GET /analytics/rules_offense_contributions

Retrieves Rule Offense contributions Retieves Rule and Offense references in the system.

Table 1. GET /analytics/rules_offense_contributions resource details
MIME Type

application/json

Table 2. GET /analytics/rules_offense_contributions request parameter details
Parameter Type Optionality Data Type MIME Type Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

sort

query

Optional

String

text/plain

Optional - This parameter is used to sort the elements in a list.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. GET /analytics/rules_offense_contributions response codes
HTTP Response Code Unique Code Description

200

The rule offense references were retrieved.

422

1010

null

422

1030

null

500

1020

null

Response Description

An array of RuleOffenceReference objects. A RuleOffenceReference object contains the following fields:
  • id - Long - The ID of the rule_offense_contribution. (Filterable. Sortable.)
  • rule_id - Long - The ID of the rule. (Filterable. Sortable)
  • rule_name - String - The name of the rule. (Filterable, Sortable)
  • rule_type - String - The type of rule: EVENT, FLOW, COMMON, USER, ANOMALY, BEHAVIORAL, or THRESHOLD. (Filterable. Sortable.)
  • offense_id - Long - The ID of the offense that was created by the rule. (Filterable. Sortable.)
  • event_count - Long - The number of events that the rule triggered on to participate in the offense. (Filterable. Sortable.)
  • first_event - Long - The number of milliseconds since epoch for the first event that contributed to the offense. (Filterable. Sortable.)
  • last_event - Long - The number of milliseconds since epoch for the last event from the specified rule that contributed to the offense. (Filterable. Sortable.)

Response Sample


[
    {
        "event_count": 42,
        "first_event": 42,
        "id": 42,
        "last_event": 42,
        "offense_id": 42,
        "rule_id": 42,
        "rule_name": "String",
        "rule_type": "String"
    }
]