Skip to content
Start here

Data security findings timeseries

client.AnalyticsQuery.DataSecurity.Findings.Timeseries(ctx, params) (*AnalyticsQueryDataSecurityFindingTimeseriesResponse, error)
POST/accounts/{account_id}/analytics/query/data-security/findings/timeseries

Returns merged time-bucketed CASB findings.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Zero Trust Read
ParametersExpand Collapse
params AnalyticsQueryDataSecurityFindingTimeseriesParams
AccountID param.Field[string]

Path param: Cloudflare account identifier.

maxLength32
Filters param.Field[[]AnalyticsQueryDataSecurityFindingTimeseriesParamsFilter]

Body param: Filters to apply.

Name string

Specifies the column name to filter on. Requires a valid column for the target dataset (e.g. country, allowed, appId).

Op string

Filter operator. Common values: eq, neq, in, not_in, gt, lt, gte, lte.

Values []AnalyticsQueryDataSecurityFindingTimeseriesParamsFiltersValueUnion

Values to match against. Type depends on the column.

One of the following:
UnionString
UnionBool
UnionFloat
From param.Field[Time]

Body param: Start of the query time range (inclusive). RFC3339.

formatdate-time
To param.Field[Time]

Body param: End of the query time range (exclusive). RFC3339.

formatdate-time
ReturnsExpand Collapse
type AnalyticsQueryDataSecurityFindingTimeseriesResponse struct{…}

Merged CASB and CDE findings timeseries result.

Slots []map[string, unknown]

Contains time-bucketed result rows. Each slot includes a timestamp plus content and posture maps with cloud and saas keys.

Resolution stringOptional

Always null for this endpoint.

Data security findings timeseries

package main

import (
  "context"
  "fmt"
  "time"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  response, err := client.AnalyticsQuery.DataSecurity.Findings.Timeseries(context.TODO(), cloudflare.AnalyticsQueryDataSecurityFindingTimeseriesParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    Filters: cloudflare.F([]cloudflare.AnalyticsQueryDataSecurityFindingTimeseriesParamsFilter{}),
    From: cloudflare.F(time.Now()),
    To: cloudflare.F(time.Now()),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", response.Slots)
}
{
  "errors": [],
  "messages": [
    {
      "code": 1000,
      "message": "API in beta: expect breaking changes."
    }
  ],
  "result": {
    "slots": [
      {
        "content": {
          "cloud": 150,
          "saas": 23
        },
        "posture": {
          "cloud": 0,
          "saas": 5
        },
        "timestamp": "2024-11-05T00:00:00Z"
      },
      {
        "content": {
          "cloud": 180,
          "saas": 30
        },
        "posture": {
          "cloud": 0,
          "saas": 7
        },
        "timestamp": "2024-11-06T00:00:00Z"
      }
    ]
  },
  "success": true
}
{
  "errors": [
    {
      "code": 11005,
      "message": "art.api.parameter.invalid"
    }
  ],
  "messages": [
    {
      "code": 1002,
      "message": "Parameter 'from' has invalid value '2024-11-05 00:00:00'. Should be of type: 'RFC3339'"
    }
  ],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11005,
      "message": "art.api.parameter.invalid"
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "API in beta: expect breaking changes."
    }
  ],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11003,
      "message": "art.api.resource.insufficient_permissions"
    }
  ],
  "messages": [],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11003,
      "message": "art.api.resource.insufficient_permissions"
    }
  ],
  "messages": [],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11003,
      "message": "art.api.resource.insufficient_permissions"
    }
  ],
  "messages": [],
  "result": null,
  "success": false
}
Returns Examples
{
  "errors": [],
  "messages": [
    {
      "code": 1000,
      "message": "API in beta: expect breaking changes."
    }
  ],
  "result": {
    "slots": [
      {
        "content": {
          "cloud": 150,
          "saas": 23
        },
        "posture": {
          "cloud": 0,
          "saas": 5
        },
        "timestamp": "2024-11-05T00:00:00Z"
      },
      {
        "content": {
          "cloud": 180,
          "saas": 30
        },
        "posture": {
          "cloud": 0,
          "saas": 7
        },
        "timestamp": "2024-11-06T00:00:00Z"
      }
    ]
  },
  "success": true
}
{
  "errors": [
    {
      "code": 11005,
      "message": "art.api.parameter.invalid"
    }
  ],
  "messages": [
    {
      "code": 1002,
      "message": "Parameter 'from' has invalid value '2024-11-05 00:00:00'. Should be of type: 'RFC3339'"
    }
  ],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11005,
      "message": "art.api.parameter.invalid"
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "API in beta: expect breaking changes."
    }
  ],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11003,
      "message": "art.api.resource.insufficient_permissions"
    }
  ],
  "messages": [],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11003,
      "message": "art.api.resource.insufficient_permissions"
    }
  ],
  "messages": [],
  "result": null,
  "success": false
}
{
  "errors": [
    {
      "code": 11003,
      "message": "art.api.resource.insufficient_permissions"
    }
  ],
  "messages": [],
  "result": null,
  "success": false
}