RiskIQ Illuminate

RiskIQ Illuminate reveals cyber threats relevant to your critical assets through connected digital relationships. It is the only security intelligence solution with tailored attack surface intelligence to uncover exposures, risks, and threats against your unique digital footprint, pinpointing what’s relevant to you—all in one place.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name RiskIQ Illuminate
URL https://www.riskiq.com/contact-us/
Email [email protected]
Connector Metadata
Publisher RiskIQ
Website https://www.riskiq.com/integrations/microsoft/
Privacy policy https://www.riskiq.com/privacy-policy/
Categories Security;IT Operations

Pre-requisites

You will need the following to proceed:

How to get credentials

Register for a test API key at RiskIQ Security Intelligence Services or contact your account representative ([email protected]) to identify your existing customer keys.

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
Token securestring The Token for this api True
Secret securestring The Secret for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Add project tags

Add tags to a project by project ID.

Add tags

Adds tags to a given artifact.

Artifact updates in bulk

Perform artifact updates in bulk.

Create artifact

Create artifact with given parameters.

Create artifacts in bulk

Create artifacts in bulk with given parameters.

Create project

Create project with given parameters.

Delete artifact with a UUID

Delete artifact having a certain UUID.

Delete artifacts in bulk

Delete artifacts in bulk by their artifacts ids.

Delete project

Delete project by project ID.

Delete tags

Removes tags from an artifact.

Find artifact

Read existing artifacts. If no filters are passed, this returns all your personal artifacts created by you or your organization.

Find project

Retrieve all information related to project.

Get account and organization quotas

Retrieve the details of current account and organization quotas.

Get account metadata and settings

Retrieve current account metadata and settings.

Get active monitors

Retrieve the set of active monitors.

Get addresses by component name

Searches the components addresses information by component name.

Get addresses by cookie domain

Searches the cookies addresses information by cookie domain.

Get addresses by cookie name

Searches the addresses information by cookie name.

Get alerts associated with an artifact or project

Retrieve all alerts associated with an artifact or project.

Get all indicators for given profile

Retrieves the indicators for the given profile id.

Get all profiles

Retrieves all profiles.

Get all profiles by indicator

Retrieves all profiles containing the given indicator.

Get all third party vendors

Finds all vendors associated with the given account.

Get API usage history

Retrieve the details of API usage history of the account.

Get article details

Retrieves the details of the article specified.

Get articles

Retrieves all articles.

Get articles by indicator

Retrieves all articles containing the indicator specified.

Get articles indicators

Retrieves articles indicators.

Get artifact tags

Retrieve the tags of an artifact or artifacts.

Get attack surface

Finds the Attack Surface information of the given account.

Get attack surface insight by insight Id

Finds the Attack Surface Insight Information given the insight ID for the given account

Get attack surface priority detail by level

Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account.

Get attack surface third party by vendor Id

Finds vendors associated with the given vendor id for given account account.

Get attack surface third party insight by vendor Id and insight Id

Finds vendors associated with the given vendor id and insight Id

Get attack surface third party priority detail by vendor Id and level

Finds vendors associated with the given vendor id and priority level for given account account.

Get attack surface third party vulnerabilities

Finds the Attack Surface Third-Party Vulnerability Information given the vendor ID.

Get attack surface third party vulnerability observations

Finds the Attack Surface Third-Party Vulnerability Observations given the vendor ID and CVE.

Get attack surface third party vulnerable components

Finds the Attack Surface Third-Party Vulnerable Components given the vendor ID.

Get attack surface vulnerability observations

Finds the Attack Surface Vulnerability Observations for the primary vendor given a CVE.

Get attack surface vulnerable components

Finds the Attack Surface Vulnerable Components for the primary vendor.

Get attack surface vulnerable information

Finds the Attack Surface Vulnerability Information for the primary vendor for the given account.

Get bulk classification status

Retrieve classification statuses for given domains.

Get classification status

Retrieve classification status for a given domain.

Get components

Retrieves the host attribute components of a query.

Get compromised status

Indicates whether or not a given domain has ever been compromised.

Get cookies

Retrieves the host attribute cookies related to the query.

Get current organization metadata

Retrieve the details of current organization metadata.

Get dynamic DNS status

Indicates whether or not a domain's DNS records are updated via dynamic DNS.

Get enrichment data

Get enrichment data for a query.

Get enrichment data bulk

Get bulk enrichment data for many queries.

Get hosts by component name

Searches the components hosts information by component name.

Get hosts by cookie domain

Searches the cookies hosts information by cookie domain.

Get hosts by cookie name

Searches the hosts information by cookie name.

Get items by classification

Retrieve items with the specified classification.

Get malware

Get malware data for a query.

Get malware bulk

Get bulk malware data for many queries.

Get monitor status

Indicates whether or not a domain is monitored.

Get OSINT

Get OSINT data for a query.

Get OSINT bulk

Get bulk OSINT data for many queries.

Get pairs

Retrieves the host attribute pairs related to the query.

Get passive DNS

Retrieves the passive DNS results from active account sources.

Get profile details

Retrieves the details for the given profile.

Get reputation

Retrieves reputation for given query.

Get sinkhole status

Indicates whether or not an IP address is a sinkhole.

Get sources used for queries

Retrieve the details of sources being used for queries.

Get SSL certificate

Retrieves an SSL certificate by its SHA-1 hash.

Get SSL certificate history

Retrieves the SSL certificate history for a given certificate SHA-1 hash or IP address.

Get subdomains

Get subdomains data for a query.

Get summary data card

Retrieves a summary data card associated to the given query.

Get tags

Get tags from a given artifact.

Get team activity

Retrieve the details of team activity.

Get the open ports info for the IP address given

The exposed services endpoints allow you to see services on recently open ports for an IP address.

Get trackers

Retrieves the host attribute trackers.

Get unique passive DNS

Retrieves the unique passive DNS results from active account sources.

Get WHOIS

Retrieves the WHOIS data for the specified query.

Remove artifact tags

Remove a set of tags from an artifact or artifacts.

Remove project tags

Remove tags from a project by project ID.

Search passive DNS

Searches the passive DNS data for a keyword query.

Search SSL certificates

Retrieves SSL certificates for a given field value.

Search SSL certificates by keyword

Retrieves SSL certificates for a given keyword.

Search tags

Retrieve artifacts for a given tag.

Search trackers that match the criteria

Retrieves hosts or IP addresses that employ a specific user tracking service.

Search WHOIS

Searches WHOIS data by field and query.

Search WHOIS keyword

Search WHOIS data for a keyword.

Set artifact tags

Set the tags of an artifact or artifacts.

Set bulk classification status

Set classification statuses for given domains.

Set classification status

Sets the classification status for a given domain.

Set compromised status

Sets status for a domain to indicate if it has ever been compromised.

Set dynamic DNS status

Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.

Set project tags

Set the project tags of given project ID.

Set sinkhole status

Sets status for an IP address to indicate whether or not it is a sinkhole.

Set tags

Sets tags to a given artifact.

Update artifact

Update artifact, or toggle monitoring status.

Update artifact tags

Add tags to an artifact or artifacts.

Update project

Updates a project denoted by project ID.

Add project tags

Add tags to a project by project ID.

Parameters

Name Key Required Type Description
object

Returns

Add tags

Adds tags to a given artifact.

Parameters

Name Key Required Type Description
object

Returns

Artifact updates in bulk

Perform artifact updates in bulk.

Parameters

Name Key Required Type Description
object

Returns

Bulk Update Response

response
object

Create artifact

Create artifact with given parameters.

Parameters

Name Key Required Type Description
object

Returns

Create artifacts in bulk

Create artifacts in bulk with given parameters.

Parameters

Name Key Required Type Description
object

Returns

Bulk Create Response

response
object

Create project

Create project with given parameters.

Parameters

Name Key Required Type Description
object

Returns

Delete artifact with a UUID

Delete artifact having a certain UUID.

Parameters

Name Key Required Type Description
object

Returns

Delete artifacts in bulk

Delete artifacts in bulk by their artifacts ids.

Parameters

Name Key Required Type Description
object

Returns

Bulk Delete Response

response
object

Delete project

Delete project by project ID.

Parameters

Name Key Required Type Description
object

Returns

Delete tags

Removes tags from an artifact.

Parameters

Name Key Required Type Description
object

Returns

Find artifact

Read existing artifacts. If no filters are passed, this returns all your personal artifacts created by you or your organization.

Parameters

Name Key Required Type Description
Artifact
artifact string

The artifact UUID id

Project
project string

Filter by project UUID id

Owner
owner string

Filter by owner (an email or organization id)

Creator
creator string

Filter by creator

Organization
organization string

Filter by organization

Query
query string

Filter by query (passivetotal.org, etc)

Type
type string

Filter by type (domain, ip, etc)

Returns

Find Artifact Response

response
object

Find project

Retrieve all information related to project.

Parameters

Name Key Required Type Description
Project
project string

Filter by project id

Owner
owner string

Filter by owner (an email or organization id)

Creator
creator string

Filter by creator email

Organization
organization string

Filter by organization

Visibility
visibility string

Filter by visibility

Featured
featured boolean

Filter by featured status

Returns

Find Project Response

response
object

Get account and organization quotas

Retrieve the details of current account and organization quotas.

Returns

Get account metadata and settings

Retrieve current account metadata and settings.

Returns

Get active monitors

Retrieve the set of active monitors.

Returns

Get addresses by component name

Searches the components addresses information by component name.

Parameters

Name Key Required Type Description
Name
name True string

Component name

Version
version string

Component version to search for

Category
category string

Component category to search for

Page
page integer

Page number for paging through results, defaults to 0

Sort
sort string

Field to sort on, default value lastSeen

Order
order string

Order to return results in, default value desc

Returns

Searches the cookies addresses information by cookie domain.

Parameters

Name Key Required Type Description
Domain
domain True string

Cookie domain

Page
page integer

Page number for paging through results, defaults to 0

Sort
sort string

Field to sort on, default value lastSeen

Order
order string

Order to return results in, default value desc

Returns

Searches the addresses information by cookie name.

Parameters

Name Key Required Type Description
Name
name True string

Cookie name

Page
page integer

Page number for paging through results, defaults to 0

Sort
sort string

Field to sort on, default value lastSeen

Order
order string

Order to return results in, default value desc

Returns

Get alerts associated with an artifact or project

Retrieve all alerts associated with an artifact or project.

Parameters

Name Key Required Type Description
Project
project string

The project to filter on

Artifact
artifact string

The artifact to filter on

Start
start string

Filter results to after this datetime. Formats:"yyyy-MM-dd HH:mm:ss"

End
end string

Filter results to before this datetime. Formats:"yyyy-MM-dd HH:mm:ss"

Size
size integer

Max number of results, default is 25

Page
page integer

Page number, default is 0

Returns

Get all indicators for given profile

Retrieves the indicators for the given profile id.

Parameters

Name Key Required Type Description
Id
id True string

Profile Id

Query
query string

Indicator value to search for in profiles

Types
types string

Indicator types to filter by. E.g. domain

Categories
categories string

Indicator categories to filter by. E.g. host

Sources
sources string

Indicator sources to filter by. Allowed values: osint, riskiq

Page
page integer

Page number for paging through results, defaults to 0

Size
size integer

Maximum number of results to return per page, defaults to 25

Returns

Get all profiles

Retrieves all profiles.

Parameters

Name Key Required Type Description
Query
query string

Query to search

Type
type string

Profile type to search by. E.g. actor

Returns

Get all profiles by indicator

Retrieves all profiles containing the given indicator.

Parameters

Name Key Required Type Description
Query
query True string

Indicator value to search for in profiles

Types
types string

Indicator types to filter by. E.g. domain

Categories
categories string

Indicator categories to filter by. E.g. host

Sources
sources string

Indicator sources to filter by. Allowed values: osint, riskiq

Returns

Get all third party vendors

Finds all vendors associated with the given account.

Parameters

Name Key Required Type Description
Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0

Size
size integer

The number of matching records to return per page

Returns

Get API usage history

Retrieve the details of API usage history of the account.

Parameters

Name Key Required Type Description
Source
source string

History type (api/web), defaults to both

Date
dt string

Date to start showing results for

Focus
focus string

Query to filter for (domain, ip, etc)

Returns

Get article details

Retrieves the details of the article specified.

Parameters

Name Key Required Type Description
Article
article True string

Article short guid

Returns

Get articles

Retrieves all articles.

Parameters

Name Key Required Type Description
Sort
sort string

Order to sort, defaults to created

Order
order string

Field name to sort by, defaults to desc

Page
page integer

Page number for paging through results, defaults to 0

Returns

Get articles by indicator

Retrieves all articles containing the indicator specified.

Parameters

Name Key Required Type Description
Query
query True string

Indicator value to search for in articles (e.g. domain, ip)

Type
type string

Indicator type to filter by

Returns

Get articles indicators

Retrieves articles indicators.

Parameters

Name Key Required Type Description
Article GUID
articleGuid string

The article short guid. Use this parameter if you want to consult the indicators of a single article

Start Date
startDate string

This represents the publish date of articles where you want to start looking at indicators Formats:yyyy-MM-dd HH:mm:ss

Returns

Get artifact tags

Retrieve the tags of an artifact or artifacts.

Parameters

Name Key Required Type Description
Artifact
artifact True string

The artifact UUID or UUIDs to list

Returns

Get attack surface

Finds the Attack Surface information of the given account.

Returns

Body
VendorInfo

Get attack surface insight by insight Id

Finds the Attack Surface Insight Information given the insight ID for the given account

Parameters

Name Key Required Type Description
Insight Id
insightId True integer

Insight Id

Group By
groupBy string

The group by value (bar) to group by, based on the chart's groupBy field

Segment By
segmentBy string

The group by value (bar segment) to segment by, based on the chart's segmentBy field

Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0

Size
size integer

The number of matching records to return per page

Returns

Get attack surface priority detail by level

Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account.

Parameters

Name Key Required Type Description
Level
level True string

Priority level (high/medium/low)

Returns

Get attack surface third party by vendor Id

Finds vendors associated with the given vendor id for given account account.

Parameters

Name Key Required Type Description
Id
id True integer

Vendor Id

Returns

Body
VendorInfo

Get attack surface third party insight by vendor Id and insight Id

Finds vendors associated with the given vendor id and insight Id

Parameters

Name Key Required Type Description
Id
id True integer

Vendor Id

Insight Id
insightId True integer

Insight Id

Group By
groupBy string

The group by value (bar) to group by, based on the chart's groupBy field

Segment By
segmentBy string

The group by value (bar segment) to segment by, based on the chart's segmentBy field

Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0

Size
size integer

The number of matching records to return per page

Returns

Get attack surface third party priority detail by vendor Id and level

Finds vendors associated with the given vendor id and priority level for given account account.

Parameters

Name Key Required Type Description
Id
id True integer

Vendor Id

Level
level True string

Priority level (high/medium/low)

Returns

Get attack surface third party vulnerabilities

Finds the Attack Surface Third-Party Vulnerability Information given the vendor ID.

Parameters

Name Key Required Type Description
Id
id True integer

Vendor Id

Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.

Size
size integer

The number of matching records to return per page

Returns

Get attack surface third party vulnerability observations

Finds the Attack Surface Third-Party Vulnerability Observations given the vendor ID and CVE.

Parameters

Name Key Required Type Description
Id
id True integer

Vendor Id

Cve Id
cveId True string

Cve Id

Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.

Size
size integer

The number of matching records to return per page

Returns

Get attack surface third party vulnerable components

Finds the Attack Surface Third-Party Vulnerable Components given the vendor ID.

Parameters

Name Key Required Type Description
Id
id True integer

Vendor Id

Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.

Size
size integer

The number of matching records to return per page

Returns

Get attack surface vulnerability observations

Finds the Attack Surface Vulnerability Observations for the primary vendor given a CVE.

Parameters

Name Key Required Type Description
Cve Id
cveId True string

Cve Id

Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.

Size
size integer

The number of matching records to return per page

Returns

Get attack surface vulnerable components

Finds the Attack Surface Vulnerable Components for the primary vendor.

Parameters

Name Key Required Type Description
Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0

Size
size integer

The number of matching records to return per page

Returns

Get attack surface vulnerable information

Finds the Attack Surface Vulnerability Information for the primary vendor for the given account.

Parameters

Name Key Required Type Description
Page
page integer

The index of the page to retrieve. The index is zero based so the first page is page 0

Size
size integer

The number of matching records to return per page

Returns

Get bulk classification status

Retrieve classification statuses for given domains.

Parameters

Name Key Required Type Description
Query
query True array

Domains for which to retrieve classification statuses

Returns

Get classification status

Retrieve classification status for a given domain.

Parameters

Name Key Required Type Description
Query
query True string

Domain for which to retrieve classification status

Returns

Get components

Retrieves the host attribute components of a query.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Start
start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

End
end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

Page
page integer

Page number for paging through results, defaults to 0

Returns

Get compromised status

Indicates whether or not a given domain has ever been compromised.

Parameters

Name Key Required Type Description
Query
query True string

Domain to check for compromised status

Returns

Get cookies

Retrieves the host attribute cookies related to the query.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Start
start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

End
end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

Page
page integer

Page number for paging through results, defaults to 0

Returns

Get current organization metadata

Retrieve the details of current organization metadata.

Returns

Get dynamic DNS status

Indicates whether or not a domain's DNS records are updated via dynamic DNS.

Parameters

Name Key Required Type Description
Query
query True string

Domain for which to retrieve dynamic DNS status

Returns

Get enrichment data

Get enrichment data for a query.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Returns

Get enrichment data bulk

Get bulk enrichment data for many queries.

Parameters

Name Key Required Type Description
Query
query True array

The domains and IPs being queried

Returns

Get hosts by component name

Searches the components hosts information by component name.

Parameters

Name Key Required Type Description
Name
name True string

Component name

Version
version string

Component version to search for

Category
category string

Component category to search for

Page
page integer

Page number for paging through results, defaults to 0

Sort
sort string

Field to sort on, default value lastSeen

Order
order string

Order to return results in, default value desc

Returns

Searches the cookies hosts information by cookie domain.

Parameters

Name Key Required Type Description
Domain
domain True string

Cookie domain

Page
page integer

Page number for paging through results, defaults to 0

Sort
sort string

Field to sort on, default value lastSeen

Order
order string

Order to return results in, default value desc

Returns

Searches the hosts information by cookie name.

Parameters

Name Key Required Type Description
Name
name True string

Cookie name

Page
page integer

Page number for paging through results, defaults to 0

Sort
sort string

Field to sort on, default value lastSeen

Order
order string

Order to return results in, default value desc

Returns

Get items by classification

Retrieve items with the specified classification.

Parameters

Name Key Required Type Description
Classification
classification string

Classification for which to retrieve items for

Returns

Get malware

Get malware data for a query.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Returns

Get malware bulk

Get bulk malware data for many queries.

Parameters

Name Key Required Type Description
Query
query True string

The domains and IPs being queried

Returns

Get monitor status

Indicates whether or not a domain is monitored.

Parameters

Name Key Required Type Description
Query
query True string

Domain for which to check for monitoring

Returns

Get OSINT

Get OSINT data for a query.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Returns

Get OSINT bulk

Get bulk OSINT data for many queries.

Parameters

Name Key Required Type Description
Query
query True string

The domains and IPs being queried

Returns

Get pairs

Retrieves the host attribute pairs related to the query.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Direction
direction True string

The domain or IP being queried

Start
start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

End
end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

Page
page integer

Page number for paging through results, defaults to 0

Returns

Body
PairInfo

Get passive DNS

Retrieves the passive DNS results from active account sources.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Start
start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

End
end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

Timeout
timeout integer

Timeout to use for external resources, defaults to 7

Returns

Get profile details

Retrieves the details for the given profile.

Parameters

Name Key Required Type Description
Id
id True string

Profile Id

Returns

Get reputation

Retrieves reputation for given query.

Parameters

Name Key Required Type Description
Query
query True string

The domain, host or IP being queried

Returns

Get sinkhole status

Indicates whether or not an IP address is a sinkhole.

Parameters

Name Key Required Type Description
Query
query True string

IP address to check for sinkhole status

Returns

Get sources used for queries

Retrieve the details of sources being used for queries.

Parameters

Name Key Required Type Description
Source
source string

The source to filter on

Returns

Get SSL certificate

Retrieves an SSL certificate by its SHA-1 hash.

Parameters

Name Key Required Type Description
Query
query True string

SHA-1 hash of the certificate to retrieve

Returns

Get SSL certificate history

Retrieves the SSL certificate history for a given certificate SHA-1 hash or IP address.

Parameters

Name Key Required Type Description
Query
query True string

SHA-1 hash or associated IP address for which to retrieve certificate history

Returns

Get subdomains

Get subdomains data for a query.

Parameters

Name Key Required Type Description
Query
query True string

The domain being queried

Returns

Get summary data card

Retrieves a summary data card associated to the given query.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP address to be queried

Returns

Get tags

Get tags from a given artifact.

Parameters

Name Key Required Type Description
Query
query True string

Artifact for which to retrieve tags

Returns

Get team activity

Retrieve the details of team activity.

Parameters

Name Key Required Type Description
Source
source string

Filter to this source

Date
dt string

Filter to this datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

Type
type string

Filter by type field

Focus
focus string

Filter by focus (domain, ip, etc)

Returns

Get the open ports info for the IP address given

The exposed services endpoints allow you to see services on recently open ports for an IP address.

Parameters

Name Key Required Type Description
Query
query True string

The IP being queried

Returns

Get trackers

Retrieves the host attribute trackers.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Start
start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

End
end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

Page
page integer

Page number for paging through results, defaults to 0

Returns

Get unique passive DNS

Retrieves the unique passive DNS results from active account sources.

Parameters

Name Key Required Type Description
Query
query True string

The domain or IP being queried

Start
start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

End
end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"

Timeout
timeout integer

Timeout to use for external resources, defaults to 7

Returns

Get WHOIS

Retrieves the WHOIS data for the specified query.

Parameters

Name Key Required Type Description
Query
query True string

The domain being queried

Compact Record
compact_record boolean

Whether to compress the results

History
history boolean

Whether to return historical results

Returns

Return the WHOIS data

response
object

Remove artifact tags

Remove a set of tags from an artifact or artifacts.

Parameters

Name Key Required Type Description
object

Returns

Remove Artifact Tag Response

response
object

Remove project tags

Remove tags from a project by project ID.

Parameters

Name Key Required Type Description
object

Returns

Search passive DNS

Searches the passive DNS data for a keyword query.

Parameters

Name Key Required Type Description
Query
query True string

The query to execute as a keyword search.

Returns

Search SSL certificates

Retrieves SSL certificates for a given field value.

Parameters

Name Key Required Type Description
Field
field True string

Field by which to search

Query
query True string

Field value for which to search

Returns

Search SSL certificates by keyword

Retrieves SSL certificates for a given keyword.

Parameters

Name Key Required Type Description
Query
query True string

Keyword on which to search

Returns

Search tags

Retrieve artifacts for a given tag.

Parameters

Name Key Required Type Description
Query
query True string

Tag for which to retrieve artifacts

Returns

Search trackers that match the criteria

Retrieves hosts or IP addresses that employ a specific user tracking service.

Parameters

Name Key Required Type Description
Query
query True string

Host from which trackers originate

Type
type True string

Type of trackers to retrieve a type other than the officially supported ones may be supplied

Returns

Search WHOIS

Searches WHOIS data by field and query.

Parameters

Name Key Required Type Description
Query
query True string

The value of the field being queried

Field
field True string

The field to query

Returns

Search WHOIS keyword

Search WHOIS data for a keyword.

Parameters

Name Key Required Type Description
Query
query True string

The value of the field being queried

Returns

Set artifact tags

Set the tags of an artifact or artifacts.

Parameters

Name Key Required Type Description
object

Returns

Set Artifact Tag Response

response
object

Set bulk classification status

Set classification statuses for given domains.

Parameters

Name Key Required Type Description
object

Returns

Set classification status

Sets the classification status for a given domain.

Parameters

Name Key Required Type Description
object

Returns

Set compromised status

Sets status for a domain to indicate if it has ever been compromised.

Parameters

Name Key Required Type Description
object

Returns

Set dynamic DNS status

Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.

Parameters

Name Key Required Type Description
object

Returns

Set project tags

Set the project tags of given project ID.

Parameters

Name Key Required Type Description
object

Returns

Set sinkhole status

Sets status for an IP address to indicate whether or not it is a sinkhole.

Parameters

Name Key Required Type Description
object

Returns

Set tags

Sets tags to a given artifact.

Parameters

Name Key Required Type Description
object

Returns

Update artifact

Update artifact, or toggle monitoring status.

Parameters

Name Key Required Type Description
object

Returns

Update artifact tags

Add tags to an artifact or artifacts.

Parameters

Name Key Required Type Description
object

Returns

Update Artifact Tag Response

response
object

Update project

Updates a project denoted by project ID.

Parameters

Name Key Required Type Description
object

Returns

Definitions

AccountResponse

Name Path Type Description
Two Factor Enabled
features.two_factor_enabled boolean
Calendly Integration
features.calendly_integration boolean
Analyst Insights
features.analyst_insights boolean

Analyst insights feature flag

Analyst Projects
features.analyst_projects boolean
Async Heatmap
features.async_heatmap boolean
Tab Update
features.tab_update boolean
MSFT Integration
features.msft_integration boolean
Exposed Services
features.exposed_services boolean
Community Relaunch
features.community_relaunch boolean
Data Table Improvement
features.data_table_improvement boolean
Project Selector V2
features.project_selector_v2 boolean
WHOIS History
features.whois_history boolean

WHOIS history feature flag

Server Side Facets
features.server_side_facets boolean
Projects Tabs
features.projects_tabs boolean
Projects Share
features.projects_share boolean
illuminate
features.illuminate boolean
Triage
features.triage boolean
Data Table Paginated
features.data_table_paginated boolean
Username
username string
Guest
guest boolean
First Name
firstName string
Last Name
lastName string
Full Name
fullName string
Organization
organization string
First Active
firstActive string
Last Active
lastActive string
Verified
verified string
Supplied Organization
suppliedOrganization string
jobRole
jobRole anyVariableValue

The value of the variable.

Roles
roles array of string
Enterprise User
enterpriseUser string
Approved Sources
approvedSources string
Country
country string
Phone Number
phoneNumber string
State Or Region
stateOrRegion string
Search Web Quota Exceeded
searchWebQuotaExceeded boolean
Search API Quota Exceeded
searchApiQuotaExceeded boolean
Project Public Quota Exceeded
projectPublicQuotaExceeded boolean
Project Private Quota Exceeded
projectPrivateQuotaExceeded boolean
Account Status
accountStatus string
Monitor Frequency
monitorFrequency string
Email Digest Frequency
emailDigestFrequency string
Workspace ID
workspaceId integer
Permissions
permissions array of
Disable History
disableHistory boolean
ssoIntegrationId
ssoIntegrationId anyVariableValue

The value of the variable.

ssoAuthPartnerId
ssoAuthPartnerId anyVariableValue

The value of the variable.

SSO Success
ssoSuccess boolean
daysLeftOnTrial
daysLeftOnTrial anyVariableValue

The value of the variable.

Dark Mode
darkMode boolean

Dark mode feature flag

Home Opt In
homeOptIn boolean

New home screen feature flag

Hide Home Opt In
hideHomeOptIn boolean

Hide new home screen feature flag

Dark Mode
preferences.darkMode boolean

Dark mode preference flag

Article Page Size
preferences.articlePageSize integer
PT Classic Mode
preferences.ptClassicMode boolean
Never Logged In
preferences.neverLoggedIn boolean
Home Opt In
preferences.homeOptIn boolean

New home screen preference flag

Hide Home Opt In
preferences.hideHomeOptIn boolean

Hide new home screen preference flag

Trackers
datasets.trackers boolean
Components
datasets.components boolean
Host Pairs
datasets.hostPairs boolean
malware
datasets.malware anyVariableValue

The value of the variable.

WHOIS History
datasets.whoisHistory boolean

WHOIS history dataset flag

WHOIS
datasets.whois boolean
sslCerts
datasets.sslCerts anyVariableValue

The value of the variable.

Attack Surface Intel
datasets.attackSurfaceIntel boolean
Services
datasets.services boolean
pdns
datasets.pdns anyVariableValue

The value of the variable.

Cookies
datasets.cookies boolean
Reputation
datasets.reputation boolean
Analyst Insights
datasets.analystInsights boolean

Analyst insights dataset flag

Deep Dark Web
datasets.deepDarkWeb boolean
Brand Intel
datasets.brandIntel boolean
RiskIQ Article Indicators
datasets.riskiqArticleIndicators boolean
Adversary Intel
datasets.adversaryIntel boolean
event_code
event_code anyVariableValue

The value of the variable.

user_id
user_id anyVariableValue

The value of the variable.

user_hash
user_hash anyVariableValue

The value of the variable.

HistoryResponse

Name Path Type Description
history
history array of History
teamstream
teamstream anyVariableValue

The value of the variable.

History

Name Path Type Description
Focus
focus string
Context
context integer
Username
username string
Date
dt string
GUID
guid string
Source
source string
Type
type string

MonitorsResponse

Name Path Type Description
monitors
monitors array of Monitor

Monitor

Name Path Type Description
Focus
focus string
Tags
tags array of string

OrganizationResponse

Name Path Type Description
Registered
registered string
Name
name string
ID
id string
watchQuota
watchQuota anyVariableValue

The value of the variable.

licenses
licenses OrganizationLicenses
Seats
seats integer
illuminate
features.illuminate boolean

illuminate feature flag

Triage
features.triage boolean
Status
status string
licensedMembers
licensedMembers OrganizationLicensedMembers
Active Members
activeMembers array of string
searchQuota
searchQuota anyVariableValue

The value of the variable.

Show Team Search History
showTeamSearchHistory boolean
disableIndividualSearchHistory
disableIndividualSearchHistory anyVariableValue

The value of the variable.

disableTeamSearchHistory
disableTeamSearchHistory anyVariableValue

The value of the variable.

Last Active
lastActive string
Default Domains
defaultDomains array of string
Acceptable Domains
acceptableDomains array of string
Active
active boolean
Inactive Members
inactiveMembers array of
Admins
admins array of string
disabledMembers
disabledMembers anyVariableValue

The value of the variable.

usersNotSignedUpYet
usersNotSignedUpYet anyVariableValue

The value of the variable.

Has Falcon Creds
hasFalconCreds boolean
sources
sources anyVariableValue

The value of the variable.

Enabled
enhancedAttackSurfaceData.enabled boolean
Primary
enhancedAttackSurfaceData.primary array of
Max Vendors
enhancedAttackSurfaceData.maxVendors integer
Vendors
enhancedAttackSurfaceData.vendors array of

OrganizationLicenses

Name Path Type Description
Enterprise
enterprise integer

Enterprise organization licenses

Cyber Threat Intel
cyberThreatIntel integer

Cyber threat intel licenses

SecOps Intel
secOpsIntel integer

SecOps licenses

illuminate
illuminate integer

illuminate licenses

OrganizationLicensedMembers

Name Path Type Description
Enterprise
enterprise array of string

Enterprise organization licensed members

illuminate
illuminate array of string

illuminate licensed members

Cyber Threat Intel
cyberThreatIntel array of string

Cyber threat intel licensed members

SecOps Intel
secOpsIntel array of string

SecOps licensed members

Organization

Name Path Type Description
Owner
owner string

Organization owners

Name
organization string

Name of organization

GUID
guid string

GUID of organization

Keyword Monitors
counts.keyword_monitors integer

Keyword monitors used(Organization)

Search API
counts.search_api integer

API searches used(Organization)

Basic Monitors
counts.basic_monitors integer

Basic monitors used(Organization)

Search Web
counts.search_web integer

Web searches used(Organization)

Projects Private
counts.projects_private integer

Private projects used(Organization)

Projects Public
counts.projects_public integer

Public projects used(Organization)

Search API
freebies.search_api integer

API searches used free accounts(Organization)

Search Web
freebies.search_web integer

Web searches used by free accounts(Organization)

Analysis
profile.analysis string

Analysis profile(Organization)

Workflow
profile.workflow string

Workflow profile(Organization)

Search API
limits.search_api integer

API search limits(Organization)

Basic Monitors
limits.basic_monitors integer

Basic monitor limit(Organization)

Monitor Results
limits.monitor_results integer

Monitor results limit(Organization)

Projects Private
limits.projects_private integer

Private project limit(Organization)

Monitor Frequency
limits.monitor_frequency string

Monitor frequency(Organization)

Keyword Monitors
limits.keyword_monitors integer

Keyword monitor limit(Organization)

Search Web
limits.search_web integer

Web search limits(Organization)

Projects Public
limits.projects_public integer

Public project limit(Organization)

Create Crawls
limits.create_crawls integer

Crawl limits(Organization)

Crawl Submissions
limits.crawl_submissions integer

Crawl submission limits(Organization)

Quota Interval
quotaInterval string

Quota interval of organization

licenseCounts
licenseCounts OrganizationLicenseCounts

License counts of organization

licenseLimits
licenseLimits OrganizationLicenseLimits

License limits of organization

Use Monthly Quota Inactive
useMonthlyQuotaInactive boolean

Monthly quota inactive of organization

Next Reset
next_reset string

Next reset of organization

Last Reset
last_reset string

Last quota reset for organization

Username
username string

Username of organization

event_code
event_code anyVariableValue

The value of the variable.

event_code_expiration
event_code_expiration anyVariableValue

The value of the variable.

OrganizationLicenseCounts

License counts of organization

Name Path Type Description
Search API
enterprise.searchApi integer

Enterprise api searches used

Search Web
enterprise.searchWeb integer

Enterprise web searches used(Organization)

Search API
cyberThreatIntel.searchApi integer

Cyber threat intel api searches used

Search Web
cyberThreatIntel.searchWeb integer

Cyber threat intel web searches used(Organization)

Search API
secOpsIntel.searchApi integer

SecOps api searches used

Search Web
secOpsIntel.searchWeb integer

SecOps web searches used(Organization)

Search API
illuminate.searchApi integer

illuminate api searches used

Search Web
illuminate.searchWeb integer

illuminate web searches used(Organization)

OrganizationLicenseLimits

License limits of organization

Name Path Type Description
Search API
enterprise.searchApi integer

Enterprise api search limit

Search Web
enterprise.searchWeb integer

Enterprise web search limit(Organization)

Search API
cyberThreatIntel.searchApi integer

Cyber threat intel api search limit

Search Web
cyberThreatIntel.searchWeb integer

Cyber threat intel web search limit(Organization)

Search API
secOpsIntel.searchApi integer

SecOps api search limit

Search Web
secOpsIntel.searchWeb integer

SecOps web search limit(Organization)

Search API
illuminate.searchApi integer

illuminate api search limit

Search Web
illuminate.searchWeb integer

illuminate web search limit(Organization)

QuotaResponse

Name Path Type Description
user
user User
organization
organization Organization

User

Name Path Type Description
Owner
owner string

Organization users

Organization
organization string

User organization

GUID
guid string

GUID of user

Keyword Monitors
counts.keyword_monitors integer

Keyword monitors used(User)

Search API
counts.search_api integer

Search api of counts(User)

Basic Monitors
counts.basic_monitors integer

Basic monitors used(User)

Search Web
counts.search_web integer

Search web of counts(User)

Projects Private
counts.projects_private integer

Private projects used(User)

Projects Public
counts.projects_public integer

Public projects used(User)

Search API
freebies.search_api integer

Search api of freebies(User)

Search Web
freebies.search_web integer

Search web of freebies(User)

Analysis
profile.analysis string

Analysis profile(User)

Workflow
profile.workflow string

Workflow profile(User)

Search API
limits.search_api integer

Search api of limits(User)

Basic Monitors
limits.basic_monitors integer

Basic monitor limit(User)

Monitor Results
limits.monitor_results integer

Monitor results limit(User)

Projects Private
limits.projects_private integer

Private project limit(User)

Monitor Frequency
limits.monitor_frequency string

Monitor frequency(User)

Keyword Monitors
limits.keyword_monitors integer

Keyword monitor limit(User)

Search Web
limits.search_web integer

Search web of limits(User)

Projects Public
limits.projects_public integer

Public project limit(User)

Create Crawls
limits.create_crawls integer

Crawl limits(User)

Crawl Submissions
limits.crawl_submissions integer

Crawl submission limits(User)

Quota Interval
quotaInterval string

Quota interval of user

Use Monthly Quota Inactive
useMonthlyQuotaInactive boolean

Use monthly quota inactive of user

Search API
licenseCounts.searchApi integer

Search api of license counts(User)

Search Web
licenseCounts.searchWeb integer

Search web of license counts(User)

Search API
licenseLimits.searchApi integer

Search api of license limits(User)

Search Web
licenseLimits.searchWeb integer

Search web of license limits(User)

Next Reset
next_reset string

Next reset of user

Last Reset
last_reset string

Last quota reset for user

Username
username string

Username of user

event_code
event_code anyVariableValue

The value of the variable.

event_code_expiration
event_code_expiration anyVariableValue

The value of the variable.

SourcesResponse

Name Path Type Description
sources
sources array of Source

Source

Name Path Type Description
Controllable
controllable boolean
Active
active boolean
Password
configuration.password string

Source password

Username
configuration.username string

Source username

Token
configuration.token string

Source configuration token

Type
type array of string
Access
access array of string
Description
description string
Auth Required
authRequired boolean
Website
website string
Label
label string
Auth
auth boolean
API Key
authMethod.apiKey string
Password
authMethod.password string

Password auth method

Username
authMethod.username string

Username auth method

Token
authMethod.token string

Token auth method

Token Key
authMethod.token_key string
Token Secret
authMethod.token_secret string
Private Key
authMethod.private_key string
Source
source string
org_configuration
org_configuration anyVariableValue

The value of the variable.

TeamstreamResponse

Name Path Type Description
history
history anyVariableValue

The value of the variable.

teamstream
teamstream array of Teamstream

Teamstream

Name Path Type Description
Focus
focus string
Source
source string
Username
username string
Type
type string
Context
context integer
GUID
guid string
Date
dt string

ClassificationsResponse

Name Path Type Description
Malicious
malicious array of string
Non Malicious
non_malicious array of string
Suspicious
suspicious array of string
Unknown
unknown array of string

TagActionResponse

Name Path Type Description
Tags
tags array of string

BulkClassificationResponse

Name Path Type Description
Success
success boolean
Results
results object

ClassificationInfo

Name Path Type Description
Classification
classification string

CompromisedStatusResponse

Name Path Type Description
Ever Compromised
everCompromised boolean

DynamicDnsResponse

Name Path Type Description
Dynamic DNS
dynamicDns boolean

MonitorStatusResponse

Name Path Type Description
Monitor
monitor boolean

SinkholeStatusResponse

Name Path Type Description
Sinkhole
sinkhole boolean

ActionSearchTagResponse

Name Path Type Description
results
results SearchTagElement

SearchTagElement

Name Path Type Description
Focus
focus string
User Tags
user_tags array of string
System Tags
system_tags array of string
Global Tags
global_tags array of string
Tags
tags array of string
Tag Meta
tag_meta object
Username
username string

SingleArtifactResponse

Name Path Type Description
Monitor
monitor boolean
Type
type string
Owner
owner string
Monitorable
monitorable boolean
Creator
creator string
GUID
guid string
Project
project string

Project where artifact is located

Success
success boolean
Organization
organization string
Created
created string
Query
query string
System Tags
system_tags array of string
User Tags
user_tags array of string
Global Tags
global_tags array of string
Tag Meta
tag_meta object
Tag
links.tag string
Self
links.self string
Project
links.project string

Link to projects

ArticlesIndicatorsResponse

Name Path Type Description
Success
success boolean
indicators
indicators array of Indicators
Total Records
totalRecords integer

Indicators

Name Path Type Description
Source
source string
Value
value string
Type
type string
GUID
guid string
Link
link string
Published Date
publishedDate string
Tags
tags array of string

ArticlesResponse

Name Path Type Description
GUID
guid string
Title
title string
Summary
summary string
Type
type string

Indicators type

Published Date
publishedDate string
Link
link string
Tags
tags array of string
Categories
categories array of string
indicators
indicators array of object
Type
indicators.type string

Indicators type

Count
indicators.count integer
Values
indicators.values array of string
Source
indicators.source string

ArticlesListResponse

Name Path Type Description
Success
success boolean
articles
articles anyVariableValue

The value of the variable.

Total Records
totalRecords integer

SummaryDataCardResponse

Name Path Type Description
Type
type string
Name
name string
Link
link string
Net Block
netblock string
OS
os string
ASN
asn string
Hosting Provider
hosting_provider string
Count
data_summary.resolutions.count integer

Count of resolutions

Link
data_summary.resolutions.link string

Link to resolutions

Count
data_summary.certificates.count integer

Count of certificates

Link
data_summary.certificates.link string

Link to certificates

Count
data_summary.hashes.count integer

Count of hashes

Link
data_summary.hashes.link string

Link to hashes

Count
data_summary.projects.count integer

Count of projects

Link
data_summary.projects.link string

Link to projects

Count
data_summary.articles.count integer

Count of articles

Link
data_summary.articles.link string

Link to articles

Count
data_summary.trackers.count integer

Count of trackers

Link
data_summary.trackers.link string

Link to trackers

Count
data_summary.components.count integer

Count of components

Link
data_summary.components.link string

Link to components

Count
data_summary.host_pairs.count integer

Count of host pairs

Link
data_summary.host_pairs.link string

Link to host pairs

Count
data_summary.cookies.count integer

Count of cookies

Link
data_summary.cookies.link string

Link to cookies

Count
data_summary.reverse_dns.count integer

Count of reverse dns

Link
data_summary.reverse_dns.link string

Link to reverse dns

Count
data_summary.services.count integer

Count of services

Link
data_summary.services.link string

Link to services

EnrichmentResponse

Name Path Type Description
Classification
classification string
Sinkhole
sinkhole boolean
Ever Compromised
everCompromised boolean
Query Type
queryType string
Query Value
queryValue string
Primary Domain
primaryDomain string
TLD
tld string
Subdomains
subdomains array of string
Tag Meta
tag_meta object
Global Tags
global_tags array of string
Tags
tags array of string
System Tags
system_tags array of string
Dynamic DNS
dynamicDns boolean
Autonomous System Number
autonomousSystemNumber integer
Autonomous System Name
autonomousSystemName string
Network
network string
Country
country string
Longitude
longitude float
Latitude
latitude float
dynamic
dynamic anyVariableValue

The value of the variable.

EnrichmentMalwareResponse

Name Path Type Description
Success
success boolean
results
results array of EnrichmentMalwareResult

EnrichmentMalwareResult

Name Path Type Description
Collection Date
collectionDate string
Sample
sample string
Source
source string
Source URL
sourceUrl string

EnrichmentOsintResponse

Name Path Type Description
Success
success boolean
results
results array of EnrichmentOsintResult

EnrichmentOsintResult

Name Path Type Description
Derived
derived array of
In Reports
inReport array of string
Source
source string
Source URL
sourceUrl string
Tags
tags array of string
Indicators
indicators array of
Compromised
compromised array of

EnrichmentSubdomainsResponse

Name Path Type Description
Success
success boolean
Primary Domain
primaryDomain string
Subdomains
subdomains array of string
Query Value
queryValue string

ServicesResponse

Name Path Type Description
Success
success boolean
Total Records
totalRecords integer
results
results array of object
First Seen
results.firstSeen string

Results first seen

Last Seen
results.lastSeen string

Results last seen

Last Scan
results.lastScan string
Port Number
results.portNumber integer
Count
results.count integer

Count of results

Status
results.status string
Protocol
results.protocol string
banners
results.banners array of object
Banner
results.banners.banner string
Scan Type
results.banners.scanType string
First Seen
results.banners.firstSeen string

Banner first seen

Last Seen
results.banners.lastSeen string

Banner last seen

Count
results.banners.count integer

Banner count

currentServices
results.currentServices array of object
First Seen
results.currentServices.firstSeen string

Current service first seen

Last Seen
results.currentServices.lastSeen string

Current service last seen

Version
results.currentServices.version string

Current service version

Category
results.currentServices.category string

Current service category

Label
results.currentServices.label string

Current service label

recentServices
results.recentServices array of object
First Seen
results.recentServices.firstSeen string

Recent service first seen

Last Seen
results.recentServices.lastSeen string

Recent service last seen

Version
results.recentServices.version string

Recent service version

Category
results.recentServices.category string

Recent service category

Label
results.recentServices.label string

Recent service label

First Seen
results.mostRecentSslCert.firstSeen integer

Most recent ssl cert first seen

Last Seen
results.mostRecentSslCert.lastSeen integer

Most recent ssl cert last seen

Finger Print
results.mostRecentSslCert.fingerprint string
SSL Version
results.mostRecentSslCert.sslVersion string
Expiration Date
results.mostRecentSslCert.expirationDate string
Issue Date
results.mostRecentSslCert.issueDate string
SHA1
results.mostRecentSslCert.sha1 string
Serial Number
results.mostRecentSslCert.serialNumber string
Subject Country
results.mostRecentSslCert.subjectCountry string
Issuer Common Name
results.mostRecentSslCert.issuerCommonName string
Issuer Province
results.mostRecentSslCert.issuerProvince string
Subject State Or Province Name
results.mostRecentSslCert.subjectStateOrProvinceName string
Subject Street Address
results.mostRecentSslCert.subjectStreetAddress string
Issuer State Or Province Name
results.mostRecentSslCert.issuerStateOrProvinceName string
Subject Surname
results.mostRecentSslCert.subjectSurname string
Issuer Country
results.mostRecentSslCert.issuerCountry string
Subject Locality Name
results.mostRecentSslCert.subjectLocalityName string
Issuer Organization Unit Name
results.mostRecentSslCert.issuerOrganizationUnitName string
Issuer Organization Name
results.mostRecentSslCert.issuerOrganizationName string
Subject Email Address
results.mostRecentSslCert.subjectEmailAddress string
Subject Organization Name
results.mostRecentSslCert.subjectOrganizationName string
Issuer Locality Name
results.mostRecentSslCert.issuerLocalityName string
Subject Common Name
results.mostRecentSslCert.subjectCommonName string
Subject Province
results.mostRecentSslCert.subjectProvince string
Issuer Given Name
results.mostRecentSslCert.issuerGivenName string
Subject Organization Unit Name
results.mostRecentSslCert.subjectOrganizationUnitName string
Issuer Email Address
results.mostRecentSslCert.issuerEmailAddress string
Subject Given Name
results.mostRecentSslCert.subjectGivenName string
Subject Serial Number
results.mostRecentSslCert.subjectSerialNumber string
Issuer Street Address
results.mostRecentSslCert.issuerStreetAddress string
Issuer Serial Number
results.mostRecentSslCert.issuerSerialNumber string
Issuer Surname
results.mostRecentSslCert.issuerSurname string
Subject Alternative Names
results.mostRecentSslCert.subjectAlternativeNames array of string

MonitorResponse

Name Path Type Description
Results
results object
error
error anyVariableValue

The value of the variable.

Total Records
totalRecords integer
Success
success boolean

ProjectResponse

Name Path Type Description
Visibility
visibility string
Owner
owner string
Active
active boolean
Description
description string
Subscribers
subscribers array of string
Creator
creator string
GUID
guid string
Featured
featured boolean
Tags
tags array of string
Collaborators
collaborators array of string
Name
name string
Created
created string
Organization
organization string
Tag
links.tag string

Link to tags

Self
links.self string
Artifact
links.artifact string
Success
success boolean
Can Edit
can_edit boolean
link
link anyVariableValue

The value of the variable.

SSLResponse

Name Path Type Description
Success
success boolean
Overall Total Records
overallTotalRecords integer
results
results array of SSLResponseResult

SSLResponseResult

Name Path Type Description
First Seen
firstSeen integer
Last Seen
lastSeen integer
Finger Print
fingerprint string
SSL Version
sslVersion string
Expiration Date
expirationDate string
Issue Date
issueDate string
SHA1
sha1 string
Serial Number
serialNumber string
Subject Country
subjectCountry string
Issuer Common Name
issuerCommonName string
Issuer Province
issuerProvince string
Subject State Or Province Name
subjectStateOrProvinceName string
Subject Street Address
subjectStreetAddress string
Issuer State Or Province Name
issuerStateOrProvinceName string
Subject Surname
subjectSurname string
Issuer Country
issuerCountry string
Subject Locality Name
subjectLocalityName string
Issuer Organization Unit Name
issuerOrganizationUnitName string
Issuer Organization Name
issuerOrganizationName string
Subject Email Address
subjectEmailAddress string
Subject Organization Name
subjectOrganizationName string
Issuer Locality Name
issuerLocalityName string
Subject Common Name
subjectCommonName string
Subject Province
subjectProvince string
Issuer Given Name
issuerGivenName string
Subject Organization Unit Name
subjectOrganizationUnitName string
Issuer Email Address
issuerEmailAddress string
Subject Given Name
subjectGivenName string
Subject Serial Number
subjectSerialNumber string
Issuer Street Address
issuerStreetAddress string
Issuer Serial Number
issuerSerialNumber string
Issuer Surname
issuerSurname string
Subject Alternative Names
subjectAlternativeNames array of string

SSLSearchKeywordResponse

Name Path Type Description
Query Value
queryValue string
results
results array of SSLSearchKeywordResult
Success
success boolean

SSLSearchKeywordResult

Name Path Type Description
Match Type
matchType string
Field Match
fieldMatch string
Focus Point
focusPoint string

SSLHistoryResponse

Name Path Type Description
results
results array of SSLHistoryResult
Success
success boolean

SSLHistoryResult

Name Path Type Description
SHA1
sha1 string
First Seen
firstSeen string
IP Addresses
ipAddresses array of string
Last Seen
lastSeen string

SSLSearchResponse

Name Path Type Description
Query Value
queryValue string
results
results array of SSLResponseResult
Success
success boolean
Overall Total Records
overallTotalRecords integer

ArtifactTagResponse

Name Path Type Description
Tags
tags array of string
System Tags
system_tags array of string
Tag Meta
tag_meta object
User Tags
user_tags array of string
Success
success boolean

TrackersSearchResponse

Name Path Type Description
results
results array of TrackersSearchResult
Total Records
totalRecords integer
Success
success boolean

TrackersSearchResult

Name Path Type Description
Entity
entity string
Last Seen
lastSeen string
First Seen
firstSeen string

ComponentInfo

Name Path Type Description
Success
success boolean
Total Records
totalRecords integer
results
results array of object
First Seen
results.firstSeen string
Last Seen
results.lastSeen string
Version
results.version string
Category
results.category string
Label
results.label string
Host Name
results.hostname string
Address
results.address string

PairInfo

Name Path Type Description
Success
success boolean
Total Records
totalRecords integer
results
results array of object
First Seen
results.firstSeen string
Last Seen
results.lastSeen string
Cause
results.cause string
Parent
results.parent string
Child
results.child string

TrackerInfo

Name Path Type Description
Success
success boolean
Total Records
totalRecords integer
results
results array of object
First Seen
results.firstSeen string
Last Seen
results.lastSeen string
Attribute Value
results.attributeValue string
Attribute Type
results.attributeType string
Host Name
results.hostname string
Address
results.address string

CookiesResponse

Name Path Type Description
Total Records
totalRecords integer
Success
success boolean
results
results array of CookieInfo

CookieInfo

Name Path Type Description
Cookie Domain
cookieDomain string
Cookie Name
cookieName string
Last Seen
lastSeen string
First Seen
firstSeen string
Host Name
hostname string

CookiesSearchResponse

Name Path Type Description
Success
success boolean
Total Records
totalRecords integer
results
results array of object
First Seen
results.firstSeen string
Last Seen
results.lastSeen string
Host Name
results.hostname string
Cookie Name
results.cookieName string
Cookie Domain
results.cookieDomain string

ComponentsSearchAddressesResponse

Name Path Type Description
Success
success boolean
Total Records
totalRecords integer
results
results array of object
First Seen
results.firstSeen string
Last Seen
results.lastSeen string
Version
results.version string
Category
results.category string
Label
results.label string
Address
results.address string

ComponentsSearchHostsResponse

Name Path Type Description
Success
success boolean
Total Records
totalRecords integer
results
results array of object
First Seen
results.firstSeen string
Last Seen
results.lastSeen string
Version
results.version string
Category
results.category string
Label
results.label string
Host Name
results.hostname string

PassiveDnsSearchResponse

Name Path Type Description
Total Records
totalRecords integer
First Seen
firstSeen string

First seen of passive dns search

Last Seen
lastSeen string

Last seen of passive dns search

results
results array of DnsSearchResult
Query Type
queryType string
Pager
pager string
Query Value
queryValue string

DnsSearchResult

Name Path Type Description
First Seen
firstSeen string

First seen of results

Resolve Type
resolveType string
Value
value string
Record Hash
recordHash string
Last Seen
lastSeen string

Last seen of results

Resolve
resolve string
Source
source array of string
Record Type
recordType string
Collected
collected string

PassiveUniqueDnsSearchResponse

Name Path Type Description
Pager
pager string
Frequency
frequency array of array
items
frequency array of
Query Value
queryValue string
Results
results array of string
Query Type
queryType string
Total
total integer

KeywordDnsSearchResponse

Name Path Type Description
results
results array of DnsKeywordSearchMatch
Query Value
queryValue string

DnsKeywordSearchMatch

Name Path Type Description
Field Match
fieldMatch string
Focus Point
focusPoint string
Match Type
matchType string

KeywordSearchResult

Name Path Type Description
Match Type
matchType string
Field Match
fieldMatch string
Focus Point
focusPoint string

WhoisKeywordSearchResponse

Name Path Type Description
Query Value
queryValue string
results
results array of KeywordSearchResult
Total Records
totalrecords integer

ResultListResponse

Name Path Type Description
Success
success boolean
results
results array of WhoisSearchResult
Total Records
totalrecords integer

WhoisSearchResult

Name Path Type Description
Telephone
telephone string
Name Servers
nameServers array of string
Billing
billing object
Zone
zone object
Admin
admin object
Tech
tech object
Registrant
registrant object
Registry Updated At
registryUpdatedAt string
Organization
organization string
Contact Email
contactEmail string
Registered
registered string
Last Loaded At
lastLoadedAt string
Expires At
expiresAt string
Domain
domain string
WHOIS Server
whoisServer string
Name
name string
Registrar
registrar string
Raw Text
rawText string

EnrichmentBulkResponse

Name Path Type Description
Results
results object

MalwareBulkSearchResults

Name Path Type Description
Success
success boolean
Results
results object

OsintBulkResponse

Name Path Type Description
Success
success boolean
Results
results object

ReputationResponse

Name Path Type Description
Score
score integer
Classification
classification string
rules
rules array of ReputationRules

ReputationRules

Name Path Type Description
Name
name string
Description
description string
Severity
severity integer
Link
link string

IntelProfilesResponse

Name Path Type Description
Id
id string
Title
title string
Link
link string
Osint Indicators Count
osintIndicatorsCount integer
Riskiq Indicators Count
riskIqIndicatorsCount integer
Indicators
indicators string
tags
tags array of IntelProfileTag
Aliases
aliases array of string

IntelProfilesListResponse

Name Path Type Description
Total Count
totalCount integer
results
results array of IntelProfilesResponse

IntelProfileTag

Name Path Type Description
Label
label string
Country Code
countryCode string

IntelProfilesIndicatorListResponse

Name Path Type Description
Total Count
totalCount integer
Types
types array of string
results
results array of IntelProfileIndicator

IntelProfileIndicator

Name Path Type Description
Id
id string
Profile Id
profileId string
Type
type string

Type of intel profile indicator

Value
value string
Category
category string
First Seen
firstSeen string
Last Seen
lastSeen string
Osint
osint boolean
Osint Url
osintUrl string
Article Guids
articleGuids array of string

VendorInfo

Name Path Type Description
Id
id integer
Name
name string
Observation Count
priorities.high.observationCount integer

High prioirity observation count

Link
priorities.high.link string

High priority link

Observation Count
priorities.medium.observationCount integer

Medium prioirity observation count

Link
priorities.medium.link string

Medium priority link

Observation Count
priorities.low.observationCount integer

Low prioirity observation count

Link
priorities.low.link string

Low priority link

AttackSurfaceResponse

Name Path Type Description
Total Count
totalCount integer
Total Pages
totalPages integer
NextPage
nextPage string
vendors
vendors array of VendorInfo

AttackSurfacePriorityResponse

Name Path Type Description
Active Insight Count
activeInsightCount integer
Total Insight Count
totalInsightCount integer
Total Observations
totalObservations integer
insights
insights array of InsightInfo

InsightInfo

Name Path Type Description
Name
name string
Description
description string
Observation Count
observationCount integer
Link
link string

AttackSurfaceInsightResponse

Name Path Type Description
Total Count
totalCount integer
Total Pages
totalPages integer
Next Page
nextPage string
assets
assets array of AssetInfo

AssetInfo

Name Path Type Description
Type
type string
Name
name string
First Seen
firstSeen string
Last Seen
lastSeen string

AttackSurfaceCveResponse

Name Path Type Description
Total Count
totalCount integer
Total Pages
totalPages integer
Next Page
nextPage string
cves
cves array of CveInfo

AttackSurfaceCveObservationsResponse

Name Path Type Description
Total Count
totalCount integer
Total Pages
totalPages integer
Next Page
nextPage string
Cve Id
cveId string
cwes
cwes array of CweInfo
assets
assets array of AssetInfo

VulnerableComponentResponse

Name Path Type Description
Total Count
totalCount integer
Total Pages
totalPages integer
Next Page
nextPage string
vulnerableComponents
vulnerableComponents array of VulnerableComponent

VulnerableComponent

Name Path Type Description
Name
name string
Type
type string
Severity
severity string
Count
count integer

CveInfo

Name Path Type Description
Cve Id
cveId string
Priority Score
priorityScore number
Observation Count
observationCount integer
Cve Link
cveLink string
cwes
cwes array of CweInfo

CweInfo

Name Path Type Description
Cwe Id
cweId string

anyVariableValue

The value of the variable.

The value of the variable.

object

This is the type 'object'.