listTopEventtypes.RdGets a list of eventtypes ordered by the number of requests made for each eventtype in descending order. The list of eventtypes is "domain_security", "domain_integration", "url_security", "url_integration", "cisco_amp" and "antivirus".
listTopEventtypes( from, to, domains = NULL, urls = NULL, categories = NULL, policycategories = NULL, ip = NULL, identityids = NULL, identitytypes = NULL, applicationid = NULL, verdict = NULL, securityoverridden = NULL, bundleid = NULL, threats = NULL, threattypes = NULL, ampdisposition = NULL, antivirusthreats = NULL, organizationId = Sys.getenv("umbrellaOrganizationId") )
| from | timestamp to filter from (or relative, e.g. -1days) |
|---|---|
| to | timestamp to filter to (or relative, e.g. now) |
| domains | domain filter, comma delimited |
| urls | url filter, comma delimited |
| categories | categories filter, comma delimited ints |
| policycategories | policy-triggering categories filter, comma delimited ints |
| ip | ip filter |
| identityids | identity filter, comma delimited |
| identitytypes | identity type filter, comma delimited. |
| applicationid | application id filter |
| verdict | verdict filter, comma delimited |
| securityoverridden | whether security was overridden for this request |
| bundleid | proxy bundle ID |
| threats | threat names filter, comma delimited |
| threattypes | threat types filter, comma delimited |
| ampdisposition | AMP disposition filter, comma delimited |
| antivirusthreats | threat names caught by antivirus, comma delimited |
| organizationId | the organization id |