XDR - Extended Detection & Response

Monitor endpoint security agents and detected threats.

Commands

• xdr kpis - View XDR general KPIs
• xdr years - List available years
• xdr year-kpis - View KPIs for a specific year
• xdr agents - List XDR agents
• xdr threats - List XDR threats

---

xdr kpis

Display XDR general KPIs including agent and threat statistics.

mysecutec xdr kpis [flags]

Flags

Flag	Type	Default	Description
--last-n-days	int	30	Number of days to look back

API

GET /xdr/v1/dashboard/general-kpis?last_n_days=30

Request Example

mysecutec xdr kpis --last-n-days 7

GET /xdr/v1/dashboard/general-kpis?last_n_days=7
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "last_n_days": 7,
    "agents": {
      "total": 150,
      "recent": 5,
      "items": [
        { "os_name": "Windows", "total": 100, "recent": 3 },
        { "os_name": "macOS", "total": 35, "recent": 1 },
        { "os_name": "Linux", "total": 15, "recent": 1 }
      ]
    },
    "threats": {
      "total": 25,
      "recent": 8,
      "items": [
        { "threat_status": "mitigated", "total": 20, "recent": 6 },
        { "threat_status": "active", "total": 5, "recent": 2 }
      ]
    }
  }
}

Model: XDRGeneralKPIs

Field	Type	Description
data	XDRGeneralKPIsData	KPI data

Model: XDRGeneralKPIsData

Field	Type	Description
last_n_days	int	Lookback period
agents	XDRAgentKPIs	Agent statistics
threats	XDRThreatKPIs	Threat statistics

Model: XDRAgentKPIs

Field	Type	Description
total	int	Total agent count
recent	int	Recently added agents
items	[]XDRAgentKPIItem	Per-OS breakdown

Model: XDRAgentKPIItem

Field	Type	Description
os_name	string	Operating system name
total	int	Total agents on this OS
recent	int	Recent agents on this OS

Model: XDRThreatKPIs

Field	Type	Description
total	int	Total threat count
recent	int	Recent threats
items	[]XDRThreatKPIItem	Per-status breakdown

Model: XDRThreatKPIItem

Field	Type	Description
threat_status	string	Threat status
total	int	Total threats with this status
recent	int	Recent threats with this status

---

xdr years

List years that have XDR data.

mysecutec xdr years

API

GET /xdr/v1/dashboard/years

Response

{
  "data": {
    "items": [2024, 2025]
  }
}

---

xdr year-kpis

View monthly KPI breakdown for a specific year.

mysecutec xdr year-kpis --year <year>

Flags

Flag	Type	Required	Description
--year	int	Yes	Year to query

API

GET /xdr/v1/dashboard/year-kpis?year=2025

Request Example

mysecutec xdr year-kpis --year 2025

GET /xdr/v1/dashboard/year-kpis?year=2025
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "year": 2025,
    "items": [10, 8, 15, 12, 20, 18, 0, 0, 0, 0, 0, 0]
  }
}

Model: XDRYearKPIs

Field	Type	Description
data.year	int	The year
data.items	[12]int	Monthly threat counts (Jan-Dec)

---

xdr agents

List XDR endpoint agents with details.

mysecutec xdr agents [flags]

Flags

Flag	Type	Default	Description
--limit	int	20	Maximum number of results
--offset	int	0	Number of results to skip
--search	string		Search filter

API

GET /xdr/v1/dashboard/agents?limit=20&offset=0

Query Parameters:

Parameter	Type	Description
limit	int	Max results
offset	int	Skip results
search	string	Search filter
sort_field	string	Sort field
sort_dir	string	Sort direction

Request Example

mysecutec xdr agents --limit 10 --search "DESKTOP"

GET /xdr/v1/dashboard/agents?limit=10&offset=0&search=DESKTOP
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "items": [
      {
        "id": "agent-uuid-123",
        "name": "DESKTOP-ABC123",
        "type": "endpoint",
        "version": "4.5.2",
        "first_seen": "2025-01-10T08:00:00Z",
        "last_seen": "2025-06-15T23:45:00Z",
        "os": "Windows 11 Pro",
        "external_ip": "203.0.113.50",
        "internal_ip": "192.168.1.100",
        "domain": "CORP",
        "status": "online"
      }
    ]
  },
  "pagination": {
    "limit": 10,
    "offset": 0,
    "total": 150
  }
}

Model: XDRAgentEntry

Field	Type	Description
id	string	Agent ID
name	string	Agent/machine name
type	string	Agent type
version	string	Agent version
first_seen	timestamp	First seen timestamp
last_seen	timestamp	Last seen timestamp
os	string	Operating system
external_ip	string	External IP address
internal_ip	string	Internal IP address
domain	string	Domain membership
status	string	Agent status

---

xdr threats

List XDR detected threats.

mysecutec xdr threats [flags]

Flags

Flag	Type	Default	Description
--limit	int	20	Maximum number of results
--offset	int	0	Number of results to skip
--search	string		Search filter

API

GET /xdr/v1/dashboard/threats?limit=20&offset=0

Request Example

mysecutec xdr threats --limit 5

GET /xdr/v1/dashboard/threats?limit=5&offset=0
Authorization: Bearer <token>
Accept: application/json

Response

{
  "data": {
    "items": [
      {
        "id": "threat-uuid-456",
        "time_of_detection": "2025-06-15T10:22:00Z",
        "machine_name": "DESKTOP-ABC123",
        "threat_name": "Trojan.GenericKD.12345",
        "process": "C:\\Users\\user\\Downloads\\malware.exe",
        "classification": "Trojan"
      }
    ]
  },
  "pagination": {
    "limit": 5,
    "offset": 0,
    "total": 25
  }
}

Model: XDRThreatEntry

Field	Type	Description
id	string	Threat ID
time_of_detection	timestamp	Detection timestamp
machine_name	string	Affected machine name
threat_name	string	Threat name/signature
process	string	Process path
classification	string	Threat classification