I am trying to get the total risk count for each application defined as critical, severe and moderate. This is visible for each application within components tab on the right panel. Kindly let me know if someone has done this before, thanks in advance.
I haven’t seen the total counts being exposed in an API, but the individual policy violations including the threat level are available through the Policy Violations by Report REST API. If you count all the threatLevel results per group and application, you should end up with the same number the GUI calculates.
If you only have one policy per threat group, you could also use the Success Metrics Data REST API and just multiply the number of openCountAtTimePeriodEndxxx with the threat level of your corresponding policy.
1 Like
@pragatibhalla14 were you able to either of these APIs? From your short description I think the Success Metrics API will be more usable. Once you enable Success Metrics you’ll be able to use this API to get metrics per application. In the request if you don’t specify an application you will get data for all applications that the calling user has permissions to.
edit: orginally I said you needed a report for the Root Organization, this is not true. You only need to enable Success Metrics, then the data will be present in the API. As the docs note:
Larger data sets may take considerable time to load the first time you access Success Metrics Data. It is recommended to generate the aggregations first by creating and loading a Success Metrics report for the desired applications and organizations.