DNSFilter
**Note:** If you are a distributor integrating with DNSFilter, please check out our [Distributors Development Guide](/docs/distributors).### Authentication- Authentication is required for most, but not all, endpoints.- Authentication is done by setting the `Authorization` request header. The header value is the API key itself. For example: `Authorization: eyJ...`- An API key can be obtained through the DNSFilter dashboard under Account Settings. For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/21169189058323-API-Tokens).### Rate Limiting- All endpoints are rate limited.- The limits may vary by endpoint, but are generally consistent.- When the rate limit is exceeded the API will return the standard `429` HTTP status.- The following headers will also be provided in the response: `Retry-After`, `RateLimit-Policy`, `RateLimit`, `RateLimit-Limit`, `RateLimit-Remaining`, `RateLimit-Reset`. For details on the values of these headers, see the following articles [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After), [here](https://www.ietf.org/archive/id/draft-ietf-httpapi-ratelimit-headers-08.html), and [here](https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-05.html).- For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/38202811088403-API-Rate-Limits).### Error Handling- The API uses standard HTTP status codes to indicate success or failure.- For _V1_ endpoints the response format is: ```json { "error": "string", "type": "string(optional)" } ```- For _V2_ endpoints the response format is: ```json { "error": { "message": "string", "type": "string(optional)" } } ```### PaginationFor the _V1_ endpoints, the pagination parameters are nested. That is to say,if passed as JSON they look like this: `{"page[number]": 1, "page[size]": 10}`.To pass this information in the URL query string, it would be formatted likethis: `...?page%5Bnumber%5D=1&page%5Bsize%5D=10`.In this guide, the UI will indicate that `page` is an `object` and if youwant to set values when trying the request, you must enter it as if it wasthe JSON above.### A Quick ExampleThe following will return information about the currentlyauthenticated user.```bash% curl -H 'Authorization: ***' https://api.dnsfilter.com/v1/users/self{ "data": { "id": "12345", "type": "users", "attributes": { "name": "John Doe", "email": "john@example.com", ...additional fields...}}}```
Actions328
- AgentLocalUsers Actions
- ApiKeys Actions
- ApplicationCategories Actions
- Applications Actions
- Billings Actions
- BlockPages Actions
- Categories Actions
- CollectionUsers Actions
- User(Current) Actions
- Distributors Actions
- Health Check
- Update
- Show MSP
- Show Organization
- Reactivate suborg
- Users Search
- Show User
- Remove membership
- Get usage info
- Get user info by date
- Health Check
- MSP Search
- Show MSP
- Reactivate
- Show Organization
- Cancel suborganization
- Remove Sku
- Create user
- Reset password
- Get usage info by SKU
- Get
- Cancel suborganization
- Add Sku
- Add membership
- Create
- Update
- Reactivate
- Organizations Search
- Create suborganization
- Remove Sku
- Create user
- Update membership
- Reset password
- Reset password URL
- Get usage info by SKU
- Get
- Update
- Create
- Update
- Cancel
- Organizations Search
- Create suborganization
- Update suborganization
- Reactivate suborg
- Add Sku
- Show User
- Users Search
- Add membership
- Update membership
- Remove membership
- Reset password URL
- Get usage info
- Get user info by date
- DomainNotes Actions
- Domains Actions
- EnterpriseConnections Actions
- Invoices Actions
- IPAddresses Actions
- MACAddresses Actions
- Metrics Actions
- NetworkLANIPs Actions
- NetworkSubnets Actions
- Networks Actions
- OrganizationUsers Actions
- Organizations Actions
- PoliciesBulkActions Actions
- Policies Actions
- Get extant
- Get all
- Delete
- Get application
- Remove allow domain
- Add allow category
- Add block application
- Update permissive mode
- Create
- Show policy
- Update
- Update application
- Add block domain
- Remove block domain
- Add allow domain
- Add block category
- Remove block category
- Remove allow category
- Remove block application
- Get permissive mode
- PolicyIPs Actions
- ScheduledPolicies Actions
- ScheduledReportPreviews Actions
- ScheduledReports Actions
- TrafficReports Actions
- Total threats users
- Category reqs organizations
- Category reqs users
- Domain reqs organizations
- Domain reqs collections
- Collection reqs orgs
- Queries per second
- QPS users
- Top domains
- Top organizations
- Top users
- Organization stats
- Top Organizations Requests
- Deployments
- Application reqs org
- Total requests/time
- Total requests/organizations
- Total threats/time
- Total threats organizations
- Total threats clients
- Total threats collections
- Total category requests
- Category reqs clients
- Category reqs collections
- Total domain reqs
- Domain reqs users
- Total collection reqs
- Collection reqs clients
- Collection reqs users
- QPS organizations
- QPS clients
- QPS collections
- Top categories
- Top application categories
- Top networks
- Top collections
- Query Logs
- Domain stats
- Category stats
- Total Org Requests
- Total Domain Requests
- Total client stats
- Roaming clients
- Application requests
- Application reqs users
- Application reqs collections
- Application reqs clients
- Trials Actions
- UserAgentBulkDeletes Actions
- UserAgentBulkUpdates Actions
- UserAgentCleanups Actions
- UserAgentReleases Actions
- UserAgents Actions
- Users Actions
- UserUISettingsV2 Actions
- NetworksCSVExports Actions
- AgentLocalUserBulkDeletes Actions
- DictionaryLookups Actions
- PSAIntegrations Actions
- UserAgentCSVExports Actions
- CybersightCSVExports Actions
Overview
This node interacts with the DNSFilter API to retrieve traffic report data specifically related to the total number of threats for collections over a period of time. It supports fetching detailed threat statistics grouped by collections, which is useful for security monitoring and analysis in network environments. Users can filter the report by various parameters such as agent IDs, application IDs, time range, network IDs, and more, allowing for customized and precise threat reporting.
Use Case Examples
- A security analyst wants to monitor the total number of threats detected in different collections within their network over the last week to identify high-risk areas.
- An IT administrator needs to generate a report on threats grouped by collections to assess the effectiveness of their security policies and make informed decisions.
Properties
| Name | Meaning |
|---|---|
| Return All | Whether to return all results or only a single page. When disabled, no pagination parameters are sent and only one page of results is returned. |
| Additional Fields | Optional filters and parameters to customize the threat collections report, including agent IDs, application IDs, bucket size, collection IDs, time range, MAC addresses, network IDs, organization IDs, private IP ranges, grouping options, traffic source, report type, and user IDs. |
Output
JSON
json- The JSON response from the DNSFilter API containing the total threats collections report data.
Dependencies
- An API key credential for DNSFilter to authenticate requests.
Troubleshooting
- Ensure the API key is valid and has the necessary permissions to access traffic reports.
- Check the date and time formats for the 'from' and 'to' fields to match the expected ISO8601 format.
- If pagination is enabled, verify pagination settings to avoid incomplete data retrieval.
- Review the API rate limits and handle 429 status codes by implementing retries or delays.
Links
- DNSFilter API Tokens - Information on obtaining and using API tokens for authentication.
- DNSFilter API Rate Limits - Details on rate limiting and how to handle it when using the DNSFilter API.