Live Data API
All systems operationalProgrammatic access to ThreatOps SOC telemetry, compliance posture, and pre-computed analytics. Integrate with PowerBI, Tableau, Splunk, or any REST-capable platform.
21Endpoints
BearerAuth
JSONFormat
Base URL
https://api.threatops.ioAuthentication required — Pass
Authorization: Bearer <api_key> and X-Tenant-ID: <tenant_uuid> on every request.Core Data Endpoints
Raw SOC and compliance data with pagination and filtering
SOC Analytics Endpoints
Pre-computed, BI-ready metrics — click Run to call any endpoint live
Time window
days
Every response returns
metadata.generated_atmetadata.record_countmetadata.daysvalid range: 1 – 3650GET
/api/v1/reports/live-data/summary⚡ RecommendedAll 13 SOC analytics metrics in a single call — ideal for PowerBI/Tableau datasets.GET
/api/v1/reports/live-data/alerts-by-response-typeMonthly breakdown of alerts by Escalated, Manually Investigated, and Automated Resolution.GET
/api/v1/reports/live-data/escalated-incidents-by-severityMonth-over-month escalated incident counts split by Critical / High / Medium / Low.GET
/api/v1/reports/live-data/escalated-incidents-weekly-trend7-day rolling trend of escalated security incidents by severity band.GET
/api/v1/reports/live-data/escalated-incidents-by-categoryEscalated incidents grouped by MITRE ATT&CK tactic category per month.GET
/api/v1/reports/live-data/top-categoriesTop attack categories with per-week trend sparkline data for dashboard cards.GET
/api/v1/reports/live-data/benign-false-positive-alertsMonthly split of benign and false-positive alerts — manual vs automated resolution.GET
/api/v1/reports/live-data/non-escalated-alerts-by-severityNon-escalated manually investigated alerts segmented by severity over 3 months.GET
/api/v1/reports/live-data/alerts-resolved-by-automationAutomation resolution volume by alert severity — tracks SOC automation ROI.GET
/api/v1/reports/live-data/alert-types-by-hour24-hour alert distribution with per-severity breakdown and business-hours context.GET
/api/v1/reports/live-data/mean-timesGlobal MTTA, MTTI, MTTC in minutes — plus per-severity breakdown for SLA reporting.GET
/api/v1/reports/live-data/mean-times-by-dispositionMean response times segmented by final alert disposition (resolved, escalated, etc.).GET
/api/v1/reports/live-data/incidents-by-severityTotal incident count grouped by severity — snapshot for executive dashboards.GET
/api/v1/reports/live-data/incidents-by-dispositionIncident distribution by final disposition — resolution funnel analytics.Works with
PowerBITableauGrafanaSplunkElasticPythonNode.jscurl