API Reference

Paginated log list with all filters (prefix any filter with ! to negate)

Aggregate logs by dimension with CIDR grouping and HAVING thresholds

Single log detail with threat data

Dashboard aggregations (pass ?time_range=24h)

CSV export with current filters (up to 100K rows)

Health check with total count and latest timestamp

Distinct service names for filter dropdown

Distinct protocols seen in logs

Distinct interfaces seen in logs

Current system configuration (WAN, labels, setup status)

Save wizard configuration

Auto-detected WAN interface candidates

Discovered network segments with suggested labels

Force fresh AbuseIPDB lookup for an IP

Current UniFi API settings

Update UniFi API settings

Test UniFi connection and save on success

Current UI display preferences

Update UI display preferences

All firewall policies with zone data

Toggle syslog on a firewall policy

Bulk-toggle syslog on multiple policies

Cached UniFi client list

Cached UniFi infrastructure devices

UniFi polling status

Export all settings as JSON

Import settings from JSON backup

Save VPN network configuration

Current retention configuration

Update retention settings

Run retention cleanup immediately

Threat intelligence cache with IP/date filters

Geo-aggregated threat data for Threat Map (GeoJSON)

Fetch multiple logs by ID (max 50)

MCP JSON-RPC endpoint (bearer token required)

MCP SSE streaming endpoint (bearer token required)

MCP server settings

Update MCP settings

List MCP access tokens

Create a new MCP token

Revoke an MCP token

List available permission scopes

MCP audit trail with pagination