Default value: 100

groupByDate Boolean No

Whether to group results by date (daily aggregation)

startDate String No

Start date for filtering (ISO 8601 format, e.g., '2024-01-01')

How to start integrating

  1. Add HTTP Task to your workflow definition.
  2. Search for the API you want to integrate with and click on the name.
    • This loads the API reference documentation and prepares the Http request settings.
  3. Click Test request to test run your request to the API and see the API's response.