ATH - Advanced Threat Hunting

Monitor advanced threats with log analytics, alert tracking, and trend data.

Commands

• ath kpis - View ATH general KPIs
• ath years - List available years
• ath year-kpis - View KPIs for a specific year
• ath alerts - List alerts
• ath map - View alert geography (source → destination)

---

ath kpis

Display Advanced Threat Hunting general KPIs including total logs, alerts, and severity breakdown.

mysecutec ath kpis [flags]

Flags

Flag	Type	Default	Description
--last-n-days	int	30	Number of days to look back

API

GET /ath/v1/dashboard/general-kpis?last_n_days=30

Request Example

mysecutec ath kpis --last-n-days 7

GET /ath/v1/dashboard/general-kpis?last_n_days=7
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "last_n_days": 7,
    "total_logs": {
      "total": 1500000,
      "last": "2025-06-15T23:59:59Z"
    },
    "total_alerts": {
      "total": 85,
      "recent": 12
    },
    "alerts": [
      { "severity": "critical", "total": 2, "recent": 1 },
      { "severity": "high", "total": 15, "recent": 3 },
      { "severity": "medium", "total": 30, "recent": 5 },
      { "severity": "low", "total": 38, "recent": 3 }
    ]
  }
}

Model: ATHGeneralKPIs

Field	Type	Description
data	ATHGeneralKPIsData	KPI data

Model: ATHGeneralKPIsData

Field	Type	Description
last_n_days	int	Lookback period
total_logs	ATHTotalLogs	Log statistics
total_alerts	ATHTotalRecent	Alert statistics
alerts	[]ATHAlertSeverityKPI	Alert severity breakdown

Model: ATHTotalLogs

Field	Type	Description
total	int	Total log count
last	timestamp	Last log timestamp

Model: ATHTotalRecent

Field	Type	Description
total	int	Total count
recent	int	Recent count

Model: ATHAlertSeverityKPI

Field	Type	Description
severity	string	Severity level
total	int	Total alerts
recent	int	Recent alerts

---

ath years

List years that have ATH data.

mysecutec ath years

API

GET /ath/v1/dashboard/years

Request Example

mysecutec ath years

GET /ath/v1/dashboard/years
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "items": [2024, 2025]
  }
}

---

ath year-kpis

View monthly KPI breakdown for a specific year.

mysecutec ath year-kpis --year <year>

Flags

Flag	Type	Required	Description
--year	int	Yes	Year to query

API

GET /ath/v1/dashboard/year-kpis?year=2025

Request Example

mysecutec ath year-kpis --year 2025

GET /ath/v1/dashboard/year-kpis?year=2025
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "year": 2025,
    "items": [
      {
        "severity": "critical",
        "data": [1, 0, 2, 1, 0, 1, 0, 0, 0, 0, 0, 0]
      },
      {
        "severity": "high",
        "data": [5, 8, 3, 7, 6, 4, 0, 0, 0, 0, 0, 0]
      }
    ]
  }
}

Model: ATHYearKPIs

Field	Type	Description
data.year	int	The year
data.items	[]ATHYearKPIItem	Severity data per month

Model: ATHYearKPIItem

Field	Type	Description
severity	string	Alert severity
data	[12]int	Monthly counts (Jan-Dec)

---

ath alerts

List individual ATH alerts with device and network details.

mysecutec ath alerts [flags]

Flags

Flag	Type	Default	Description
--limit	int	20	Maximum number of results
--offset	int	0	Number of results to skip

API

GET /ath/v1/dashboard/alerts?limit=20&offset=0

Request Example

mysecutec ath alerts --limit 10

GET /ath/v1/dashboard/alerts?limit=10&offset=0
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "items": [
      {
        "id": "alert-uuid-123",
        "created_at": "2025-06-15T14:30:00Z",
        "device_name": "FIREWALL-01",
        "source_ip": "192.168.1.50",
        "destination_ip": "203.0.113.100",
        "source_port": 54321,
        "destination_port": 443,
        "source_country": "BE",
        "destination_country": "US",
        "source_region": "Brussels",
        "destination_region": "Virginia",
        "alert_severity": "high"
      }
    ]
  },
  "pagination": {
    "limit": 10,
    "offset": 0,
    "total": 85
  }
}

Model: ATHAlertEntry

Field	Type	Description
id	string	Alert ID
created_at	timestamp	Alert creation time
device_name	string	Source device name
source_ip	string	Source IP address
destination_ip	string	Destination IP address
source_port	int	Source port
destination_port	int	Destination port
source_country	string	Source country code
destination_country	string	Destination country code
source_region	string	Source region
destination_region	string	Destination region
alert_severity	string	Alert severity level

---

ath map

View alert geography — source → destination connections with per-severity alert counts.

mysecutec ath map [flags]

Flags

Flag	Type	Default	Description
--last-n-days	int	30	Number of days to look back

API

GET /ath/v1/dashboard/map?last_n_days=30

Request Example

mysecutec ath map --last-n-days 7

GET /ath/v1/dashboard/map?last_n_days=7
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "last_n_days": 7,
    "items": [
      {
        "source_geo": { "country": "RU", "region": "Moscow", "latitude": 55.75, "longitude": 37.62 },
        "destination_geo": { "country": "BE", "region": "Brussels", "latitude": 50.85, "longitude": 4.35 },
        "alert_counts": [
          { "alert_severity": "high", "count": 12 },
          { "alert_severity": "medium", "count": 4 }
        ]
      }
    ]
  }
}

Model: ATHMapItem

Field	Type	Description
source_geo	ATHGeoLocation	Origin (country/region/lat/long)
destination_geo	ATHGeoLocation	Destination (country/region/lat/long)
alert_counts	[]ATHAlertCount	Per-severity counts for this connection