umbrella-top-threats
Query top threats from Cisco Umbrella Reports.
Syntax
umbrella-top-threats [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
Options
- profile=PROFILE
- Optional. Cisco Umbrella connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Optional. Scan only recent data. Use s(second), m(minute), h(hour), d(day), mon(month) time unit.
- from=yyyyMMddHHmmss
- Optional. Start time of range. yyyyMMddHHmmss format.
- to=yyyyMMddHHmmss
- Optional. End time of range. yyyyMMddHHmmss format.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Profile | Cisco Umbrella connect profile code |
| signature | String | Signature | e.g. Wannacry |
| category | String | Category | e.g. Ransomware |
| count | Integer | Count | e.g. 361 |