DNSFilter
**Note:** If you are a distributor integrating with DNSFilter, please check out our [Distributors Development Guide](/docs/distributors).### Authentication- Authentication is required for most, but not all, endpoints.- Authentication is done by setting the `Authorization` request header. The header value is the API key itself. For example: `Authorization: eyJ...`- An API key can be obtained through the DNSFilter dashboard under Account Settings. For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/21169189058323-API-Tokens).### Rate Limiting- All endpoints are rate limited.- The limits may vary by endpoint, but are generally consistent.- When the rate limit is exceeded the API will return the standard `429` HTTP status.- The following headers will also be provided in the response: `Retry-After`, `RateLimit-Policy`, `RateLimit`, `RateLimit-Limit`, `RateLimit-Remaining`, `RateLimit-Reset`. For details on the values of these headers, see the following articles [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After), [here](https://www.ietf.org/archive/id/draft-ietf-httpapi-ratelimit-headers-08.html), and [here](https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-05.html).- For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/38202811088403-API-Rate-Limits).### Error Handling- The API uses standard HTTP status codes to indicate success or failure.- For _V1_ endpoints the response format is: ```json { "error": "string", "type": "string(optional)" } ```- For _V2_ endpoints the response format is: ```json { "error": { "message": "string", "type": "string(optional)" } } ```### PaginationFor the _V1_ endpoints, the pagination parameters are nested. That is to say,if passed as JSON they look like this: `{"page[number]": 1, "page[size]": 10}`.To pass this information in the URL query string, it would be formatted likethis: `...?page%5Bnumber%5D=1&page%5Bsize%5D=10`.In this guide, the UI will indicate that `page` is an `object` and if youwant to set values when trying the request, you must enter it as if it wasthe JSON above.### A Quick ExampleThe following will return information about the currentlyauthenticated user.```bash% curl -H 'Authorization: ***' https://api.dnsfilter.com/v1/users/self{ "data": { "id": "12345", "type": "users", "attributes": { "name": "John Doe", "email": "john@example.com", ...additional fields...}}}```
Actions328
- AgentLocalUsers Actions
- ApiKeys Actions
- ApplicationCategories Actions
- Applications Actions
- Billings Actions
- BlockPages Actions
- Categories Actions
- CollectionUsers Actions
- User(Current) Actions
- Distributors Actions
- Health Check
- Update
- Show MSP
- Show Organization
- Reactivate suborg
- Users Search
- Show User
- Remove membership
- Get usage info
- Get user info by date
- Health Check
- MSP Search
- Show MSP
- Reactivate
- Show Organization
- Cancel suborganization
- Remove Sku
- Create user
- Reset password
- Get usage info by SKU
- Get
- Cancel suborganization
- Add Sku
- Add membership
- Create
- Update
- Reactivate
- Organizations Search
- Create suborganization
- Remove Sku
- Create user
- Update membership
- Reset password
- Reset password URL
- Get usage info by SKU
- Get
- Update
- Create
- Update
- Cancel
- Organizations Search
- Create suborganization
- Update suborganization
- Reactivate suborg
- Add Sku
- Show User
- Users Search
- Add membership
- Update membership
- Remove membership
- Reset password URL
- Get usage info
- Get user info by date
- DomainNotes Actions
- Domains Actions
- EnterpriseConnections Actions
- Invoices Actions
- IPAddresses Actions
- MACAddresses Actions
- Metrics Actions
- NetworkLANIPs Actions
- NetworkSubnets Actions
- Networks Actions
- OrganizationUsers Actions
- Organizations Actions
- PoliciesBulkActions Actions
- Policies Actions
- Get extant
- Get all
- Delete
- Get application
- Remove allow domain
- Add allow category
- Add block application
- Update permissive mode
- Create
- Show policy
- Update
- Update application
- Add block domain
- Remove block domain
- Add allow domain
- Add block category
- Remove block category
- Remove allow category
- Remove block application
- Get permissive mode
- PolicyIPs Actions
- ScheduledPolicies Actions
- ScheduledReportPreviews Actions
- ScheduledReports Actions
- TrafficReports Actions
- Total threats users
- Category reqs organizations
- Category reqs users
- Domain reqs organizations
- Domain reqs collections
- Collection reqs orgs
- Queries per second
- QPS users
- Top domains
- Top organizations
- Top users
- Organization stats
- Top Organizations Requests
- Deployments
- Application reqs org
- Total requests/time
- Total requests/organizations
- Total threats/time
- Total threats organizations
- Total threats clients
- Total threats collections
- Total category requests
- Category reqs clients
- Category reqs collections
- Total domain reqs
- Domain reqs users
- Total collection reqs
- Collection reqs clients
- Collection reqs users
- QPS organizations
- QPS clients
- QPS collections
- Top categories
- Top application categories
- Top networks
- Top collections
- Query Logs
- Domain stats
- Category stats
- Total Org Requests
- Total Domain Requests
- Total client stats
- Roaming clients
- Application requests
- Application reqs users
- Application reqs collections
- Application reqs clients
- Trials Actions
- UserAgentBulkDeletes Actions
- UserAgentBulkUpdates Actions
- UserAgentCleanups Actions
- UserAgentReleases Actions
- UserAgents Actions
- Users Actions
- UserUISettingsV2 Actions
- NetworksCSVExports Actions
- AgentLocalUserBulkDeletes Actions
- DictionaryLookups Actions
- PSAIntegrations Actions
- UserAgentCSVExports Actions
- CybersightCSVExports Actions
Overview
This node operation fetches the total number of threats detected for users over a specified period of time from the DNSFilter API. It is useful for security analysts and network administrators who want to monitor and analyze threat activity associated with users in their network. For example, it can be used to generate reports on user threat exposure or to trigger alerts based on threat counts.
Use Case Examples
- Retrieve total threats for all users in the last 24 hours.
- Get total threats for specific user IDs within a custom date range.
Properties
| Name | Meaning |
|---|---|
| Return All | Whether to return all results or only a single page. When disabled, no pagination parameters are sent and only one page of results is returned. |
| Additional Fields | Optional filters and parameters to refine the report, such as agent IDs, application IDs, bucket size, date range, MAC addresses, network IDs, organization IDs, private IP ranges, grouping options, traffic source, report type, and user IDs. |
Output
JSON
json- The JSON response from the DNSFilter API containing the total threats users report data.
Dependencies
- An API key credential for DNSFilter API authentication.
Troubleshooting
- Ensure the API key credential is correctly configured and has the necessary permissions to access traffic reports.
- Verify that the date and time formats for 'From' and 'To' fields are correct and in UTC format.
- If pagination is enabled, check the pagination settings to ensure all pages are fetched as expected.
- If the API rate limit is exceeded, the API will return a 429 status code; implement retry logic or adjust request frequency accordingly.
Links
- DNSFilter API Tokens - Information on obtaining and using API tokens for authentication.
- DNSFilter API Rate Limits - Details on rate limiting and how to handle it when using the DNSFilter API.