> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wirespeed.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Count detections matching search filters



## OpenAPI

````yaml https://api.wirespeed.co/v1/openapi.json post /v1/detection/count
openapi: 3.0.0
info:
  title: Wirespeed API
  description: The public Wirespeed API. v1 is the first stable contract.
  version: '1.0'
  contact: {}
servers:
  - url: https://api.wirespeed.co
security: []
tags: []
paths:
  /v1/detection/count:
    post:
      tags:
        - Detection
      summary: Count detections matching search filters
      operationId: DetectionController_count
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SearchDetectionsDto'
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DetectionCountResponse'
        '422':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HttpError'
      security:
        - bearer: []
components:
  schemas:
    SearchDetectionsDto:
      type: object
      properties:
        size:
          type: number
        page:
          type: number
        filter:
          type: string
        search:
          type: string
        orderBy:
          type: string
        orderDir:
          type: string
          enum:
            - asc
            - desc
        days:
          type: number
          description: >-
            Number of days for time-based filtering (1-365). Used by
            stats/widget endpoints to set the time window.
        startDate:
          type: string
          description: Start date (inclusive, ISO8601 string)
        endDate:
          type: string
          description: End date (inclusive, ISO8601 string)
        caseIdOrSid:
          type: string
          description: Filter by case ID or case SID
        statuses:
          type: array
          description: Filter detections by status
          items:
            type: string
            enum:
              - NEW
              - PROCESSING
              - ESCALATED
              - HUNTING
              - MONITORING
              - CHATOPS
              - CLOSED
        verdict:
          type: string
          enum:
            - MALICIOUS
            - SUSPICIOUS
            - BENIGN
          description: Filter detections by verdict
        assetId:
          type: string
          description: Filter detections involving a specific asset
        assetType:
          type: string
          enum:
            - USER
            - PROCESS
            - USER_AGENT
            - FILE
            - ENDPOINT
            - LOCATION
            - IP
            - DOMAIN
          description: Filter detections by asset type involved
        hideExcluded:
          type: boolean
          description: Hide detections that have been excluded
        onlyChatOps:
          type: boolean
          description: Only show detections that were escalated
        onlyWasEscalated:
          type: boolean
          description: Only show detections that were escalated
        onlyWasContained:
          type: boolean
          description: Only show detections that resulted in containment
        hideDemoClients:
          type: boolean
          description: Hide detections from demo client teams
        categoryClass:
          type: string
          enum:
            - ENDPOINT
            - IDENTITY
            - CLOUD
            - EMAIL
            - NETWORK
            - DATA
            - POSTURE
            - OTHER
          description: Filter detections by category class
        category:
          type: string
          enum:
            - OTHER__DIAGNOSTIC
            - OTHER__INFORMATIONAL_EVENT
            - OTHER__WARNING
            - OTHER__UNKNOWN
            - OTHER__DECEPTION
            - OTHER__DECEPTION__SIMULATION
            - OTHER__CUSTOM_DETECTION
            - CLOUD__INVOCATION
            - CLOUD__DISCOVERY
            - CLOUD__DATA_TRANSFER
            - CLOUD__PERSISTENCE
            - CLOUD__PUBLIC_BUCKET
            - ENDPOINT__DISCOVERY
            - ENDPOINT__EXECUTION
            - ENDPOINT__LIVE_OFF_THE_LAND
            - ENDPOINT__NUISANCE
            - ENDPOINT__MALWARE_DISCOVERY
            - ENDPOINT__MALWARE_EXECUTION
            - ENDPOINT__LATE_STAGE
            - ENDPOINT__PERSISTENCE
            - ENDPOINT__REMOTE_MANAGEMENT
            - ENDPOINT__LATERAL_MOVEMENT
            - ENDPOINT__IMPACT
            - ENDPOINT__EVASION
            - ENDPOINT__EXPLOITATION
            - ENDPOINT__SIMULATION
            - ENDPOINT__PLANNED_CHANGE
            - IDENTITY__LOGIN
            - IDENTITY__REJECTED_MFA
            - IDENTITY__DISCOVERY
            - IDENTITY__BRUTE_FORCE
            - IDENTITY__PUBLIC_CREDENTIAL_EXPOSURE
            - IDENTITY__PRIVATE_CREDENTIAL_EXPOSURE
            - IDENTITY__PERSISTENCE
            - IDENTITY__ACCOUNT_COMPROMISE
            - IDENTITY__SIMULATION
            - NETWORK__INBOUND_CONNECTION
            - NETWORK__OUTBOUND_CONNECTION
            - NETWORK__PHISHING
            - NETWORK__NOISY
            - NETWORK__DISCOVERY
            - EMAIL__PHISHING
            - EMAIL__PHISHING_REPORTED
            - EMAIL__EVASION
            - EMAIL__MALWARE
            - EMAIL__MALICIOUS_LINK
            - EMAIL__GRAYMAIL
            - EMAIL__SPAM
            - EMAIL__BUSINESS_EMAIL_COMPROMISE
            - DATA__DATA_TRANSFER
            - DATA__DATA_SHARE
            - POSTURE__POSTURE
            - POSTURE__HEALTH
          description: Filter detections by specific category
        exclusionId:
          type: string
          description: Filter detections by exclusion rule ID
        severity:
          type: string
          enum:
            - INFORMATIONAL
            - LOW
            - MEDIUM
            - HIGH
            - CRITICAL
          description: Filter detections by severity
        integrationPlatform:
          type: string
          enum:
            - admin-by-request
            - aws
            - axonius
            - bitwarden
            - box
            - checkpoint-firewall
            - checkpoint-harmony
            - cisco-catalyst
            - cisco-duo
            - cisco-meraki
            - cisco-secure-access
            - cisco-umbrella
            - cisco-xdr
            - connectwise-psa
            - crowdstrike-falcon
            - cyberark
            - darktrace
            - email
            - exium
            - fleet-dm
            - fortianalyzer
            - fortinet
            - freshservice
            - generic-json
            - generic-syslog
            - google-alert-center
            - google-chronicle
            - google-directory
            - google-security-center
            - halcyon
            - halo-itsm
            - have-i-been-pwned
            - horizon3
            - hyas-protect
            - ipinfo
            - jamf-pro
            - jamf-protect
            - jira-cloud
            - jira-data-center
            - jumpcloud
            - kandji
            - manage-engine-ad-audit-plus
            - microsoft
            - microsoft-entra
            - microsoft-teams
            - microsoft-teams-v2
            - mimecast
            - ninjaone
            - odoo-helpdesk
            - okta
            - one-password
            - onelogin
            - orca-security
            - pager-duty
            - palo-alto-networks-cortex
            - picus
            - ping-one
            - reversing-labs
            - safebreach
            - sandfly
            - sentinel-one
            - service-now
            - slack
            - sms
            - smtp
            - sonic-wall
            - sophos
            - splunk
            - stairwell
            - tenable-nessus
            - thinkst-canary
            - tracebit
            - unifi
            - vectra
            - watchguard-firebox
            - windows-event-logs
            - wirespeed
            - wiz
            - wordfence
            - zscaler-zpa
          description: Filter detections by integration platform
        createdAt:
          description: Filter by creation date
          allOf:
            - $ref: '#/components/schemas/DateFilterDto'
        groupIds:
          description: >-
            Filter detections by group IDs (OR) — matches detections whose users
            or endpoints belong to any of the specified groups
          type: array
          items:
            type: string
    DetectionCountResponse:
      type: object
      properties:
        count:
          type: number
          description: Total number of detections matching the search filters
      required:
        - count
    HttpError:
      type: object
      properties:
        message:
          type: string
        statusCode:
          type: number
      required:
        - message
        - statusCode
    DateFilterDto:
      type: object
      properties:
        gt:
          type: string
          description: Filter for dates greater than this value
        gte:
          type: string
          description: Filter for dates greater than or equal to this value
        lt:
          type: string
          description: Filter for dates less than this value
        lte:
          type: string
          description: Filter for dates less than or equal to this value
  securitySchemes:
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http

````