Average for some Incident field. Use X-Total-Hits header on response for count used for average. For aggregate-on field X.Y.Z, response body will be {:data {:X {:Y {:Z <average>}}}}. If X-Total-Hits is 0, then average will be nil - Cisco XDR APIs

Cisco XDR APIs