Threat Intelligence Indicator Metrics - List

Reference

Service:: Sentinel

API Version:: 2024-03-01

Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics?api-version=2024-03-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string	The ID of the target subscription.
workspaceName	path	True	string	The name of the workspace. Regex pattern: `^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$`
api-version	query	True	string	The API version to use for this operation.

Responses

Name	Type	Description
200 OK	ThreatIntelligenceMetricsList	OK
Other Status Codes	CloudError	Error response describing why the operation failed to get metrics.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Get threat intelligence indicators metrics.

Sample Request

HTTP

GET https://management.azure.com/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics?api-version=2024-03-01

Sample Response

Status code:: 200

{
  "value": [
    {
      "properties": {
        "lastUpdatedTimeUtc": "2020-09-01T19:44:44.117403Z",
        "threatTypeMetrics": [
          {
            "metricName": "compromised",
            "metricValue": 20
          }
        ],
        "patternTypeMetrics": [
          {
            "metricName": "url",
            "metricValue": 20
          }
        ],
        "sourceMetrics": [
          {
            "metricName": "Azure Sentinel",
            "metricValue": 10315
          },
          {
            "metricName": "zinga",
            "metricValue": 2
          }
        ]
      }
    }
  ]
}

Definitions

Name	Description
CloudError	Error response structure.
CloudErrorBody	Error details.
ThreatIntelligenceMetric	Describes threat intelligence metric
ThreatIntelligenceMetricEntity	Describes threat intelligence metric entity
ThreatIntelligenceMetrics	Threat intelligence metrics.
ThreatIntelligenceMetricsList	List of all the threat intelligence metric fields (type/threat type/source).

CloudError

Error response structure.

Name	Type	Description
error	CloudErrorBody	Error data

CloudErrorBody

Error details.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
message	string	A message describing the error, intended to be suitable for display in a user interface.

ThreatIntelligenceMetric

Describes threat intelligence metric

Name	Type	Description
lastUpdatedTimeUtc	string	Last updated indicator metric
patternTypeMetrics	ThreatIntelligenceMetricEntity[]	Pattern type metrics
sourceMetrics	ThreatIntelligenceMetricEntity[]	Source metrics
threatTypeMetrics	ThreatIntelligenceMetricEntity[]	Threat type metrics

ThreatIntelligenceMetricEntity

Describes threat intelligence metric entity

Name	Type	Description
metricName	string	Metric name
metricValue	integer	Metric value

ThreatIntelligenceMetrics

Threat intelligence metrics.

Name	Type	Description
properties	ThreatIntelligenceMetric	Threat intelligence metrics.

ThreatIntelligenceMetricsList

List of all the threat intelligence metric fields (type/threat type/source).

Name	Type	Description
value	ThreatIntelligenceMetrics[]	Array of threat intelligence metric fields (type/threat type/source).