Get Posture Statistics - SpecterOps

Get Posture Statistics

curl --request GET \
  --url https://your-tenant.bloodhoundenterprise.io/api/v2/posture-stats \
  --header 'Authorization: Bearer <token>'

{
  "count": 1,
  "skip": 1,
  "limit": 1,
  "start": "2023-11-07T05:31:56Z",
  "end": "2023-11-07T05:31:56Z",
  "data": [
    {
      "id": 123,
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z",
      "deleted_at": {
        "time": "2023-11-07T05:31:56Z",
        "valid": true
      },
      "domain_sid": "<string>",
      "exposure_index": 123,
      "tier_zero_count": 123,
      "critical_risk_count": 123
    }
  ]
}

GET

/

api

/

v2

/

posture-stats

Get Posture Statistics

curl --request GET \
  --url https://your-tenant.bloodhoundenterprise.io/api/v2/posture-stats \
  --header 'Authorization: Bearer <token>'

{
  "count": 1,
  "skip": 1,
  "limit": 1,
  "start": "2023-11-07T05:31:56Z",
  "end": "2023-11-07T05:31:56Z",
  "data": [
    {
      "id": 123,
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z",
      "deleted_at": {
        "time": "2023-11-07T05:31:56Z",
        "valid": true
      },
      "domain_sid": "<string>",
      "exposure_index": 123,
      "tier_zero_count": 123,
      "critical_risk_count": 123
    }
  ]
}

Authorizations

Authorization

string

header

required

Authorization: Bearer $JWT_TOKEN

Headers

Prefer

string

default:wait=30

Prefer header, used to specify a custom timeout in seconds using the wait parameter as per RFC7240. Passing in wait=-1 bypasses all timeout limits when the feature is enabled.

Pattern: ^wait=(-1|[0-9]+)$

Query Parameters

sort_by

string

Sortable columns are domain_sid, exposure_index, tier_zero_count, critical_risk_count, id, created_at, updated_at, deleted_at. Sort by column. Can be used multiple times; prepend a hyphen for descending order. See parameter description for details about which columns are sortable.

from

string<date-time>

Lower bound for created_at; to return posture stats starting at a specific date/time. This filter has been deprecated, please use created_at instead.

to

string<date-time>

Upper bound for created_at; to return posture stats upto a specific date/time. This filter has been deprecated, please use created_at instead.

domain_sid

string

Filter results by column string value. Valid filter predicates are eq, ~eq, neq.

Pattern: ^((eq|~eq|neq):)?[^:]+$

exposure_index

string

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern: ^((eq|neq|gt|gte|lt|lte):)?-?[0-9]+$

asset_group_tag_id

string

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern: ^((eq|neq|gt|gte|lt|lte):)?-?[0-9]+$

tier_zero_count

string

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern: ^((eq|neq|gt|gte|lt|lte):)?-?[0-9]+$

critical_risk_count

string

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern: ^((eq|neq|gt|gte|lt|lte):)?-?[0-9]+$

id

string

Filter results by column integer value. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern: ^((eq|neq|gt|gte|lt|lte):)?-?[0-9]+$

created_at

string

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern:

^((eq|neq|gt|gte|lt|lte):)?[0-9]{4}-[0-9]{2}-[0-9]{2}[Tt][0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]{1,9})?([Zz]|-[0-9]{2}:[0-9]{2})$

updated_at

string

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern:

^((eq|neq|gt|gte|lt|lte):)?[0-9]{4}-[0-9]{2}-[0-9]{2}[Tt][0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]{1,9})?([Zz]|-[0-9]{2}:[0-9]{2})$

deleted_at

string

Filter results by column timestamp value formatted as an RFC-3339 string. Valid filter predicates are eq, neq, gt, gte, lt, lte.

Pattern:

^((eq|neq|gt|gte|lt|lte):)?[0-9]{4}-[0-9]{2}-[0-9]{2}[Tt][0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]{1,9})?([Zz]|-[0-9]{2}:[0-9]{2})$

Response

OK

count

integer

The total number of results.

Required range: x >= 0

skip

integer

The number of items to skip in a paginated response.

Required range: x >= 0

limit

integer

The limit of results requested by the client.

Required range: x >= 0

start

string<date-time>

The RFC-3339 timestamp to describe the beginning of a time range

end

string<date-time>

The RFC-3339 timestamp to describe the end of a time range

data

object[]

Show child attributes

Update attack path risk Get Posture History

⌘I