# Data Security # Content Findings ## Top integrations by content findings `client.AnalyticsQuery.DataSecurity.ContentFindings.TopN(ctx, params) (*SinglePage[AnalyticsQueryDataSecurityContentFindingTopNResponse], error)` **post** `/accounts/{account_id}/analytics/query/data-security/content-findings/top-n` Returns the top N integrations ranked by total content findings. ### Parameters - `params AnalyticsQueryDataSecurityContentFindingTopNParams` - `AccountID param.Field[string]` Path param: Cloudflare account identifier. - `Filters param.Field[[]AnalyticsQueryDataSecurityContentFindingTopNParamsFilter]` Body param: Filters to apply. `findingType = content` is applied automatically for CASB data. - `Name string` Specifies the column name to filter on. Requires a valid column for the target dataset (e.g. `country`, `allowed`, `appId`). - `Op string` Filter operator. Common values: `eq`, `neq`, `in`, `not_in`, `gt`, `lt`, `gte`, `lte`. - `Values []AnalyticsQueryDataSecurityContentFindingTopNParamsFiltersValueUnion` Values to match against. Type depends on the column. - `UnionString` - `UnionBool` - `UnionFloat` - `From param.Field[Time]` Body param: Start of the query time range (inclusive). RFC3339. - `N param.Field[int64]` Body param: Maximum number of integrations to return. - `To param.Field[Time]` Body param: End of the query time range (exclusive). RFC3339. ### Returns - `type AnalyticsQueryDataSecurityContentFindingTopNResponse map[string, unknown]` Maps field names to values. Keys represent stat names and group-by column names. Values depend on the dataset (strings, numbers, booleans). ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.AnalyticsQuery.DataSecurity.ContentFindings.TopN(context.TODO(), cloudflare.AnalyticsQueryDataSecurityContentFindingTopNParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Filters: cloudflare.F([]cloudflare.AnalyticsQueryDataSecurityContentFindingTopNParamsFilter{}), From: cloudflare.F(time.Now()), N: cloudflare.F(int64(10)), To: cloudflare.F(time.Now()), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [], "messages": [ { "code": 1000, "message": "API in beta: expect breaking changes." } ], "result": [ { "integrationId": "123e4567-e89b-12d3-a456-426614174000", "integrationName": "Google Workspace", "total": 42 }, { "integrationId": "223e4567-e89b-12d3-a456-426614174001", "integrationName": "Microsoft 365", "total": 17 } ], "success": true } ``` # Findings ## Data security findings summary `client.AnalyticsQuery.DataSecurity.Findings.Summary(ctx, params) (*AnalyticsQueryDataSecurityFindingSummaryResponse, error)` **post** `/accounts/{account_id}/analytics/query/data-security/findings/summary` Returns aggregate current-period and previous-period totals for CASB findings. ### Parameters - `params AnalyticsQueryDataSecurityFindingSummaryParams` - `AccountID param.Field[string]` Path param: Cloudflare account identifier. - `Filters param.Field[[]AnalyticsQueryDataSecurityFindingSummaryParamsFilter]` Body param: Filters to apply. - `Name string` Specifies the column name to filter on. Requires a valid column for the target dataset (e.g. `country`, `allowed`, `appId`). - `Op string` Filter operator. Common values: `eq`, `neq`, `in`, `not_in`, `gt`, `lt`, `gte`, `lte`. - `Values []AnalyticsQueryDataSecurityFindingSummaryParamsFiltersValueUnion` Values to match against. Type depends on the column. - `UnionString` - `UnionBool` - `UnionFloat` - `From param.Field[Time]` Body param: Start of the query time range (inclusive). RFC3339. - `To param.Field[Time]` Body param: End of the query time range (exclusive). RFC3339. ### Returns - `type AnalyticsQueryDataSecurityFindingSummaryResponse struct{…}` - `CurrentTotal []map[string, unknown]` Aggregated stats for the requested time range. - `PreviousTotal []map[string, unknown]` Aggregated stats for the equivalent preceding time range, for trend comparison. ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.AnalyticsQuery.DataSecurity.Findings.Summary(context.TODO(), cloudflare.AnalyticsQueryDataSecurityFindingSummaryParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Filters: cloudflare.F([]cloudflare.AnalyticsQueryDataSecurityFindingSummaryParamsFilter{}), From: cloudflare.F(time.Now()), To: cloudflare.F(time.Now()), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.CurrentTotal) } ``` #### Response ```json { "errors": [], "messages": [ { "code": 1000, "message": "API in beta: expect breaking changes." } ], "result": { "currentTotal": [ { "findingProduct": "Cloud", "findingType": "Content", "findingsTotal": 48291 }, { "findingProduct": "SaaS", "findingType": "Posture", "findingsTotal": 1205 } ], "previousTotal": [ { "findingProduct": "Cloud", "findingType": "Content", "findingsTotal": 41033 }, { "findingProduct": "SaaS", "findingType": "Posture", "findingsTotal": 982 } ] }, "success": true } ``` ## Data security findings timeseries `client.AnalyticsQuery.DataSecurity.Findings.Timeseries(ctx, params) (*AnalyticsQueryDataSecurityFindingTimeseriesResponse, error)` **post** `/accounts/{account_id}/analytics/query/data-security/findings/timeseries` Returns merged time-bucketed CASB findings. ### Parameters - `params AnalyticsQueryDataSecurityFindingTimeseriesParams` - `AccountID param.Field[string]` Path param: Cloudflare account identifier. - `Filters param.Field[[]AnalyticsQueryDataSecurityFindingTimeseriesParamsFilter]` Body param: Filters to apply. - `Name string` Specifies the column name to filter on. Requires a valid column for the target dataset (e.g. `country`, `allowed`, `appId`). - `Op string` Filter operator. Common values: `eq`, `neq`, `in`, `not_in`, `gt`, `lt`, `gte`, `lte`. - `Values []AnalyticsQueryDataSecurityFindingTimeseriesParamsFiltersValueUnion` Values to match against. Type depends on the column. - `UnionString` - `UnionBool` - `UnionFloat` - `From param.Field[Time]` Body param: Start of the query time range (inclusive). RFC3339. - `To param.Field[Time]` Body param: End of the query time range (exclusive). RFC3339. ### Returns - `type AnalyticsQueryDataSecurityFindingTimeseriesResponse struct{…}` Merged CASB and CDE findings timeseries result. - `Slots []map[string, unknown]` Contains time-bucketed result rows. Each slot includes a `timestamp` plus `content` and `posture` maps with `cloud` and `saas` keys. - `Resolution string` Always null for this endpoint. ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.AnalyticsQuery.DataSecurity.Findings.Timeseries(context.TODO(), cloudflare.AnalyticsQueryDataSecurityFindingTimeseriesParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Filters: cloudflare.F([]cloudflare.AnalyticsQueryDataSecurityFindingTimeseriesParamsFilter{}), From: cloudflare.F(time.Now()), To: cloudflare.F(time.Now()), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.Slots) } ``` #### Response ```json { "errors": [], "messages": [ { "code": 1000, "message": "API in beta: expect breaking changes." } ], "result": { "slots": [ { "content": { "cloud": 150, "saas": 23 }, "posture": { "cloud": 0, "saas": 5 }, "timestamp": "2024-11-05T00:00:00Z" }, { "content": { "cloud": 180, "saas": 30 }, "posture": { "cloud": 0, "saas": 7 }, "timestamp": "2024-11-06T00:00:00Z" } ] }, "success": true } ```