API v1hldgroup.org

Analytics & MTTR

The Analytics API provides operational metrics across your Sentinel deployment — incident volumes, response time breakdowns, action counts, and MTTR (Mean Time to Respond) compared against industry benchmarks.

Summary

bash
GET /v1/sentinel/analytics/summary?days=30
NameTypeRequiredDescription
daysintegerNoLookback window in days (1–90). Defaults to 30.
json
{
  "data": {
    "period_days": 30,
    "since": "2025-05-02T00:00:00Z",
    "incidents": {
      "total": 47,
      "by_severity": {
        "critical": 3,
        "high": 12,
        "medium": 24,
        "low": 8
      },
      "by_status": {
        "resolved": 41,
        "contained": 4,
        "open": 2
      },
      "avg_response_time_seconds": 38
    },
    "actions": {
      "total": 183,
      "by_type": {
        "isolate_device": 12,
        "revoke_sessions": 34,
        "block_ip": 47,
        "run_scan": 64,
        "disable_account": 8,
        "quarantine_file": 18
      }
    },
    "network_blocks_active": 94
  }
}

MTTR breakdown

bash
GET /v1/sentinel/analytics/mttr?days=30
json
{
  "data": {
    "period_days": 30,
    "overall_avg_seconds": 38,
    "overall_avg_human": "38s",
    "industry_benchmark_seconds": 10800,
    "improvement_factor": 284,
    "by_severity": {
      "critical": {
        "count": 3,
        "avg_seconds": 22,
        "min_seconds": 18,
        "max_seconds": 31
      },
      "high": {
        "count": 12,
        "avg_seconds": 35,
        "min_seconds": 19,
        "max_seconds": 58
      }
    }
  }
}

Using analytics in reports

Combine the summary and MTTR endpoints to build executive-level security reports. Common patterns:

typescript
// Monthly security posture report
const [summary, mttr] = await Promise.all([
  fetch('/v1/sentinel/analytics/summary?days=30').then(r => r.json()),
  fetch('/v1/sentinel/analytics/mttr?days=30').then(r => r.json()),
])

const report = {
  period: '30 days',
  incidents_detected: summary.data.incidents.total,
  critical_incidents: summary.data.incidents.by_severity.critical,
  avg_response_time: mttr.data.overall_avg_human,
  vs_industry: `${mttr.data.improvement_factor}× faster than industry average`,
  active_blocks: summary.data.network_blocks_active,
}
Tip:Schedule a weekly analytics pull using the api.changelog.published webhook pattern — or use a cron job against the analytics endpoints — to feed security KPIs into your dashboards, board reports, or customer-facing portals.
IncidentsReference: Errors