Skip to main content
GET
/
beta
/
failed-attacks
Get failed attacks
curl --request GET \
  --url https://api.petrasecurity.com/beta/failed-attacks \
  --header 'Authorization: Bearer <token>'
{
  "dateRange": {
    "startDate": "2026-03-01T00:00:00.000Z",
    "endDate": "2026-03-31T00:00:00.000Z"
  },
  "tenant": {
    "petraTenantId": "tenant-456",
    "name": "Acme Corporation",
    "microsoftTenantId": "abcd1234-5678-90ef-ghij-klmnopqrstuv"
  },
  "totalCount": 42,
  "byCountry": [
    {
      "name": "Russia",
      "countryCode": "RU",
      "count": 30
    },
    {
      "name": "China",
      "countryCode": "CN",
      "count": 12
    }
  ],
  "byDay": [
    {
      "date": "2026-03-15T00:00:00.000Z",
      "byType": [
        {
          "attackType": "PIERCING_HORNET",
          "count": 8
        },
        {
          "attackType": "LEGACY_AUTH",
          "count": 3
        }
      ]
    },
    {
      "date": "2026-03-16T00:00:00.000Z",
      "byType": [
        {
          "attackType": "PIERCING_HORNET",
          "count": 5
        }
      ]
    }
  ],
  "topTargetedUsers": [
    {
      "userPrincipalName": "admin@acmecorp.com",
      "fullName": "Admin User",
      "jobTitle": "IT Administrator",
      "count": 25,
      "attackOriginCountries": [
        {
          "name": "Russia",
          "countryCode": "RU"
        },
        {
          "name": "China",
          "countryCode": "CN"
        }
      ]
    }
  ]
}
You can find a tenant’s Petra ID in the URL when viewing a tenant in the dashboard (e.g. app.petrasecurity.com/tenant/<tenantId>). You can also pass a Microsoft tenant ID and the endpoint will resolve it automatically.

Authorizations

Authorization
string
header
required

Bearer token authentication. Include your API key in the Authorization header as 'Bearer YOUR_API_KEY'

Query Parameters

tenantId
string
required

The tenant to generate the report for. Accepts either a Petra tenant ID or a Microsoft tenant ID. You can find a tenant's Petra ID in the URL when viewing a tenant in the dashboard (e.g. app.petrasecurity.com/tenant/). You can also pass a Microsoft tenant ID and the endpoint will resolve it automatically.

startDate
string<date-time>

Start of the reporting window. Accepts ISO 8601 date or date-time (e.g. 2026-03-01 or 2026-03-01T00:00:00Z). Defaults to 30 days before endDate.

endDate
string<date-time>

End of the reporting window. Accepts ISO 8601 date or date-time. Defaults to now.

Response

Successful response

dateRange
object
tenant
object

The tenant this report covers

totalCount
integer

Total number of failed attacks in the window

byCountry
object[]

Failed attacks grouped by origin country

byDay
object[]

Daily breakdown of failed attacks grouped by attack type

topTargetedUsers
object[]

Users most targeted by failed attacks