RiskIQ Illuminate
RiskIQ Illuminate reveals cyber threats relevant to your critical assets through connected digital relationships. It is the only security intelligence solution with tailored attack surface intelligence to uncover exposures, risks, and threats against your unique digital footprint, pinpointing what’s relevant to you—all in one place.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | RiskIQ Illuminate |
URL | https://www.riskiq.com/contact-us/ |
[email protected] |
Connector Metadata | |
---|---|
Publisher | RiskIQ |
Website | https://www.riskiq.com/integrations/microsoft/ |
Privacy policy | https://www.riskiq.com/privacy-policy/ |
Categories | Security;IT Operations |
Pre-requisites
You will need the following to proceed:
How to get credentials
Register for a test API key at RiskIQ Security Intelligence Services or contact your account representative ([email protected]) to identify your existing customer keys.
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
Token | securestring | The Token for this api | True |
Secret | securestring | The Secret for this api | True |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Add project tags |
Add tags to a project by project ID. |
Add tags |
Adds tags to a given artifact. |
Artifact updates in bulk |
Perform artifact updates in bulk. |
Create artifact |
Create artifact with given parameters. |
Create artifacts in bulk |
Create artifacts in bulk with given parameters. |
Create project |
Create project with given parameters. |
Delete artifact with a UUID |
Delete artifact having a certain UUID. |
Delete artifacts in bulk |
Delete artifacts in bulk by their artifacts ids. |
Delete project |
Delete project by project ID. |
Delete tags |
Removes tags from an artifact. |
Find artifact |
Read existing artifacts. If no filters are passed, this returns all your personal artifacts created by you or your organization. |
Find project |
Retrieve all information related to project. |
Get account and organization quotas |
Retrieve the details of current account and organization quotas. |
Get account metadata and settings |
Retrieve current account metadata and settings. |
Get active monitors |
Retrieve the set of active monitors. |
Get addresses by component name |
Searches the components addresses information by component name. |
Get addresses by cookie domain |
Searches the cookies addresses information by cookie domain. |
Get addresses by cookie name |
Searches the addresses information by cookie name. |
Get alerts associated with an artifact or project |
Retrieve all alerts associated with an artifact or project. |
Get all indicators for given profile |
Retrieves the indicators for the given profile id. |
Get all profiles |
Retrieves all profiles. |
Get all profiles by indicator |
Retrieves all profiles containing the given indicator. |
Get all third party vendors |
Finds all vendors associated with the given account. |
Get API usage history |
Retrieve the details of API usage history of the account. |
Get article details |
Retrieves the details of the article specified. |
Get articles |
Retrieves all articles. |
Get articles by indicator |
Retrieves all articles containing the indicator specified. |
Get articles indicators |
Retrieves articles indicators. |
Get artifact tags |
Retrieve the tags of an artifact or artifacts. |
Get attack surface |
Finds the Attack Surface information of the given account. |
Get attack surface insight by insight Id |
Finds the Attack Surface Insight Information given the insight ID for the given account |
Get attack surface priority detail by level |
Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account. |
Get attack surface third party by vendor Id |
Finds vendors associated with the given vendor id for given account account. |
Get attack surface third party insight by vendor Id and insight Id |
Finds vendors associated with the given vendor id and insight Id |
Get attack surface third party priority detail by vendor Id and level |
Finds vendors associated with the given vendor id and priority level for given account account. |
Get attack surface third party vulnerabilities |
Finds the Attack Surface Third-Party Vulnerability Information given the vendor ID. |
Get attack surface third party vulnerability observations |
Finds the Attack Surface Third-Party Vulnerability Observations given the vendor ID and CVE. |
Get attack surface third party vulnerable components |
Finds the Attack Surface Third-Party Vulnerable Components given the vendor ID. |
Get attack surface vulnerability observations |
Finds the Attack Surface Vulnerability Observations for the primary vendor given a CVE. |
Get attack surface vulnerable components |
Finds the Attack Surface Vulnerable Components for the primary vendor. |
Get attack surface vulnerable information |
Finds the Attack Surface Vulnerability Information for the primary vendor for the given account. |
Get bulk classification status |
Retrieve classification statuses for given domains. |
Get classification status |
Retrieve classification status for a given domain. |
Get components |
Retrieves the host attribute components of a query. |
Get compromised status |
Indicates whether or not a given domain has ever been compromised. |
Get cookies |
Retrieves the host attribute cookies related to the query. |
Get current organization metadata |
Retrieve the details of current organization metadata. |
Get dynamic DNS status |
Indicates whether or not a domain's DNS records are updated via dynamic DNS. |
Get enrichment data |
Get enrichment data for a query. |
Get enrichment data bulk |
Get bulk enrichment data for many queries. |
Get hosts by component name |
Searches the components hosts information by component name. |
Get hosts by cookie domain |
Searches the cookies hosts information by cookie domain. |
Get hosts by cookie name |
Searches the hosts information by cookie name. |
Get items by classification |
Retrieve items with the specified classification. |
Get malware |
Get malware data for a query. |
Get malware bulk |
Get bulk malware data for many queries. |
Get monitor status |
Indicates whether or not a domain is monitored. |
Get OSINT |
Get OSINT data for a query. |
Get OSINT bulk |
Get bulk OSINT data for many queries. |
Get pairs |
Retrieves the host attribute pairs related to the query. |
Get passive DNS |
Retrieves the passive DNS results from active account sources. |
Get profile details |
Retrieves the details for the given profile. |
Get reputation |
Retrieves reputation for given query. |
Get sinkhole status |
Indicates whether or not an IP address is a sinkhole. |
Get sources used for queries |
Retrieve the details of sources being used for queries. |
Get SSL certificate |
Retrieves an SSL certificate by its SHA-1 hash. |
Get SSL certificate history |
Retrieves the SSL certificate history for a given certificate SHA-1 hash or IP address. |
Get subdomains |
Get subdomains data for a query. |
Get summary data card |
Retrieves a summary data card associated to the given query. |
Get tags |
Get tags from a given artifact. |
Get team activity |
Retrieve the details of team activity. |
Get the open ports info for the IP address given |
The exposed services endpoints allow you to see services on recently open ports for an IP address. |
Get trackers |
Retrieves the host attribute trackers. |
Get unique passive DNS |
Retrieves the unique passive DNS results from active account sources. |
Get WHOIS |
Retrieves the WHOIS data for the specified query. |
Remove artifact tags |
Remove a set of tags from an artifact or artifacts. |
Remove project tags |
Remove tags from a project by project ID. |
Search passive DNS |
Searches the passive DNS data for a keyword query. |
Search SSL certificates |
Retrieves SSL certificates for a given field value. |
Search SSL certificates by keyword |
Retrieves SSL certificates for a given keyword. |
Search tags |
Retrieve artifacts for a given tag. |
Search trackers that match the criteria |
Retrieves hosts or IP addresses that employ a specific user tracking service. |
Search WHOIS |
Searches WHOIS data by field and query. |
Search WHOIS keyword |
Search WHOIS data for a keyword. |
Set artifact tags |
Set the tags of an artifact or artifacts. |
Set bulk classification status |
Set classification statuses for given domains. |
Set classification status |
Sets the classification status for a given domain. |
Set compromised status |
Sets status for a domain to indicate if it has ever been compromised. |
Set dynamic DNS status |
Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS. |
Set project tags |
Set the project tags of given project ID. |
Set sinkhole status |
Sets status for an IP address to indicate whether or not it is a sinkhole. |
Set tags |
Sets tags to a given artifact. |
Update artifact |
Update artifact, or toggle monitoring status. |
Update artifact tags |
Add tags to an artifact or artifacts. |
Update project |
Updates a project denoted by project ID. |
Add project tags
Add tags to a project by project ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ProjectResponse
Add tags
Adds tags to a given artifact.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- TagActionResponse
Artifact updates in bulk
Perform artifact updates in bulk.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Bulk Update Response
- response
- object
Create artifact
Create artifact with given parameters.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Create artifacts in bulk
Create artifacts in bulk with given parameters.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Bulk Create Response
- response
- object
Create project
Create project with given parameters.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ProjectResponse
Delete artifact with a UUID
Delete artifact having a certain UUID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Delete artifacts in bulk
Delete artifacts in bulk by their artifacts ids.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Bulk Delete Response
- response
- object
Delete project
Delete project by project ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ProjectResponse
Delete tags
Removes tags from an artifact.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- TagActionResponse
Find artifact
Read existing artifacts. If no filters are passed, this returns all your personal artifacts created by you or your organization.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Artifact
|
artifact | string |
The artifact UUID id |
|
Project
|
project | string |
Filter by project UUID id |
|
Owner
|
owner | string |
Filter by owner (an email or organization id) |
|
Creator
|
creator | string |
Filter by creator |
|
Organization
|
organization | string |
Filter by organization |
|
Query
|
query | string |
Filter by query (passivetotal.org, etc) |
|
Type
|
type | string |
Filter by type (domain, ip, etc) |
Returns
Find Artifact Response
- response
- object
Find project
Retrieve all information related to project.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Project
|
project | string |
Filter by project id |
|
Owner
|
owner | string |
Filter by owner (an email or organization id) |
|
Creator
|
creator | string |
Filter by creator email |
|
Organization
|
organization | string |
Filter by organization |
|
Visibility
|
visibility | string |
Filter by visibility |
|
Featured
|
featured | boolean |
Filter by featured status |
Returns
Find Project Response
- response
- object
Get account and organization quotas
Get account metadata and settings
Get active monitors
Get addresses by component name
Searches the components addresses information by component name.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Name
|
name | True | string |
Component name |
Version
|
version | string |
Component version to search for |
|
Category
|
category | string |
Component category to search for |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
|
Sort
|
sort | string |
Field to sort on, default value lastSeen |
|
Order
|
order | string |
Order to return results in, default value desc |
Returns
Get addresses by cookie domain
Searches the cookies addresses information by cookie domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Domain
|
domain | True | string |
Cookie domain |
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
|
Sort
|
sort | string |
Field to sort on, default value lastSeen |
|
Order
|
order | string |
Order to return results in, default value desc |
Returns
Get addresses by cookie name
Searches the addresses information by cookie name.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Name
|
name | True | string |
Cookie name |
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
|
Sort
|
sort | string |
Field to sort on, default value lastSeen |
|
Order
|
order | string |
Order to return results in, default value desc |
Returns
Get alerts associated with an artifact or project
Retrieve all alerts associated with an artifact or project.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Project
|
project | string |
The project to filter on |
|
Artifact
|
artifact | string |
The artifact to filter on |
|
Start
|
start | string |
Filter results to after this datetime. Formats:"yyyy-MM-dd HH:mm:ss" |
|
End
|
end | string |
Filter results to before this datetime. Formats:"yyyy-MM-dd HH:mm:ss" |
|
Size
|
size | integer |
Max number of results, default is 25 |
|
Page
|
page | integer |
Page number, default is 0 |
Returns
- Body
- MonitorResponse
Get all indicators for given profile
Retrieves the indicators for the given profile id.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | string |
Profile Id |
Query
|
query | string |
Indicator value to search for in profiles |
|
Types
|
types | string |
Indicator types to filter by. E.g. domain |
|
Categories
|
categories | string |
Indicator categories to filter by. E.g. host |
|
Sources
|
sources | string |
Indicator sources to filter by. Allowed values: osint, riskiq |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
|
Size
|
size | integer |
Maximum number of results to return per page, defaults to 25 |
Returns
Get all profiles
Retrieves all profiles.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | string |
Query to search |
|
Type
|
type | string |
Profile type to search by. E.g. actor |
Returns
Get all profiles by indicator
Retrieves all profiles containing the given indicator.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Indicator value to search for in profiles |
Types
|
types | string |
Indicator types to filter by. E.g. domain |
|
Categories
|
categories | string |
Indicator categories to filter by. E.g. host |
|
Sources
|
sources | string |
Indicator sources to filter by. Allowed values: osint, riskiq |
Returns
Get all third party vendors
Finds all vendors associated with the given account.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0 |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get API usage history
Retrieve the details of API usage history of the account.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Source
|
source | string |
History type (api/web), defaults to both |
|
Date
|
dt | string |
Date to start showing results for |
|
Focus
|
focus | string |
Query to filter for (domain, ip, etc) |
Returns
- Body
- HistoryResponse
Get article details
Retrieves the details of the article specified.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Article
|
article | True | string |
Article short guid |
Returns
- Body
- ArticlesResponse
Get articles
Retrieves all articles.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Sort
|
sort | string |
Order to sort, defaults to created |
|
Order
|
order | string |
Field name to sort by, defaults to desc |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
Returns
- Body
- ArticlesListResponse
Get articles by indicator
Retrieves all articles containing the indicator specified.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Indicator value to search for in articles (e.g. domain, ip) |
Type
|
type | string |
Indicator type to filter by |
Returns
- Body
- ArticlesListResponse
Get articles indicators
Retrieves articles indicators.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Article GUID
|
articleGuid | string |
The article short guid. Use this parameter if you want to consult the indicators of a single article |
|
Start Date
|
startDate | string |
This represents the publish date of articles where you want to start looking at indicators Formats:yyyy-MM-dd HH:mm:ss |
Returns
Get artifact tags
Retrieve the tags of an artifact or artifacts.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Artifact
|
artifact | True | string |
The artifact UUID or UUIDs to list |
Returns
- Body
- ArtifactTagResponse
Get attack surface
Get attack surface insight by insight Id
Finds the Attack Surface Insight Information given the insight ID for the given account
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Insight Id
|
insightId | True | integer |
Insight Id |
Group By
|
groupBy | string |
The group by value (bar) to group by, based on the chart's groupBy field |
|
Segment By
|
segmentBy | string |
The group by value (bar segment) to segment by, based on the chart's segmentBy field |
|
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0 |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get attack surface priority detail by level
Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Level
|
level | True | string |
Priority level (high/medium/low) |
Returns
Get attack surface third party by vendor Id
Finds vendors associated with the given vendor id for given account account.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | integer |
Vendor Id |
Returns
- Body
- VendorInfo
Get attack surface third party insight by vendor Id and insight Id
Finds vendors associated with the given vendor id and insight Id
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | integer |
Vendor Id |
Insight Id
|
insightId | True | integer |
Insight Id |
Group By
|
groupBy | string |
The group by value (bar) to group by, based on the chart's groupBy field |
|
Segment By
|
segmentBy | string |
The group by value (bar segment) to segment by, based on the chart's segmentBy field |
|
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0 |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get attack surface third party priority detail by vendor Id and level
Finds vendors associated with the given vendor id and priority level for given account account.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | integer |
Vendor Id |
Level
|
level | True | string |
Priority level (high/medium/low) |
Returns
Get attack surface third party vulnerabilities
Finds the Attack Surface Third-Party Vulnerability Information given the vendor ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | integer |
Vendor Id |
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0. |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get attack surface third party vulnerability observations
Finds the Attack Surface Third-Party Vulnerability Observations given the vendor ID and CVE.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | integer |
Vendor Id |
Cve Id
|
cveId | True | string |
Cve Id |
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0. |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get attack surface third party vulnerable components
Finds the Attack Surface Third-Party Vulnerable Components given the vendor ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | integer |
Vendor Id |
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0. |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get attack surface vulnerability observations
Finds the Attack Surface Vulnerability Observations for the primary vendor given a CVE.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Cve Id
|
cveId | True | string |
Cve Id |
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0. |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get attack surface vulnerable components
Finds the Attack Surface Vulnerable Components for the primary vendor.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0 |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get attack surface vulnerable information
Finds the Attack Surface Vulnerability Information for the primary vendor for the given account.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Page
|
page | integer |
The index of the page to retrieve. The index is zero based so the first page is page 0 |
|
Size
|
size | integer |
The number of matching records to return per page |
Returns
Get bulk classification status
Retrieve classification statuses for given domains.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | array |
Domains for which to retrieve classification statuses |
Returns
Get classification status
Retrieve classification status for a given domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Domain for which to retrieve classification status |
Returns
- Body
- ClassificationInfo
Get components
Retrieves the host attribute components of a query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Start
|
start | string |
The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
End
|
end | string |
The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
Returns
- Body
- ComponentInfo
Get compromised status
Indicates whether or not a given domain has ever been compromised.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Domain to check for compromised status |
Returns
Get cookies
Retrieves the host attribute cookies related to the query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Start
|
start | string |
The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
End
|
end | string |
The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
Returns
- Body
- CookiesResponse
Get current organization metadata
Get dynamic DNS status
Indicates whether or not a domain's DNS records are updated via dynamic DNS.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Domain for which to retrieve dynamic DNS status |
Returns
- Body
- DynamicDnsResponse
Get enrichment data
Get enrichment data for a query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Returns
- Body
- EnrichmentResponse
Get enrichment data bulk
Get bulk enrichment data for many queries.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | array |
The domains and IPs being queried |
Returns
Get hosts by component name
Searches the components hosts information by component name.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Name
|
name | True | string |
Component name |
Version
|
version | string |
Component version to search for |
|
Category
|
category | string |
Component category to search for |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
|
Sort
|
sort | string |
Field to sort on, default value lastSeen |
|
Order
|
order | string |
Order to return results in, default value desc |
Returns
Get hosts by cookie domain
Searches the cookies hosts information by cookie domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Domain
|
domain | True | string |
Cookie domain |
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
|
Sort
|
sort | string |
Field to sort on, default value lastSeen |
|
Order
|
order | string |
Order to return results in, default value desc |
Returns
Get hosts by cookie name
Searches the hosts information by cookie name.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Name
|
name | True | string |
Cookie name |
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
|
Sort
|
sort | string |
Field to sort on, default value lastSeen |
|
Order
|
order | string |
Order to return results in, default value desc |
Returns
Get items by classification
Retrieve items with the specified classification.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Classification
|
classification | string |
Classification for which to retrieve items for |
Returns
Get malware
Get malware data for a query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Returns
Get malware bulk
Get bulk malware data for many queries.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domains and IPs being queried |
Returns
Get monitor status
Indicates whether or not a domain is monitored.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Domain for which to check for monitoring |
Returns
Get OSINT
Get OSINT data for a query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Returns
Get OSINT bulk
Get bulk OSINT data for many queries.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domains and IPs being queried |
Returns
- Body
- OsintBulkResponse
Get pairs
Retrieves the host attribute pairs related to the query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Direction
|
direction | True | string |
The domain or IP being queried |
Start
|
start | string |
The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
End
|
end | string |
The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
Returns
- Body
- PairInfo
Get passive DNS
Retrieves the passive DNS results from active account sources.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Start
|
start | string |
The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
End
|
end | string |
The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
Timeout
|
timeout | integer |
Timeout to use for external resources, defaults to 7 |
Returns
Get profile details
Retrieves the details for the given profile.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
id | True | string |
Profile Id |
Returns
Get reputation
Retrieves reputation for given query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain, host or IP being queried |
Returns
- Body
- ReputationResponse
Get sinkhole status
Indicates whether or not an IP address is a sinkhole.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
IP address to check for sinkhole status |
Returns
Get sources used for queries
Retrieve the details of sources being used for queries.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Source
|
source | string |
The source to filter on |
Returns
- Body
- SourcesResponse
Get SSL certificate
Retrieves an SSL certificate by its SHA-1 hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
SHA-1 hash of the certificate to retrieve |
Returns
- Body
- SSLResponse
Get SSL certificate history
Retrieves the SSL certificate history for a given certificate SHA-1 hash or IP address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
SHA-1 hash or associated IP address for which to retrieve certificate history |
Returns
- Body
- SSLHistoryResponse
Get subdomains
Get subdomains data for a query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain being queried |
Returns
Get summary data card
Retrieves a summary data card associated to the given query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP address to be queried |
Returns
Get tags
Get tags from a given artifact.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Artifact for which to retrieve tags |
Returns
- Body
- TagActionResponse
Get team activity
Retrieve the details of team activity.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Source
|
source | string |
Filter to this source |
|
Date
|
dt | string |
Filter to this datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
Type
|
type | string |
Filter by type field |
|
Focus
|
focus | string |
Filter by focus (domain, ip, etc) |
Returns
- Body
- TeamstreamResponse
Get the open ports info for the IP address given
The exposed services endpoints allow you to see services on recently open ports for an IP address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The IP being queried |
Returns
- Body
- ServicesResponse
Get trackers
Retrieves the host attribute trackers.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Start
|
start | string |
The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
End
|
end | string |
The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
Page
|
page | integer |
Page number for paging through results, defaults to 0 |
Returns
- Body
- TrackerInfo
Get unique passive DNS
Retrieves the unique passive DNS results from active account sources.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain or IP being queried |
Start
|
start | string |
The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
End
|
end | string |
The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss" |
|
Timeout
|
timeout | integer |
Timeout to use for external resources, defaults to 7 |
Returns
Get WHOIS
Retrieves the WHOIS data for the specified query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The domain being queried |
Compact Record
|
compact_record | boolean |
Whether to compress the results |
|
History
|
history | boolean |
Whether to return historical results |
Returns
Return the WHOIS data
- response
- object
Remove artifact tags
Remove a set of tags from an artifact or artifacts.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Remove Artifact Tag Response
- response
- object
Remove project tags
Remove tags from a project by project ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ProjectResponse
Search passive DNS
Searches the passive DNS data for a keyword query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The query to execute as a keyword search. |
Returns
Search SSL certificates
Retrieves SSL certificates for a given field value.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Field
|
field | True | string |
Field by which to search |
Query
|
query | True | string |
Field value for which to search |
Returns
- Body
- SSLSearchResponse
Search SSL certificates by keyword
Retrieves SSL certificates for a given keyword.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Keyword on which to search |
Returns
Search tags
Retrieve artifacts for a given tag.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Tag for which to retrieve artifacts |
Returns
Search trackers that match the criteria
Retrieves hosts or IP addresses that employ a specific user tracking service.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
Host from which trackers originate |
Type
|
type | True | string |
Type of trackers to retrieve a type other than the officially supported ones may be supplied |
Returns
Search WHOIS
Searches WHOIS data by field and query.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The value of the field being queried |
Field
|
field | True | string |
The field to query |
Returns
- Body
- ResultListResponse
Search WHOIS keyword
Search WHOIS data for a keyword.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Query
|
query | True | string |
The value of the field being queried |
Returns
Set artifact tags
Set the tags of an artifact or artifacts.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Set Artifact Tag Response
- response
- object
Set bulk classification status
Set classification statuses for given domains.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ClassificationInfo
Set classification status
Sets the classification status for a given domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ClassificationInfo
Set compromised status
Sets status for a domain to indicate if it has ever been compromised.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Set dynamic DNS status
Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- DynamicDnsResponse
Set project tags
Set the project tags of given project ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ProjectResponse
Set sinkhole status
Sets status for an IP address to indicate whether or not it is a sinkhole.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Set tags
Sets tags to a given artifact.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- TagActionResponse
Update artifact
Update artifact, or toggle monitoring status.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Update artifact tags
Add tags to an artifact or artifacts.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
Update Artifact Tag Response
- response
- object
Update project
Updates a project denoted by project ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
|
object |
Returns
- Body
- ProjectResponse
Definitions
AccountResponse
Name | Path | Type | Description |
---|---|---|---|
Two Factor Enabled
|
features.two_factor_enabled | boolean | |
Calendly Integration
|
features.calendly_integration | boolean | |
Analyst Insights
|
features.analyst_insights | boolean |
Analyst insights feature flag |
Analyst Projects
|
features.analyst_projects | boolean | |
Async Heatmap
|
features.async_heatmap | boolean | |
Tab Update
|
features.tab_update | boolean | |
MSFT Integration
|
features.msft_integration | boolean | |
Exposed Services
|
features.exposed_services | boolean | |
Community Relaunch
|
features.community_relaunch | boolean | |
Data Table Improvement
|
features.data_table_improvement | boolean | |
Project Selector V2
|
features.project_selector_v2 | boolean | |
WHOIS History
|
features.whois_history | boolean |
WHOIS history feature flag |
Server Side Facets
|
features.server_side_facets | boolean | |
Projects Tabs
|
features.projects_tabs | boolean | |
Projects Share
|
features.projects_share | boolean | |
illuminate
|
features.illuminate | boolean | |
Triage
|
features.triage | boolean | |
Data Table Paginated
|
features.data_table_paginated | boolean | |
Username
|
username | string | |
Guest
|
guest | boolean | |
First Name
|
firstName | string | |
Last Name
|
lastName | string | |
Full Name
|
fullName | string | |
Organization
|
organization | string | |
First Active
|
firstActive | string | |
Last Active
|
lastActive | string | |
Verified
|
verified | string | |
Supplied Organization
|
suppliedOrganization | string | |
jobRole
|
jobRole | anyVariableValue |
The value of the variable. |
Roles
|
roles | array of string | |
Enterprise User
|
enterpriseUser | string | |
Approved Sources
|
approvedSources | string | |
Country
|
country | string | |
Phone Number
|
phoneNumber | string | |
State Or Region
|
stateOrRegion | string | |
Search Web Quota Exceeded
|
searchWebQuotaExceeded | boolean | |
Search API Quota Exceeded
|
searchApiQuotaExceeded | boolean | |
Project Public Quota Exceeded
|
projectPublicQuotaExceeded | boolean | |
Project Private Quota Exceeded
|
projectPrivateQuotaExceeded | boolean | |
Account Status
|
accountStatus | string | |
Monitor Frequency
|
monitorFrequency | string | |
Email Digest Frequency
|
emailDigestFrequency | string | |
Workspace ID
|
workspaceId | integer | |
Permissions
|
permissions | array of | |
Disable History
|
disableHistory | boolean | |
ssoIntegrationId
|
ssoIntegrationId | anyVariableValue |
The value of the variable. |
ssoAuthPartnerId
|
ssoAuthPartnerId | anyVariableValue |
The value of the variable. |
SSO Success
|
ssoSuccess | boolean | |
daysLeftOnTrial
|
daysLeftOnTrial | anyVariableValue |
The value of the variable. |
Dark Mode
|
darkMode | boolean |
Dark mode feature flag |
Home Opt In
|
homeOptIn | boolean |
New home screen feature flag |
Hide Home Opt In
|
hideHomeOptIn | boolean |
Hide new home screen feature flag |
Dark Mode
|
preferences.darkMode | boolean |
Dark mode preference flag |
Article Page Size
|
preferences.articlePageSize | integer | |
PT Classic Mode
|
preferences.ptClassicMode | boolean | |
Never Logged In
|
preferences.neverLoggedIn | boolean | |
Home Opt In
|
preferences.homeOptIn | boolean |
New home screen preference flag |
Hide Home Opt In
|
preferences.hideHomeOptIn | boolean |
Hide new home screen preference flag |
Trackers
|
datasets.trackers | boolean | |
Components
|
datasets.components | boolean | |
Host Pairs
|
datasets.hostPairs | boolean | |
malware
|
datasets.malware | anyVariableValue |
The value of the variable. |
WHOIS History
|
datasets.whoisHistory | boolean |
WHOIS history dataset flag |
WHOIS
|
datasets.whois | boolean | |
sslCerts
|
datasets.sslCerts | anyVariableValue |
The value of the variable. |
Attack Surface Intel
|
datasets.attackSurfaceIntel | boolean | |
Services
|
datasets.services | boolean | |
pdns
|
datasets.pdns | anyVariableValue |
The value of the variable. |
Cookies
|
datasets.cookies | boolean | |
Reputation
|
datasets.reputation | boolean | |
Analyst Insights
|
datasets.analystInsights | boolean |
Analyst insights dataset flag |
Deep Dark Web
|
datasets.deepDarkWeb | boolean | |
Brand Intel
|
datasets.brandIntel | boolean | |
RiskIQ Article Indicators
|
datasets.riskiqArticleIndicators | boolean | |
Adversary Intel
|
datasets.adversaryIntel | boolean | |
event_code
|
event_code | anyVariableValue |
The value of the variable. |
user_id
|
user_id | anyVariableValue |
The value of the variable. |
user_hash
|
user_hash | anyVariableValue |
The value of the variable. |
HistoryResponse
Name | Path | Type | Description |
---|---|---|---|
history
|
history | array of History | |
teamstream
|
teamstream | anyVariableValue |
The value of the variable. |
History
Name | Path | Type | Description |
---|---|---|---|
Focus
|
focus | string | |
Context
|
context | integer | |
Username
|
username | string | |
Date
|
dt | string | |
GUID
|
guid | string | |
Source
|
source | string | |
Type
|
type | string |
MonitorsResponse
Name | Path | Type | Description |
---|---|---|---|
monitors
|
monitors | array of Monitor |
Monitor
Name | Path | Type | Description |
---|---|---|---|
Focus
|
focus | string | |
Tags
|
tags | array of string |
OrganizationResponse
Name | Path | Type | Description |
---|---|---|---|
Registered
|
registered | string | |
Name
|
name | string | |
ID
|
id | string | |
watchQuota
|
watchQuota | anyVariableValue |
The value of the variable. |
licenses
|
licenses | OrganizationLicenses | |
Seats
|
seats | integer | |
illuminate
|
features.illuminate | boolean |
illuminate feature flag |
Triage
|
features.triage | boolean | |
Status
|
status | string | |
licensedMembers
|
licensedMembers | OrganizationLicensedMembers | |
Active Members
|
activeMembers | array of string | |
searchQuota
|
searchQuota | anyVariableValue |
The value of the variable. |
Show Team Search History
|
showTeamSearchHistory | boolean | |
disableIndividualSearchHistory
|
disableIndividualSearchHistory | anyVariableValue |
The value of the variable. |
disableTeamSearchHistory
|
disableTeamSearchHistory | anyVariableValue |
The value of the variable. |
Last Active
|
lastActive | string | |
Default Domains
|
defaultDomains | array of string | |
Acceptable Domains
|
acceptableDomains | array of string | |
Active
|
active | boolean | |
Inactive Members
|
inactiveMembers | array of | |
Admins
|
admins | array of string | |
disabledMembers
|
disabledMembers | anyVariableValue |
The value of the variable. |
usersNotSignedUpYet
|
usersNotSignedUpYet | anyVariableValue |
The value of the variable. |
Has Falcon Creds
|
hasFalconCreds | boolean | |
sources
|
sources | anyVariableValue |
The value of the variable. |
Enabled
|
enhancedAttackSurfaceData.enabled | boolean | |
Primary
|
enhancedAttackSurfaceData.primary | array of | |
Max Vendors
|
enhancedAttackSurfaceData.maxVendors | integer | |
Vendors
|
enhancedAttackSurfaceData.vendors | array of |
OrganizationLicenses
Name | Path | Type | Description |
---|---|---|---|
Enterprise
|
enterprise | integer |
Enterprise organization licenses |
Cyber Threat Intel
|
cyberThreatIntel | integer |
Cyber threat intel licenses |
SecOps Intel
|
secOpsIntel | integer |
SecOps licenses |
illuminate
|
illuminate | integer |
illuminate licenses |
OrganizationLicensedMembers
Name | Path | Type | Description |
---|---|---|---|
Enterprise
|
enterprise | array of string |
Enterprise organization licensed members |
illuminate
|
illuminate | array of string |
illuminate licensed members |
Cyber Threat Intel
|
cyberThreatIntel | array of string |
Cyber threat intel licensed members |
SecOps Intel
|
secOpsIntel | array of string |
SecOps licensed members |
Organization
Name | Path | Type | Description |
---|---|---|---|
Owner
|
owner | string |
Organization owners |
Name
|
organization | string |
Name of organization |
GUID
|
guid | string |
GUID of organization |
Keyword Monitors
|
counts.keyword_monitors | integer |
Keyword monitors used(Organization) |
Search API
|
counts.search_api | integer |
API searches used(Organization) |
Basic Monitors
|
counts.basic_monitors | integer |
Basic monitors used(Organization) |
Search Web
|
counts.search_web | integer |
Web searches used(Organization) |
Projects Private
|
counts.projects_private | integer |
Private projects used(Organization) |
Projects Public
|
counts.projects_public | integer |
Public projects used(Organization) |
Search API
|
freebies.search_api | integer |
API searches used free accounts(Organization) |
Search Web
|
freebies.search_web | integer |
Web searches used by free accounts(Organization) |
Analysis
|
profile.analysis | string |
Analysis profile(Organization) |
Workflow
|
profile.workflow | string |
Workflow profile(Organization) |
Search API
|
limits.search_api | integer |
API search limits(Organization) |
Basic Monitors
|
limits.basic_monitors | integer |
Basic monitor limit(Organization) |
Monitor Results
|
limits.monitor_results | integer |
Monitor results limit(Organization) |
Projects Private
|
limits.projects_private | integer |
Private project limit(Organization) |
Monitor Frequency
|
limits.monitor_frequency | string |
Monitor frequency(Organization) |
Keyword Monitors
|
limits.keyword_monitors | integer |
Keyword monitor limit(Organization) |
Search Web
|
limits.search_web | integer |
Web search limits(Organization) |
Projects Public
|
limits.projects_public | integer |
Public project limit(Organization) |
Create Crawls
|
limits.create_crawls | integer |
Crawl limits(Organization) |
Crawl Submissions
|
limits.crawl_submissions | integer |
Crawl submission limits(Organization) |
Quota Interval
|
quotaInterval | string |
Quota interval of organization |
licenseCounts
|
licenseCounts | OrganizationLicenseCounts |
License counts of organization |
licenseLimits
|
licenseLimits | OrganizationLicenseLimits |
License limits of organization |
Use Monthly Quota Inactive
|
useMonthlyQuotaInactive | boolean |
Monthly quota inactive of organization |
Next Reset
|
next_reset | string |
Next reset of organization |
Last Reset
|
last_reset | string |
Last quota reset for organization |
Username
|
username | string |
Username of organization |
event_code
|
event_code | anyVariableValue |
The value of the variable. |
event_code_expiration
|
event_code_expiration | anyVariableValue |
The value of the variable. |
OrganizationLicenseCounts
License counts of organization
Name | Path | Type | Description |
---|---|---|---|
Search API
|
enterprise.searchApi | integer |
Enterprise api searches used |
Search Web
|
enterprise.searchWeb | integer |
Enterprise web searches used(Organization) |
Search API
|
cyberThreatIntel.searchApi | integer |
Cyber threat intel api searches used |
Search Web
|
cyberThreatIntel.searchWeb | integer |
Cyber threat intel web searches used(Organization) |
Search API
|
secOpsIntel.searchApi | integer |
SecOps api searches used |
Search Web
|
secOpsIntel.searchWeb | integer |
SecOps web searches used(Organization) |
Search API
|
illuminate.searchApi | integer |
illuminate api searches used |
Search Web
|
illuminate.searchWeb | integer |
illuminate web searches used(Organization) |
OrganizationLicenseLimits
License limits of organization
Name | Path | Type | Description |
---|---|---|---|
Search API
|
enterprise.searchApi | integer |
Enterprise api search limit |
Search Web
|
enterprise.searchWeb | integer |
Enterprise web search limit(Organization) |
Search API
|
cyberThreatIntel.searchApi | integer |
Cyber threat intel api search limit |
Search Web
|
cyberThreatIntel.searchWeb | integer |
Cyber threat intel web search limit(Organization) |
Search API
|
secOpsIntel.searchApi | integer |
SecOps api search limit |
Search Web
|
secOpsIntel.searchWeb | integer |
SecOps web search limit(Organization) |
Search API
|
illuminate.searchApi | integer |
illuminate api search limit |
Search Web
|
illuminate.searchWeb | integer |
illuminate web search limit(Organization) |
QuotaResponse
Name | Path | Type | Description |
---|---|---|---|
user
|
user | User | |
organization
|
organization | Organization |
User
Name | Path | Type | Description |
---|---|---|---|
Owner
|
owner | string |
Organization users |
Organization
|
organization | string |
User organization |
GUID
|
guid | string |
GUID of user |
Keyword Monitors
|
counts.keyword_monitors | integer |
Keyword monitors used(User) |
Search API
|
counts.search_api | integer |
Search api of counts(User) |
Basic Monitors
|
counts.basic_monitors | integer |
Basic monitors used(User) |
Search Web
|
counts.search_web | integer |
Search web of counts(User) |
Projects Private
|
counts.projects_private | integer |
Private projects used(User) |
Projects Public
|
counts.projects_public | integer |
Public projects used(User) |
Search API
|
freebies.search_api | integer |
Search api of freebies(User) |
Search Web
|
freebies.search_web | integer |
Search web of freebies(User) |
Analysis
|
profile.analysis | string |
Analysis profile(User) |
Workflow
|
profile.workflow | string |
Workflow profile(User) |
Search API
|
limits.search_api | integer |
Search api of limits(User) |
Basic Monitors
|
limits.basic_monitors | integer |
Basic monitor limit(User) |
Monitor Results
|
limits.monitor_results | integer |
Monitor results limit(User) |
Projects Private
|
limits.projects_private | integer |
Private project limit(User) |
Monitor Frequency
|
limits.monitor_frequency | string |
Monitor frequency(User) |
Keyword Monitors
|
limits.keyword_monitors | integer |
Keyword monitor limit(User) |
Search Web
|
limits.search_web | integer |
Search web of limits(User) |
Projects Public
|
limits.projects_public | integer |
Public project limit(User) |
Create Crawls
|
limits.create_crawls | integer |
Crawl limits(User) |
Crawl Submissions
|
limits.crawl_submissions | integer |
Crawl submission limits(User) |
Quota Interval
|
quotaInterval | string |
Quota interval of user |
Use Monthly Quota Inactive
|
useMonthlyQuotaInactive | boolean |
Use monthly quota inactive of user |
Search API
|
licenseCounts.searchApi | integer |
Search api of license counts(User) |
Search Web
|
licenseCounts.searchWeb | integer |
Search web of license counts(User) |
Search API
|
licenseLimits.searchApi | integer |
Search api of license limits(User) |
Search Web
|
licenseLimits.searchWeb | integer |
Search web of license limits(User) |
Next Reset
|
next_reset | string |
Next reset of user |
Last Reset
|
last_reset | string |
Last quota reset for user |
Username
|
username | string |
Username of user |
event_code
|
event_code | anyVariableValue |
The value of the variable. |
event_code_expiration
|
event_code_expiration | anyVariableValue |
The value of the variable. |
SourcesResponse
Name | Path | Type | Description |
---|---|---|---|
sources
|
sources | array of Source |
Source
Name | Path | Type | Description |
---|---|---|---|
Controllable
|
controllable | boolean | |
Active
|
active | boolean | |
Password
|
configuration.password | string |
Source password |
Username
|
configuration.username | string |
Source username |
Token
|
configuration.token | string |
Source configuration token |
Type
|
type | array of string | |
Access
|
access | array of string | |
Description
|
description | string | |
Auth Required
|
authRequired | boolean | |
Website
|
website | string | |
Label
|
label | string | |
Auth
|
auth | boolean | |
API Key
|
authMethod.apiKey | string | |
Password
|
authMethod.password | string |
Password auth method |
Username
|
authMethod.username | string |
Username auth method |
Token
|
authMethod.token | string |
Token auth method |
Token Key
|
authMethod.token_key | string | |
Token Secret
|
authMethod.token_secret | string | |
Private Key
|
authMethod.private_key | string | |
Source
|
source | string | |
org_configuration
|
org_configuration | anyVariableValue |
The value of the variable. |
TeamstreamResponse
Name | Path | Type | Description |
---|---|---|---|
history
|
history | anyVariableValue |
The value of the variable. |
teamstream
|
teamstream | array of Teamstream |
Teamstream
Name | Path | Type | Description |
---|---|---|---|
Focus
|
focus | string | |
Source
|
source | string | |
Username
|
username | string | |
Type
|
type | string | |
Context
|
context | integer | |
GUID
|
guid | string | |
Date
|
dt | string |
ClassificationsResponse
Name | Path | Type | Description |
---|---|---|---|
Malicious
|
malicious | array of string | |
Non Malicious
|
non_malicious | array of string | |
Suspicious
|
suspicious | array of string | |
Unknown
|
unknown | array of string |
TagActionResponse
Name | Path | Type | Description |
---|---|---|---|
Tags
|
tags | array of string |
BulkClassificationResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Results
|
results | object |
ClassificationInfo
Name | Path | Type | Description |
---|---|---|---|
Classification
|
classification | string |
CompromisedStatusResponse
Name | Path | Type | Description |
---|---|---|---|
Ever Compromised
|
everCompromised | boolean |
DynamicDnsResponse
Name | Path | Type | Description |
---|---|---|---|
Dynamic DNS
|
dynamicDns | boolean |
MonitorStatusResponse
Name | Path | Type | Description |
---|---|---|---|
Monitor
|
monitor | boolean |
SinkholeStatusResponse
Name | Path | Type | Description |
---|---|---|---|
Sinkhole
|
sinkhole | boolean |
ActionSearchTagResponse
Name | Path | Type | Description |
---|---|---|---|
results
|
results | SearchTagElement |
SearchTagElement
Name | Path | Type | Description |
---|---|---|---|
Focus
|
focus | string | |
User Tags
|
user_tags | array of string | |
System Tags
|
system_tags | array of string | |
Global Tags
|
global_tags | array of string | |
Tags
|
tags | array of string | |
Tag Meta
|
tag_meta | object | |
Username
|
username | string |
SingleArtifactResponse
Name | Path | Type | Description |
---|---|---|---|
Monitor
|
monitor | boolean | |
Type
|
type | string | |
Owner
|
owner | string | |
Monitorable
|
monitorable | boolean | |
Creator
|
creator | string | |
GUID
|
guid | string | |
Project
|
project | string |
Project where artifact is located |
Success
|
success | boolean | |
Organization
|
organization | string | |
Created
|
created | string | |
Query
|
query | string | |
System Tags
|
system_tags | array of string | |
User Tags
|
user_tags | array of string | |
Global Tags
|
global_tags | array of string | |
Tag Meta
|
tag_meta | object | |
Tag
|
links.tag | string | |
Self
|
links.self | string | |
Project
|
links.project | string |
Link to projects |
ArticlesIndicatorsResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
indicators
|
indicators | array of Indicators | |
Total Records
|
totalRecords | integer |
Indicators
Name | Path | Type | Description |
---|---|---|---|
Source
|
source | string | |
Value
|
value | string | |
Type
|
type | string | |
GUID
|
guid | string | |
Link
|
link | string | |
Published Date
|
publishedDate | string | |
Tags
|
tags | array of string |
ArticlesResponse
Name | Path | Type | Description |
---|---|---|---|
GUID
|
guid | string | |
Title
|
title | string | |
Summary
|
summary | string | |
Type
|
type | string |
Indicators type |
Published Date
|
publishedDate | string | |
Link
|
link | string | |
Tags
|
tags | array of string | |
Categories
|
categories | array of string | |
indicators
|
indicators | array of object | |
Type
|
indicators.type | string |
Indicators type |
Count
|
indicators.count | integer | |
Values
|
indicators.values | array of string | |
Source
|
indicators.source | string |
ArticlesListResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
articles
|
articles | anyVariableValue |
The value of the variable. |
Total Records
|
totalRecords | integer |
SummaryDataCardResponse
Name | Path | Type | Description |
---|---|---|---|
Type
|
type | string | |
Name
|
name | string | |
Link
|
link | string | |
Net Block
|
netblock | string | |
OS
|
os | string | |
ASN
|
asn | string | |
Hosting Provider
|
hosting_provider | string | |
Count
|
data_summary.resolutions.count | integer |
Count of resolutions |
Link
|
data_summary.resolutions.link | string |
Link to resolutions |
Count
|
data_summary.certificates.count | integer |
Count of certificates |
Link
|
data_summary.certificates.link | string |
Link to certificates |
Count
|
data_summary.hashes.count | integer |
Count of hashes |
Link
|
data_summary.hashes.link | string |
Link to hashes |
Count
|
data_summary.projects.count | integer |
Count of projects |
Link
|
data_summary.projects.link | string |
Link to projects |
Count
|
data_summary.articles.count | integer |
Count of articles |
Link
|
data_summary.articles.link | string |
Link to articles |
Count
|
data_summary.trackers.count | integer |
Count of trackers |
Link
|
data_summary.trackers.link | string |
Link to trackers |
Count
|
data_summary.components.count | integer |
Count of components |
Link
|
data_summary.components.link | string |
Link to components |
Count
|
data_summary.host_pairs.count | integer |
Count of host pairs |
Link
|
data_summary.host_pairs.link | string |
Link to host pairs |
Count
|
data_summary.cookies.count | integer |
Count of cookies |
Link
|
data_summary.cookies.link | string |
Link to cookies |
Count
|
data_summary.reverse_dns.count | integer |
Count of reverse dns |
Link
|
data_summary.reverse_dns.link | string |
Link to reverse dns |
Count
|
data_summary.services.count | integer |
Count of services |
Link
|
data_summary.services.link | string |
Link to services |
EnrichmentResponse
Name | Path | Type | Description |
---|---|---|---|
Classification
|
classification | string | |
Sinkhole
|
sinkhole | boolean | |
Ever Compromised
|
everCompromised | boolean | |
Query Type
|
queryType | string | |
Query Value
|
queryValue | string | |
Primary Domain
|
primaryDomain | string | |
TLD
|
tld | string | |
Subdomains
|
subdomains | array of string | |
Tag Meta
|
tag_meta | object | |
Global Tags
|
global_tags | array of string | |
Tags
|
tags | array of string | |
System Tags
|
system_tags | array of string | |
Dynamic DNS
|
dynamicDns | boolean | |
Autonomous System Number
|
autonomousSystemNumber | integer | |
Autonomous System Name
|
autonomousSystemName | string | |
Network
|
network | string | |
Country
|
country | string | |
Longitude
|
longitude | float | |
Latitude
|
latitude | float | |
dynamic
|
dynamic | anyVariableValue |
The value of the variable. |
EnrichmentMalwareResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
results
|
results | array of EnrichmentMalwareResult |
EnrichmentMalwareResult
Name | Path | Type | Description |
---|---|---|---|
Collection Date
|
collectionDate | string | |
Sample
|
sample | string | |
Source
|
source | string | |
Source URL
|
sourceUrl | string |
EnrichmentOsintResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
results
|
results | array of EnrichmentOsintResult |
EnrichmentOsintResult
Name | Path | Type | Description |
---|---|---|---|
Derived
|
derived | array of | |
In Reports
|
inReport | array of string | |
Source
|
source | string | |
Source URL
|
sourceUrl | string | |
Tags
|
tags | array of string | |
Indicators
|
indicators | array of | |
Compromised
|
compromised | array of |
EnrichmentSubdomainsResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Primary Domain
|
primaryDomain | string | |
Subdomains
|
subdomains | array of string | |
Query Value
|
queryValue | string |
ServicesResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Total Records
|
totalRecords | integer | |
results
|
results | array of object | |
First Seen
|
results.firstSeen | string |
Results first seen |
Last Seen
|
results.lastSeen | string |
Results last seen |
Last Scan
|
results.lastScan | string | |
Port Number
|
results.portNumber | integer | |
Count
|
results.count | integer |
Count of results |
Status
|
results.status | string | |
Protocol
|
results.protocol | string | |
banners
|
results.banners | array of object | |
Banner
|
results.banners.banner | string | |
Scan Type
|
results.banners.scanType | string | |
First Seen
|
results.banners.firstSeen | string |
Banner first seen |
Last Seen
|
results.banners.lastSeen | string |
Banner last seen |
Count
|
results.banners.count | integer |
Banner count |
currentServices
|
results.currentServices | array of object | |
First Seen
|
results.currentServices.firstSeen | string |
Current service first seen |
Last Seen
|
results.currentServices.lastSeen | string |
Current service last seen |
Version
|
results.currentServices.version | string |
Current service version |
Category
|
results.currentServices.category | string |
Current service category |
Label
|
results.currentServices.label | string |
Current service label |
recentServices
|
results.recentServices | array of object | |
First Seen
|
results.recentServices.firstSeen | string |
Recent service first seen |
Last Seen
|
results.recentServices.lastSeen | string |
Recent service last seen |
Version
|
results.recentServices.version | string |
Recent service version |
Category
|
results.recentServices.category | string |
Recent service category |
Label
|
results.recentServices.label | string |
Recent service label |
First Seen
|
results.mostRecentSslCert.firstSeen | integer |
Most recent ssl cert first seen |
Last Seen
|
results.mostRecentSslCert.lastSeen | integer |
Most recent ssl cert last seen |
Finger Print
|
results.mostRecentSslCert.fingerprint | string | |
SSL Version
|
results.mostRecentSslCert.sslVersion | string | |
Expiration Date
|
results.mostRecentSslCert.expirationDate | string | |
Issue Date
|
results.mostRecentSslCert.issueDate | string | |
SHA1
|
results.mostRecentSslCert.sha1 | string | |
Serial Number
|
results.mostRecentSslCert.serialNumber | string | |
Subject Country
|
results.mostRecentSslCert.subjectCountry | string | |
Issuer Common Name
|
results.mostRecentSslCert.issuerCommonName | string | |
Issuer Province
|
results.mostRecentSslCert.issuerProvince | string | |
Subject State Or Province Name
|
results.mostRecentSslCert.subjectStateOrProvinceName | string | |
Subject Street Address
|
results.mostRecentSslCert.subjectStreetAddress | string | |
Issuer State Or Province Name
|
results.mostRecentSslCert.issuerStateOrProvinceName | string | |
Subject Surname
|
results.mostRecentSslCert.subjectSurname | string | |
Issuer Country
|
results.mostRecentSslCert.issuerCountry | string | |
Subject Locality Name
|
results.mostRecentSslCert.subjectLocalityName | string | |
Issuer Organization Unit Name
|
results.mostRecentSslCert.issuerOrganizationUnitName | string | |
Issuer Organization Name
|
results.mostRecentSslCert.issuerOrganizationName | string | |
Subject Email Address
|
results.mostRecentSslCert.subjectEmailAddress | string | |
Subject Organization Name
|
results.mostRecentSslCert.subjectOrganizationName | string | |
Issuer Locality Name
|
results.mostRecentSslCert.issuerLocalityName | string | |
Subject Common Name
|
results.mostRecentSslCert.subjectCommonName | string | |
Subject Province
|
results.mostRecentSslCert.subjectProvince | string | |
Issuer Given Name
|
results.mostRecentSslCert.issuerGivenName | string | |
Subject Organization Unit Name
|
results.mostRecentSslCert.subjectOrganizationUnitName | string | |
Issuer Email Address
|
results.mostRecentSslCert.issuerEmailAddress | string | |
Subject Given Name
|
results.mostRecentSslCert.subjectGivenName | string | |
Subject Serial Number
|
results.mostRecentSslCert.subjectSerialNumber | string | |
Issuer Street Address
|
results.mostRecentSslCert.issuerStreetAddress | string | |
Issuer Serial Number
|
results.mostRecentSslCert.issuerSerialNumber | string | |
Issuer Surname
|
results.mostRecentSslCert.issuerSurname | string | |
Subject Alternative Names
|
results.mostRecentSslCert.subjectAlternativeNames | array of string |
MonitorResponse
Name | Path | Type | Description |
---|---|---|---|
Results
|
results | object | |
error
|
error | anyVariableValue |
The value of the variable. |
Total Records
|
totalRecords | integer | |
Success
|
success | boolean |
ProjectResponse
Name | Path | Type | Description |
---|---|---|---|
Visibility
|
visibility | string | |
Owner
|
owner | string | |
Active
|
active | boolean | |
Description
|
description | string | |
Subscribers
|
subscribers | array of string | |
Creator
|
creator | string | |
GUID
|
guid | string | |
Featured
|
featured | boolean | |
Tags
|
tags | array of string | |
Collaborators
|
collaborators | array of string | |
Name
|
name | string | |
Created
|
created | string | |
Organization
|
organization | string | |
Tag
|
links.tag | string |
Link to tags |
Self
|
links.self | string | |
Artifact
|
links.artifact | string | |
Success
|
success | boolean | |
Can Edit
|
can_edit | boolean | |
link
|
link | anyVariableValue |
The value of the variable. |
SSLResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Overall Total Records
|
overallTotalRecords | integer | |
results
|
results | array of SSLResponseResult |
SSLResponseResult
Name | Path | Type | Description |
---|---|---|---|
First Seen
|
firstSeen | integer | |
Last Seen
|
lastSeen | integer | |
Finger Print
|
fingerprint | string | |
SSL Version
|
sslVersion | string | |
Expiration Date
|
expirationDate | string | |
Issue Date
|
issueDate | string | |
SHA1
|
sha1 | string | |
Serial Number
|
serialNumber | string | |
Subject Country
|
subjectCountry | string | |
Issuer Common Name
|
issuerCommonName | string | |
Issuer Province
|
issuerProvince | string | |
Subject State Or Province Name
|
subjectStateOrProvinceName | string | |
Subject Street Address
|
subjectStreetAddress | string | |
Issuer State Or Province Name
|
issuerStateOrProvinceName | string | |
Subject Surname
|
subjectSurname | string | |
Issuer Country
|
issuerCountry | string | |
Subject Locality Name
|
subjectLocalityName | string | |
Issuer Organization Unit Name
|
issuerOrganizationUnitName | string | |
Issuer Organization Name
|
issuerOrganizationName | string | |
Subject Email Address
|
subjectEmailAddress | string | |
Subject Organization Name
|
subjectOrganizationName | string | |
Issuer Locality Name
|
issuerLocalityName | string | |
Subject Common Name
|
subjectCommonName | string | |
Subject Province
|
subjectProvince | string | |
Issuer Given Name
|
issuerGivenName | string | |
Subject Organization Unit Name
|
subjectOrganizationUnitName | string | |
Issuer Email Address
|
issuerEmailAddress | string | |
Subject Given Name
|
subjectGivenName | string | |
Subject Serial Number
|
subjectSerialNumber | string | |
Issuer Street Address
|
issuerStreetAddress | string | |
Issuer Serial Number
|
issuerSerialNumber | string | |
Issuer Surname
|
issuerSurname | string | |
Subject Alternative Names
|
subjectAlternativeNames | array of string |
SSLSearchKeywordResponse
Name | Path | Type | Description |
---|---|---|---|
Query Value
|
queryValue | string | |
results
|
results | array of SSLSearchKeywordResult | |
Success
|
success | boolean |
SSLSearchKeywordResult
Name | Path | Type | Description |
---|---|---|---|
Match Type
|
matchType | string | |
Field Match
|
fieldMatch | string | |
Focus Point
|
focusPoint | string |
SSLHistoryResponse
Name | Path | Type | Description |
---|---|---|---|
results
|
results | array of SSLHistoryResult | |
Success
|
success | boolean |
SSLHistoryResult
Name | Path | Type | Description |
---|---|---|---|
SHA1
|
sha1 | string | |
First Seen
|
firstSeen | string | |
IP Addresses
|
ipAddresses | array of string | |
Last Seen
|
lastSeen | string |
SSLSearchResponse
Name | Path | Type | Description |
---|---|---|---|
Query Value
|
queryValue | string | |
results
|
results | array of SSLResponseResult | |
Success
|
success | boolean | |
Overall Total Records
|
overallTotalRecords | integer |
ArtifactTagResponse
Name | Path | Type | Description |
---|---|---|---|
Tags
|
tags | array of string | |
System Tags
|
system_tags | array of string | |
Tag Meta
|
tag_meta | object | |
User Tags
|
user_tags | array of string | |
Success
|
success | boolean |
TrackersSearchResponse
Name | Path | Type | Description |
---|---|---|---|
results
|
results | array of TrackersSearchResult | |
Total Records
|
totalRecords | integer | |
Success
|
success | boolean |
TrackersSearchResult
Name | Path | Type | Description |
---|---|---|---|
Entity
|
entity | string | |
Last Seen
|
lastSeen | string | |
First Seen
|
firstSeen | string |
ComponentInfo
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Total Records
|
totalRecords | integer | |
results
|
results | array of object | |
First Seen
|
results.firstSeen | string | |
Last Seen
|
results.lastSeen | string | |
Version
|
results.version | string | |
Category
|
results.category | string | |
Label
|
results.label | string | |
Host Name
|
results.hostname | string | |
Address
|
results.address | string |
PairInfo
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Total Records
|
totalRecords | integer | |
results
|
results | array of object | |
First Seen
|
results.firstSeen | string | |
Last Seen
|
results.lastSeen | string | |
Cause
|
results.cause | string | |
Parent
|
results.parent | string | |
Child
|
results.child | string |
TrackerInfo
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Total Records
|
totalRecords | integer | |
results
|
results | array of object | |
First Seen
|
results.firstSeen | string | |
Last Seen
|
results.lastSeen | string | |
Attribute Value
|
results.attributeValue | string | |
Attribute Type
|
results.attributeType | string | |
Host Name
|
results.hostname | string | |
Address
|
results.address | string |
CookiesResponse
Name | Path | Type | Description |
---|---|---|---|
Total Records
|
totalRecords | integer | |
Success
|
success | boolean | |
results
|
results | array of CookieInfo |
CookieInfo
Name | Path | Type | Description |
---|---|---|---|
Cookie Domain
|
cookieDomain | string | |
Cookie Name
|
cookieName | string | |
Last Seen
|
lastSeen | string | |
First Seen
|
firstSeen | string | |
Host Name
|
hostname | string |
CookiesSearchResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Total Records
|
totalRecords | integer | |
results
|
results | array of object | |
First Seen
|
results.firstSeen | string | |
Last Seen
|
results.lastSeen | string | |
Host Name
|
results.hostname | string | |
Cookie Name
|
results.cookieName | string | |
Cookie Domain
|
results.cookieDomain | string |
ComponentsSearchAddressesResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Total Records
|
totalRecords | integer | |
results
|
results | array of object | |
First Seen
|
results.firstSeen | string | |
Last Seen
|
results.lastSeen | string | |
Version
|
results.version | string | |
Category
|
results.category | string | |
Label
|
results.label | string | |
Address
|
results.address | string |
ComponentsSearchHostsResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Total Records
|
totalRecords | integer | |
results
|
results | array of object | |
First Seen
|
results.firstSeen | string | |
Last Seen
|
results.lastSeen | string | |
Version
|
results.version | string | |
Category
|
results.category | string | |
Label
|
results.label | string | |
Host Name
|
results.hostname | string |
PassiveDnsSearchResponse
Name | Path | Type | Description |
---|---|---|---|
Total Records
|
totalRecords | integer | |
First Seen
|
firstSeen | string |
First seen of passive dns search |
Last Seen
|
lastSeen | string |
Last seen of passive dns search |
results
|
results | array of DnsSearchResult | |
Query Type
|
queryType | string | |
Pager
|
pager | string | |
Query Value
|
queryValue | string |
DnsSearchResult
Name | Path | Type | Description |
---|---|---|---|
First Seen
|
firstSeen | string |
First seen of results |
Resolve Type
|
resolveType | string | |
Value
|
value | string | |
Record Hash
|
recordHash | string | |
Last Seen
|
lastSeen | string |
Last seen of results |
Resolve
|
resolve | string | |
Source
|
source | array of string | |
Record Type
|
recordType | string | |
Collected
|
collected | string |
PassiveUniqueDnsSearchResponse
Name | Path | Type | Description |
---|---|---|---|
Pager
|
pager | string | |
Frequency
|
frequency | array of array | |
items
|
frequency | array of | |
Query Value
|
queryValue | string | |
Results
|
results | array of string | |
Query Type
|
queryType | string | |
Total
|
total | integer |
KeywordDnsSearchResponse
Name | Path | Type | Description |
---|---|---|---|
results
|
results | array of DnsKeywordSearchMatch | |
Query Value
|
queryValue | string |
DnsKeywordSearchMatch
Name | Path | Type | Description |
---|---|---|---|
Field Match
|
fieldMatch | string | |
Focus Point
|
focusPoint | string | |
Match Type
|
matchType | string |
KeywordSearchResult
Name | Path | Type | Description |
---|---|---|---|
Match Type
|
matchType | string | |
Field Match
|
fieldMatch | string | |
Focus Point
|
focusPoint | string |
WhoisKeywordSearchResponse
Name | Path | Type | Description |
---|---|---|---|
Query Value
|
queryValue | string | |
results
|
results | array of KeywordSearchResult | |
Total Records
|
totalrecords | integer |
ResultListResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
results
|
results | array of WhoisSearchResult | |
Total Records
|
totalrecords | integer |
WhoisSearchResult
Name | Path | Type | Description |
---|---|---|---|
Telephone
|
telephone | string | |
Name Servers
|
nameServers | array of string | |
Billing
|
billing | object | |
Zone
|
zone | object | |
Admin
|
admin | object | |
Tech
|
tech | object | |
Registrant
|
registrant | object | |
Registry Updated At
|
registryUpdatedAt | string | |
Organization
|
organization | string | |
Contact Email
|
contactEmail | string | |
Registered
|
registered | string | |
Last Loaded At
|
lastLoadedAt | string | |
Expires At
|
expiresAt | string | |
Domain
|
domain | string | |
WHOIS Server
|
whoisServer | string | |
Name
|
name | string | |
Registrar
|
registrar | string | |
Raw Text
|
rawText | string |
EnrichmentBulkResponse
Name | Path | Type | Description |
---|---|---|---|
Results
|
results | object |
MalwareBulkSearchResults
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Results
|
results | object |
OsintBulkResponse
Name | Path | Type | Description |
---|---|---|---|
Success
|
success | boolean | |
Results
|
results | object |
ReputationResponse
Name | Path | Type | Description |
---|---|---|---|
Score
|
score | integer | |
Classification
|
classification | string | |
rules
|
rules | array of ReputationRules |
ReputationRules
Name | Path | Type | Description |
---|---|---|---|
Name
|
name | string | |
Description
|
description | string | |
Severity
|
severity | integer | |
Link
|
link | string |
IntelProfilesResponse
Name | Path | Type | Description |
---|---|---|---|
Id
|
id | string | |
Title
|
title | string | |
Link
|
link | string | |
Osint Indicators Count
|
osintIndicatorsCount | integer | |
Riskiq Indicators Count
|
riskIqIndicatorsCount | integer | |
Indicators
|
indicators | string | |
tags
|
tags | array of IntelProfileTag | |
Aliases
|
aliases | array of string |
IntelProfilesListResponse
Name | Path | Type | Description |
---|---|---|---|
Total Count
|
totalCount | integer | |
results
|
results | array of IntelProfilesResponse |
IntelProfileTag
Name | Path | Type | Description |
---|---|---|---|
Label
|
label | string | |
Country Code
|
countryCode | string |
IntelProfilesIndicatorListResponse
Name | Path | Type | Description |
---|---|---|---|
Total Count
|
totalCount | integer | |
Types
|
types | array of string | |
results
|
results | array of IntelProfileIndicator |
IntelProfileIndicator
Name | Path | Type | Description |
---|---|---|---|
Id
|
id | string | |
Profile Id
|
profileId | string | |
Type
|
type | string |
Type of intel profile indicator |
Value
|
value | string | |
Category
|
category | string | |
First Seen
|
firstSeen | string | |
Last Seen
|
lastSeen | string | |
Osint
|
osint | boolean | |
Osint Url
|
osintUrl | string | |
Article Guids
|
articleGuids | array of string |
VendorInfo
Name | Path | Type | Description |
---|---|---|---|
Id
|
id | integer | |
Name
|
name | string | |
Observation Count
|
priorities.high.observationCount | integer |
High prioirity observation count |
Link
|
priorities.high.link | string |
High priority link |
Observation Count
|
priorities.medium.observationCount | integer |
Medium prioirity observation count |
Link
|
priorities.medium.link | string |
Medium priority link |
Observation Count
|
priorities.low.observationCount | integer |
Low prioirity observation count |
Link
|
priorities.low.link | string |
Low priority link |
AttackSurfaceResponse
Name | Path | Type | Description |
---|---|---|---|
Total Count
|
totalCount | integer | |
Total Pages
|
totalPages | integer | |
NextPage
|
nextPage | string | |
vendors
|
vendors | array of VendorInfo |
AttackSurfacePriorityResponse
Name | Path | Type | Description |
---|---|---|---|
Active Insight Count
|
activeInsightCount | integer | |
Total Insight Count
|
totalInsightCount | integer | |
Total Observations
|
totalObservations | integer | |
insights
|
insights | array of InsightInfo |
InsightInfo
Name | Path | Type | Description |
---|---|---|---|
Name
|
name | string | |
Description
|
description | string | |
Observation Count
|
observationCount | integer | |
Link
|
link | string |
AttackSurfaceInsightResponse
Name | Path | Type | Description |
---|---|---|---|
Total Count
|
totalCount | integer | |
Total Pages
|
totalPages | integer | |
Next Page
|
nextPage | string | |
assets
|
assets | array of AssetInfo |
AssetInfo
Name | Path | Type | Description |
---|---|---|---|
Type
|
type | string | |
Name
|
name | string | |
First Seen
|
firstSeen | string | |
Last Seen
|
lastSeen | string |
AttackSurfaceCveResponse
Name | Path | Type | Description |
---|---|---|---|
Total Count
|
totalCount | integer | |
Total Pages
|
totalPages | integer | |
Next Page
|
nextPage | string | |
cves
|
cves | array of CveInfo |
AttackSurfaceCveObservationsResponse
Name | Path | Type | Description |
---|---|---|---|
Total Count
|
totalCount | integer | |
Total Pages
|
totalPages | integer | |
Next Page
|
nextPage | string | |
Cve Id
|
cveId | string | |
cwes
|
cwes | array of CweInfo | |
assets
|
assets | array of AssetInfo |
VulnerableComponentResponse
Name | Path | Type | Description |
---|---|---|---|
Total Count
|
totalCount | integer | |
Total Pages
|
totalPages | integer | |
Next Page
|
nextPage | string | |
vulnerableComponents
|
vulnerableComponents | array of VulnerableComponent |
VulnerableComponent
Name | Path | Type | Description |
---|---|---|---|
Name
|
name | string | |
Type
|
type | string | |
Severity
|
severity | string | |
Count
|
count | integer |
CveInfo
Name | Path | Type | Description |
---|---|---|---|
Cve Id
|
cveId | string | |
Priority Score
|
priorityScore | number | |
Observation Count
|
observationCount | integer | |
Cve Link
|
cveLink | string | |
cwes
|
cwes | array of CweInfo |
CweInfo
Name | Path | Type | Description |
---|---|---|---|
Cwe Id
|
cweId | string |
anyVariableValue
object
This is the type 'object'.