DNSFilter icon

DNSFilter

**Note:** If you are a distributor integrating with DNSFilter, please check out our [Distributors Development Guide](/docs/distributors).### Authentication- Authentication is required for most, but not all, endpoints.- Authentication is done by setting the `Authorization` request header. The header value is the API key itself. For example: `Authorization: eyJ...`- An API key can be obtained through the DNSFilter dashboard under Account Settings. For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/21169189058323-API-Tokens).### Rate Limiting- All endpoints are rate limited.- The limits may vary by endpoint, but are generally consistent.- When the rate limit is exceeded the API will return the standard `429` HTTP status.- The following headers will also be provided in the response: `Retry-After`, `RateLimit-Policy`, `RateLimit`, `RateLimit-Limit`, `RateLimit-Remaining`, `RateLimit-Reset`. For details on the values of these headers, see the following articles [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After), [here](https://www.ietf.org/archive/id/draft-ietf-httpapi-ratelimit-headers-08.html), and [here](https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-05.html).- For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/38202811088403-API-Rate-Limits).### Error Handling- The API uses standard HTTP status codes to indicate success or failure.- For _V1_ endpoints the response format is: ```json { "error": "string", "type": "string(optional)" } ```- For _V2_ endpoints the response format is: ```json { "error": { "message": "string", "type": "string(optional)" } } ```### PaginationFor the _V1_ endpoints, the pagination parameters are nested. That is to say,if passed as JSON they look like this: `{"page[number]": 1, "page[size]": 10}`.To pass this information in the URL query string, it would be formatted likethis: `...?page%5Bnumber%5D=1&page%5Bsize%5D=10`.In this guide, the UI will indicate that `page` is an `object` and if youwant to set values when trying the request, you must enter it as if it wasthe JSON above.### A Quick ExampleThe following will return information about the currentlyauthenticated user.```bash% curl -H 'Authorization: ***' https://api.dnsfilter.com/v1/users/self{ "data": { "id": "12345", "type": "users", "attributes": { "name": "John Doe", "email": "john@example.com", ...additional fields...}}}```
Join our community

Actions328

Overview

This node interacts with the DNSFilter API to retrieve traffic report data specifically about the total number of threats detected for organizations over a specified period. It supports detailed filtering and grouping options, allowing users to customize the report based on agent IDs, agent types, application IDs, bucket size, collection IDs, date ranges, MAC addresses, network IDs, organization IDs, private IP ranges, and more. The node is useful for security analysts and network administrators who want to monitor and analyze threat activity across different organizations within their network environment.

Use Case Examples

  1. A security analyst wants to generate a report showing the total number of threats detected for each organization in the last 7 days, grouped by organization ID.
  2. A network administrator needs to filter threat reports by specific agent types and application IDs to identify potential vulnerabilities in their network.
  3. An IT manager wants to receive a detailed threat report including individual organizations and specific time buckets to track threat trends over time.

Properties

Name Meaning
Return All Whether to return all results or only a single page. When disabled, no pagination parameters are sent and only one page of results is returned.
Additional Fields Optional filters and parameters to customize the threat report, including agent IDs, agent types, application IDs, bucket size, collection IDs, date range, MAC addresses, network IDs, organization IDs, private IP range, grouping options, source, report type, and user IDs.

Output

JSON

  • json - The JSON response from the DNSFilter API containing the total threats data for organizations.

Dependencies

  • An API key credential for DNSFilter API authentication.

Troubleshooting

  • Ensure the API key credential is correctly configured and has the necessary permissions to access traffic reports.
  • Verify that the date and time formats for 'from' and 'to' parameters are correct and in ISO8601 format.
  • Check for rate limiting errors (HTTP 429) and implement retry logic or adjust request frequency accordingly.
  • If the node returns an error, check the debug output (if enabled) for the actual request URL, headers, and body to diagnose issues.

Links

Discussion