Overwatch Dashboard

The Overwatch Dashboard service collection provides operations for retrieving OverWatch detection and incident aggregate data. Get global counts for detections, incidents, and OverWatch events, and retrieve aggregate detection event information using custom queries.

Language	Last Update
Python	v1.6.1
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

deprecated

This service collection is now deprecated.

Table of Contents

Operation	Description
AggregatesDetectionsGlobalCounts aggregates_detections_global_counts	Get the total number of detections pushed across all customers.
AggregatesEventsCollections aggregates_events_collections	Get OverWatch detection event collection info by providing an aggregate query.
AggregatesEvents aggregates_events	Get aggregate OverWatch detection event info by providing an aggregate query.
AggregatesIncidentsGlobalCounts aggregates_incidents_global_counts	Get the total number of incidents pushed across all customers.
AggregatesOWEventsGlobalCounts aggregates_events_global_counts	Get the total number of OverWatch events across all customers.

---

AggregatesDetectionsGlobalCounts

Get the total number of detections pushed across all customers.

GET /overwatch-dashboards/aggregates/detections-global-counts/v1

Scope Overwatch Dashboard: READ Consumes · Produces application/json

PEP 8 aggregates_detections_global_counts

Parameters

Name	Type	Data type	Description
filter	query	string	FQL query expression that should be used to limit the results.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

Python

Examples coming soon.

PowerShell

Examples coming soon.

Go

Examples coming soon.

TypeScript

Examples coming soon.

Rust

Examples coming soon.

Ruby

Examples coming soon.

---

AggregatesEventsCollections

Get OverWatch detection event collection info by providing an aggregate query.

POST /overwatch-dashboards/aggregates/events-collections/GET/v1

Scope Overwatch Dashboard: READ Consumes · Produces application/json

PEP 8 aggregates_events_collections

Parameters

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
date_ranges	body	list of dictionaries	Applies to date_range aggregations. Example: [{“from”: “2016-05-28T09:00:31Z”, “to”: “2016-05-30T09:00:31Z”}, {“from”: “2016-06-01T09:00:31Z”, “to”: “2016-06-10T09:00:31Z”}]
exclude	body	string	Elements to exclude.
field	body	string	The field on which to compute the aggregation.
filter	body	string	FQL formatted string to use to filter the results.
from	body	integer	Starting position.
include	body	string	Elements to include.
interval	body	string	Time interval for date histogram aggregations. Valid values include: year, month, week, day, hour, minute.
max_doc_count	body	integer	Only return buckets if values are less than or equal to the value here.
min_doc_count	body	integer	Only return buckets if values are greater than or equal to the value here.
missing	body	string	Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value.
name	body	string	Name of the aggregate query, as chosen by the user. Used to identify the results returned to you.
q	body	string	Full text search across all metadata fields.
ranges	body	list of dictionaries	Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [{“From”: 0, “To”: 70}, {“From”: 70, “To”: 100}]
size	body	integer	The max number of term buckets to be returned.
sub_aggregates	body	list of dictionaries	A nested aggregation, such as: [{“name”: “max_first_behavior”, “type”: “max”, “field”: “first_behavior”}]. There is a maximum of 3 nested aggregations per request.
sort	body	string	FQL string to sort bucket results. _count - sort by document count; _term - sort by the string value alphabetically. Supports asc and desc using | format. Example: _count|desc
time_zone	body	string	Time zone for bucket results.
type	body	string	Type of aggregation. Valid values include: date_histogram (aggregates counts on a specified time interval, requires use of “interval” field), date_range (aggregates counts on custom defined date range buckets), terms (buckets alerts by the value of a specified field), range (buckets alerts by specified numeric ranges of a specified field), cardinality (returns the count of distinct values in a specified field), max (returns the maximum value of a specified field), min (returns the minimum value of a specified field), avg (returns the average value of the specified field), sum (returns the total sum of all values for the specified field), percentiles (returns the following percentiles for the specified field: 1, 5, 25, 50, 75, 95, 99).

Code Examples

Python

Examples coming soon.

PowerShell

Examples coming soon.

Go

Examples coming soon.

TypeScript

Examples coming soon.

Rust

Examples coming soon.

Ruby

Examples coming soon.

---

AggregatesEvents

Get aggregate OverWatch detection event info by providing an aggregate query.

POST /overwatch-dashboards/aggregates/events/GET/v1

Scope Overwatch Dashboard: READ Consumes · Produces application/json

PEP 8 aggregates_events

Parameters

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
date_ranges	body	list of dictionaries	Applies to date_range aggregations. Example: [{“from”: “2016-05-28T09:00:31Z”, “to”: “2016-05-30T09:00:31Z”}, {“from”: “2016-06-01T09:00:31Z”, “to”: “2016-06-10T09:00:31Z”}]
exclude	body	string	Elements to exclude.
field	body	string	The field on which to compute the aggregation.
filter	body	string	FQL formatted string to use to filter the results.
from	body	integer	Starting position.
include	body	string	Elements to include.
interval	body	string	Time interval for date histogram aggregations. Valid values include: year, month, week, day, hour, minute.
max_doc_count	body	integer	Only return buckets if values are less than or equal to the value here.
min_doc_count	body	integer	Only return buckets if values are greater than or equal to the value here.
missing	body	string	Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value.
name	body	string	Name of the aggregate query, as chosen by the user. Used to identify the results returned to you.
q	body	string	Full text search across all metadata fields.
ranges	body	list of dictionaries	Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [{“From”: 0, “To”: 70}, {“From”: 70, “To”: 100}]
size	body	integer	The max number of term buckets to be returned.
sub_aggregates	body	list of dictionaries	A nested aggregation, such as: [{“name”: “max_first_behavior”, “type”: “max”, “field”: “first_behavior”}]. There is a maximum of 3 nested aggregations per request.
sort	body	string	FQL string to sort bucket results. _count - sort by document count; _term - sort by the string value alphabetically. Supports asc and desc using | format. Example: _count|desc
time_zone	body	string	Time zone for bucket results.
type	body	string	Type of aggregation. Valid values include: date_histogram (aggregates counts on a specified time interval, requires use of “interval” field), date_range (aggregates counts on custom defined date range buckets), terms (buckets alerts by the value of a specified field), range (buckets alerts by specified numeric ranges of a specified field), cardinality (returns the count of distinct values in a specified field), max (returns the maximum value of a specified field), min (returns the minimum value of a specified field), avg (returns the average value of the specified field), sum (returns the total sum of all values for the specified field), percentiles (returns the following percentiles for the specified field: 1, 5, 25, 50, 75, 95, 99).

Code Examples

Python

Examples coming soon.

PowerShell

Examples coming soon.

Go

Examples coming soon.

TypeScript

Examples coming soon.

Rust

Examples coming soon.

Ruby

Examples coming soon.

---

AggregatesIncidentsGlobalCounts

Get the total number of incidents pushed across all customers.

GET /overwatch-dashboards/aggregates/incidents-global-counts/v1

Scope Overwatch Dashboard: READ Consumes · Produces application/json

PEP 8 aggregates_incidents_global_counts

Parameters

Name	Type	Data type	Description
filter	query	string	FQL query expression that should be used to limit the results.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

Python

Examples coming soon.

PowerShell

Examples coming soon.

Go

Examples coming soon.

TypeScript

Examples coming soon.

Rust

Examples coming soon.

Ruby

Examples coming soon.

---

AggregatesOWEventsGlobalCounts

Get the total number of OverWatch events across all customers.

GET /overwatch-dashboards/aggregates/ow-events-global-counts/v1

Scope Overwatch Dashboard: READ Consumes · Produces application/json

PEP 8 aggregates_events_global_counts

Parameters

Name	Type	Data type	Description
filter	query	string	FQL query expression that should be used to limit the results.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

Python

Examples coming soon.

PowerShell

Examples coming soon.

Go

Examples coming soon.

TypeScript

Examples coming soon.

Rust

Examples coming soon.

Ruby

Examples coming soon.