RiskIQ Illuminate

  • Reference

RiskIQ Illuminate reveals cyber threats relevant to your critical assets through connected digital relationships. It is the only security intelligence solution with tailored attack surface intelligence to uncover exposures, risks, and threats against your unique digital footprint, pinpointing what’s relevant to you—all in one place.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name RiskIQ Illuminate
URL https://www.riskiq.com/contact-us/
Email support@riskiq.com
Connector Metadata
Publisher RiskIQ
Website https://www.riskiq.com/integrations/microsoft/
Privacy policy https://www.riskiq.com/privacy-policy/
Categories Security;IT Operations

Pre-requisites

You will need the following to proceed:

How to get credentials

Register for a test API key at RiskIQ Security Intelligence Services or contact your account representative (support@riskiq.com) to identify your existing customer keys.

Creating a connection

The connector supports the following authentication types:
Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
Token securestring The Token for this api True
Secret securestring The Secret for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Add project tags

Add tags to a project by project ID.
Add tags

Adds tags to a given artifact.
Artifact updates in bulk

Perform artifact updates in bulk.
Create artifact

Create artifact with given parameters.
Create artifacts in bulk

Create artifacts in bulk with given parameters.
Create project

Create project with given parameters.
Delete artifact with a UUID

Delete artifact having a certain UUID.
Delete artifacts in bulk

Delete artifacts in bulk by their artifacts ids.
Delete project

Delete project by project ID.
Delete tags

Removes tags from an artifact.
Find artifact

Read existing artifacts. If no filters are passed, this returns all your personal artifacts created by you or your organization.
Find project

Retrieve all information related to project.
Get account and organization quotas

Retrieve the details of current account and organization quotas.
Get account metadata and settings

Retrieve current account metadata and settings.
Get active monitors

Retrieve the set of active monitors.
Get addresses by component name

Searches the components addresses information by component name.
Get addresses by cookie domain

Searches the cookies addresses information by cookie domain.
Get addresses by cookie name

Searches the addresses information by cookie name.
Get alerts associated with an artifact or project

Retrieve all alerts associated with an artifact or project.
Get all indicators for given profile

Retrieves the indicators for the given profile id.
Get all profiles

Retrieves all profiles.
Get all profiles by indicator

Retrieves all profiles containing the given indicator.
Get all third party vendors

Finds all vendors associated with the given account.
Get API usage history

Retrieve the details of API usage history of the account.
Get article details

Retrieves the details of the article specified.
Get articles

Retrieves all articles.
Get articles by indicator

Retrieves all articles containing the indicator specified.
Get articles indicators

Retrieves articles indicators.
Get artifact tags

Retrieve the tags of an artifact or artifacts.
Get attack surface

Finds the Attack Surface information of the given account.
Get attack surface insight by insight Id

Finds the Attack Surface Insight Information given the insight ID for the given account
Get attack surface priority detail by level

Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account.
Get attack surface third party by vendor Id

Finds vendors associated with the given vendor id for given account account.
Get attack surface third party insight by vendor Id and insight Id

Finds vendors associated with the given vendor id and insight Id
Get attack surface third party priority detail by vendor Id and level

Finds vendors associated with the given vendor id and priority level for given account account.
Get attack surface third party vulnerabilities

Finds the Attack Surface Third-Party Vulnerability Information given the vendor ID.
Get attack surface third party vulnerability observations

Finds the Attack Surface Third-Party Vulnerability Observations given the vendor ID and CVE.
Get attack surface third party vulnerable components

Finds the Attack Surface Third-Party Vulnerable Components given the vendor ID.
Get attack surface vulnerability observations

Finds the Attack Surface Vulnerability Observations for the primary vendor given a CVE.
Get attack surface vulnerable components

Finds the Attack Surface Vulnerable Components for the primary vendor.
Get attack surface vulnerable information

Finds the Attack Surface Vulnerability Information for the primary vendor for the given account.
Get bulk classification status

Retrieve classification statuses for given domains.
Get classification status

Retrieve classification status for a given domain.
Get components

Retrieves the host attribute components of a query.
Get compromised status

Indicates whether or not a given domain has ever been compromised.
Get cookies

Retrieves the host attribute cookies related to the query.
Get current organization metadata

Retrieve the details of current organization metadata.
Get dynamic DNS status

Indicates whether or not a domain's DNS records are updated via dynamic DNS.
Get enrichment data

Get enrichment data for a query.
Get enrichment data bulk

Get bulk enrichment data for many queries.
Get hosts by component name

Searches the components hosts information by component name.
Get hosts by cookie domain

Searches the cookies hosts information by cookie domain.
Get hosts by cookie name

Searches the hosts information by cookie name.
Get items by classification

Retrieve items with the specified classification.
Get malware

Get malware data for a query.
Get malware bulk

Get bulk malware data for many queries.
Get monitor status

Indicates whether or not a domain is monitored.
Get OSINT

Get OSINT data for a query.
Get OSINT bulk

Get bulk OSINT data for many queries.
Get pairs

Retrieves the host attribute pairs related to the query.
Get passive DNS

Retrieves the passive DNS results from active account sources.
Get profile details

Retrieves the details for the given profile.
Get reputation

Retrieves reputation for given query.
Get sinkhole status

Indicates whether or not an IP address is a sinkhole.
Get sources used for queries

Retrieve the details of sources being used for queries.
Get SSL certificate

Retrieves an SSL certificate by its SHA-1 hash.
Get SSL certificate history

Retrieves the SSL certificate history for a given certificate SHA-1 hash or IP address.
Get subdomains

Get subdomains data for a query.
Get summary data card

Retrieves a summary data card associated to the given query.
Get tags

Get tags from a given artifact.
Get team activity

Retrieve the details of team activity.
Get the open ports info for the IP address given

The exposed services endpoints allow you to see services on recently open ports for an IP address.
Get trackers

Retrieves the host attribute trackers.
Get unique passive DNS

Retrieves the unique passive DNS results from active account sources.
Get WHOIS

Retrieves the WHOIS data for the specified query.
Remove artifact tags

Remove a set of tags from an artifact or artifacts.
Remove project tags

Remove tags from a project by project ID.
Search passive DNS

Searches the passive DNS data for a keyword query.
Search SSL certificates

Retrieves SSL certificates for a given field value.
Search SSL certificates by keyword

Retrieves SSL certificates for a given keyword.
Search tags

Retrieve artifacts for a given tag.
Search trackers that match the criteria

Retrieves hosts or IP addresses that employ a specific user tracking service.
Search WHOIS

Searches WHOIS data by field and query.
Search WHOIS keyword

Search WHOIS data for a keyword.
Set artifact tags

Set the tags of an artifact or artifacts.
Set bulk classification status

Set classification statuses for given domains.
Set classification status

Sets the classification status for a given domain.
Set compromised status

Sets status for a domain to indicate if it has ever been compromised.
Set dynamic DNS status

Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.
Set project tags

Set the project tags of given project ID.
Set sinkhole status

Sets status for an IP address to indicate whether or not it is a sinkhole.
Set tags

Sets tags to a given artifact.
Update artifact

Update artifact, or toggle monitoring status.
Update artifact tags

Add tags to an artifact or artifacts.
Update project

Updates a project denoted by project ID.

Add project tags

Operation ID:
AddProjectTags

Add tags to a project by project ID.

Parameters

Name Key Required Type Description
object

Returns

Body
ProjectResponse

Add tags

Operation ID:
AddTags

Adds tags to a given artifact.

Parameters

Name Key Required Type Description
object

Returns

Body
TagActionResponse

Artifact updates in bulk

Operation ID:
BulkArtifactUpdate

Perform artifact updates in bulk.

Parameters

Name Key Required Type Description
object

Returns

Bulk Update Response

response
object

Create artifact

Operation ID:
CreateArtifact

Create artifact with given parameters.

Parameters

Name Key Required Type Description
object

Returns

Body
SingleArtifactResponse

Create artifacts in bulk

Operation ID:
BulkArtifactCreate

Create artifacts in bulk with given parameters.

Parameters

Name Key Required Type Description
object

Returns

Bulk Create Response

response
object

Create project

Operation ID:
CreateProject

Create project with given parameters.

Parameters

Name Key Required Type Description
object

Returns

Body
ProjectResponse

Delete artifact with a UUID

Operation ID:
DeleteArtifact

Delete artifact having a certain UUID.

Parameters

Name Key Required Type Description
object

Returns

Body
SingleArtifactResponse

Delete artifacts in bulk

Operation ID:
BulkArtifactDelete

Delete artifacts in bulk by their artifacts ids.

Parameters

Name Key Required Type Description
object

Returns

Bulk Delete Response

response
object

Delete project

Operation ID:
DeleteProject

Delete project by project ID.

Parameters

Name Key Required Type Description
object

Returns

Body
ProjectResponse

Delete tags

Operation ID:
DeleteTags

Removes tags from an artifact.

Parameters

Name Key Required Type Description
object

Returns

Body
TagActionResponse

Find artifact

Operation ID:
FindArtifact

Read existing artifacts. If no filters are passed, this returns all your personal artifacts created by you or your organization.

Parameters

Name Key Required Type Description
Artifact
 artifact string

The artifact UUID id
Project
 project string

Filter by project UUID id
Owner
 owner string

Filter by owner (an email or organization id)
Creator
 creator string

Filter by creator
Organization
 organization string

Filter by organization
Query
 query string

Filter by query (passivetotal.org, etc)
Type
 type string

Filter by type (domain, ip, etc)

Returns

Find Artifact Response

response
object

Find project

Operation ID:
FindProject

Retrieve all information related to project.

Parameters

Name Key Required Type Description
Project
 project string

Filter by project id
Owner
 owner string

Filter by owner (an email or organization id)
Creator
 creator string

Filter by creator email
Organization
 organization string

Filter by organization
Visibility
 visibility string

Filter by visibility
Featured
 featured boolean

Filter by featured status

Returns

Find Project Response

response
object

Get account and organization quotas

Operation ID:
Quota

Retrieve the details of current account and organization quotas.

Returns

Body
QuotaResponse

Get account metadata and settings

Operation ID:
Account

Retrieve current account metadata and settings.

Returns

Body
AccountResponse

Get active monitors

Operation ID:
Monitors

Retrieve the set of active monitors.

Returns

Body
MonitorsResponse

Get addresses by component name

Operation ID:
GetAddressesByComponentName

Searches the components addresses information by component name.

Parameters

Name Key Required Type Description
Name
 name True string

Component name
Version
 version string

Component version to search for
Category
 category string

Component category to search for
Page
 page integer

Page number for paging through results, defaults to 0
Sort
 sort string

Field to sort on, default value lastSeen
Order
 order string

Order to return results in, default value desc

Returns

Body
ComponentsSearchAddressesResponse
Operation ID:
GetAddressesByCookieDomain

Searches the cookies addresses information by cookie domain.

Parameters

Name Key Required Type Description
Domain
 domain True string

Cookie domain
Page
 page integer

Page number for paging through results, defaults to 0
Sort
 sort string

Field to sort on, default value lastSeen
Order
 order string

Order to return results in, default value desc

Returns

Body
CookiesSearchResponse
Operation ID:
GetAddressesByCookieName

Searches the addresses information by cookie name.

Parameters

Name Key Required Type Description
Name
 name True string

Cookie name
Page
 page integer

Page number for paging through results, defaults to 0
Sort
 sort string

Field to sort on, default value lastSeen
Order
 order string

Order to return results in, default value desc

Returns

Body
CookiesSearchResponse

Get alerts associated with an artifact or project

Operation ID:
GetAlerts

Retrieve all alerts associated with an artifact or project.

Parameters

Name Key Required Type Description
Project
 project string

The project to filter on
Artifact
 artifact string

The artifact to filter on
Start
 start string

Filter results to after this datetime. Formats:"yyyy-MM-dd HH:mm:ss"
End
 end string

Filter results to before this datetime. Formats:"yyyy-MM-dd HH:mm:ss"
Size
 size integer

Max number of results, default is 25
Page
 page integer

Page number, default is 0

Returns

Body
MonitorResponse

Get all indicators for given profile

Operation ID:
GetIndicatorsOfProfile

Retrieves the indicators for the given profile id.

Parameters

Name Key Required Type Description
Id
 id True string

Profile Id
Query
 query string

Indicator value to search for in profiles
Types
 types string

Indicator types to filter by. E.g. domain
Categories
 categories string

Indicator categories to filter by. E.g. host
Sources
 sources string

Indicator sources to filter by. Allowed values: osint, riskiq
Page
 page integer

Page number for paging through results, defaults to 0
Size
 size integer

Maximum number of results to return per page, defaults to 25

Returns

Body
IntelProfilesIndicatorListResponse

Get all profiles

Operation ID:
GetAllProfiles

Retrieves all profiles.

Parameters

Name Key Required Type Description
Query
 query string

Query to search
Type
 type string

Profile type to search by. E.g. actor

Returns

Body
IntelProfilesListResponse

Get all profiles by indicator

Operation ID:
GetAllProfilesByIndicators

Retrieves all profiles containing the given indicator.

Parameters

Name Key Required Type Description
Query
 query True string

Indicator value to search for in profiles
Types
 types string

Indicator types to filter by. E.g. domain
Categories
 categories string

Indicator categories to filter by. E.g. host
Sources
 sources string

Indicator sources to filter by. Allowed values: osint, riskiq

Returns

Body
IntelProfilesListResponse

Get all third party vendors

Operation ID:
GetVendors

Finds all vendors associated with the given account.

Parameters

Name Key Required Type Description
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0
Size
 size integer

The number of matching records to return per page

Returns

Body
AttackSurfaceResponse

Get API usage history

Operation ID:
History

Retrieve the details of API usage history of the account.

Parameters

Name Key Required Type Description
Source
 source string

History type (api/web), defaults to both
Date
 dt string

Date to start showing results for
Focus
 focus string

Query to filter for (domain, ip, etc)

Returns

Body
HistoryResponse

Get article details

Operation ID:
GetArticleDetails

Retrieves the details of the article specified.

Parameters

Name Key Required Type Description
Article
 article True string

Article short guid

Returns

Body
ArticlesResponse

Get articles

Operation ID:
GetArticles

Retrieves all articles.

Parameters

Name Key Required Type Description
Sort
 sort string

Order to sort, defaults to created
Order
 order string

Field name to sort by, defaults to desc
Page
 page integer

Page number for paging through results, defaults to 0

Returns

Body
ArticlesListResponse

Get articles by indicator

Operation ID:
GetArticlesByIndicator

Retrieves all articles containing the indicator specified.

Parameters

Name Key Required Type Description
Query
 query True string

Indicator value to search for in articles (e.g. domain, ip)
Type
 type string

Indicator type to filter by

Returns

Body
ArticlesListResponse

Get articles indicators

Operation ID:
GetArticlesIndicators

Retrieves articles indicators.

Parameters

Name Key Required Type Description
Article GUID
 articleGuid string

The article short guid. Use this parameter if you want to consult the indicators of a single article
Start Date
 startDate string

This represents the publish date of articles where you want to start looking at indicators Formats:yyyy-MM-dd HH:mm:ss

Returns

Body
ArticlesIndicatorsResponse

Get artifact tags

Operation ID:
GetArtifactTags

Retrieve the tags of an artifact or artifacts.

Parameters

Name Key Required Type Description
Artifact
 artifact True string

The artifact UUID or UUIDs to list

Returns

Body
ArtifactTagResponse

Get attack surface

Operation ID:
GetAttackSurface

Finds the Attack Surface information of the given account.

Returns

Body
VendorInfo

Get attack surface insight by insight Id

Operation ID:
GetAttackSurfaceByInsight

Finds the Attack Surface Insight Information given the insight ID for the given account

Parameters

Name Key Required Type Description
Insight Id
 insightId True integer

Insight Id
Group By
 groupBy string

The group by value (bar) to group by, based on the chart's groupBy field
Segment By
 segmentBy string

The group by value (bar segment) to segment by, based on the chart's segmentBy field
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0
Size
 size integer

The number of matching records to return per page

Returns

Body
AttackSurfaceInsightResponse

Get attack surface priority detail by level

Operation ID:
GetAttackSurfaceByLevel

Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account.

Parameters

Name Key Required Type Description
Level
 level True string

Priority level (high/medium/low)

Returns

Body
AttackSurfacePriorityResponse

Get attack surface third party by vendor Id

Operation ID:
GetVendorById

Finds vendors associated with the given vendor id for given account account.

Parameters

Name Key Required Type Description
Id
 id True integer

Vendor Id

Returns

Body
VendorInfo

Get attack surface third party insight by vendor Id and insight Id

Operation ID:
GetVendorsByInsightId

Finds vendors associated with the given vendor id and insight Id

Parameters

Name Key Required Type Description
Id
 id True integer

Vendor Id
Insight Id
 insightId True integer

Insight Id
Group By
 groupBy string

The group by value (bar) to group by, based on the chart's groupBy field
Segment By
 segmentBy string

The group by value (bar segment) to segment by, based on the chart's segmentBy field
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0
Size
 size integer

The number of matching records to return per page

Returns

Body
AttackSurfaceInsightResponse

Get attack surface third party priority detail by vendor Id and level

Operation ID:
GetVendorsByLevel

Finds vendors associated with the given vendor id and priority level for given account account.

Parameters

Name Key Required Type Description
Id
 id True integer

Vendor Id
Level
 level True string

Priority level (high/medium/low)

Returns

Body
AttackSurfacePriorityResponse

Get attack surface third party vulnerabilities

Operation ID:
GetThirdPartyVulnInfo

Finds the Attack Surface Third-Party Vulnerability Information given the vendor ID.

Parameters

Name Key Required Type Description
Id
 id True integer

Vendor Id
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.
Size
 size integer

The number of matching records to return per page

Returns

Body
AttackSurfaceCveResponse

Get attack surface third party vulnerability observations

Operation ID:
GetThirdPartyVulnObservation

Finds the Attack Surface Third-Party Vulnerability Observations given the vendor ID and CVE.

Parameters

Name Key Required Type Description
Id
 id True integer

Vendor Id
Cve Id
 cveId True string

Cve Id
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.
Size
 size integer

The number of matching records to return per page

Returns

Body
AttackSurfaceCveObservationsResponse

Get attack surface third party vulnerable components

Operation ID:
GetThirdPartyVulnComponents

Finds the Attack Surface Third-Party Vulnerable Components given the vendor ID.

Parameters

Name Key Required Type Description
Id
 id True integer

Vendor Id
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.
Size
 size integer

The number of matching records to return per page

Returns

Body
VulnerableComponentResponse

Get attack surface vulnerability observations

Operation ID:
GetVulnObservation

Finds the Attack Surface Vulnerability Observations for the primary vendor given a CVE.

Parameters

Name Key Required Type Description
Cve Id
 cveId True string

Cve Id
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0.
Size
 size integer

The number of matching records to return per page

Returns

Body
AttackSurfaceCveObservationsResponse

Get attack surface vulnerable components

Operation ID:
GetVulnComponents

Finds the Attack Surface Vulnerable Components for the primary vendor.

Parameters

Name Key Required Type Description
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0
Size
 size integer

The number of matching records to return per page

Returns

Body
VulnerableComponentResponse

Get attack surface vulnerable information

Operation ID:
GetVulnInfo

Finds the Attack Surface Vulnerability Information for the primary vendor for the given account.

Parameters

Name Key Required Type Description
Page
 page integer

The index of the page to retrieve. The index is zero based so the first page is page 0
Size
 size integer

The number of matching records to return per page

Returns

Body
AttackSurfaceCveResponse

Get bulk classification status

Operation ID:
GetBulkClassificationStatus

Retrieve classification statuses for given domains.

Parameters

Name Key Required Type Description
Query
 query True array

Domains for which to retrieve classification statuses

Returns

Body
BulkClassificationResponse

Get classification status

Operation ID:
GetClassificationStatus

Retrieve classification status for a given domain.

Parameters

Name Key Required Type Description
Query
 query True string

Domain for which to retrieve classification status

Returns

Body
ClassificationInfo

Get components

Operation ID:
GetComponents

Retrieves the host attribute components of a query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried
Start
 start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
End
 end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
Page
 page integer

Page number for paging through results, defaults to 0

Returns

Body
ComponentInfo

Get compromised status

Operation ID:
GetCompromisedStatus

Indicates whether or not a given domain has ever been compromised.

Parameters

Name Key Required Type Description
Query
 query True string

Domain to check for compromised status

Returns

Body
CompromisedStatusResponse

Get cookies

Operation ID:
GetCookies

Retrieves the host attribute cookies related to the query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried
Start
 start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
End
 end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
Page
 page integer

Page number for paging through results, defaults to 0

Returns

Body
CookiesResponse

Get current organization metadata

Operation ID:
Organization

Retrieve the details of current organization metadata.

Returns

Body
OrganizationResponse

Get dynamic DNS status

Operation ID:
GetDynamicDNSStatus

Indicates whether or not a domain's DNS records are updated via dynamic DNS.

Parameters

Name Key Required Type Description
Query
 query True string

Domain for which to retrieve dynamic DNS status

Returns

Body
DynamicDnsResponse

Get enrichment data

Operation ID:
GetEnrichment

Get enrichment data for a query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried

Returns

Body
EnrichmentResponse

Get enrichment data bulk

Operation ID:
GetBulkEnrichment

Get bulk enrichment data for many queries.

Parameters

Name Key Required Type Description
Query
 query True array

The domains and IPs being queried

Returns

Body
EnrichmentBulkResponse

Get hosts by component name

Operation ID:
GetHostsByComponentName

Searches the components hosts information by component name.

Parameters

Name Key Required Type Description
Name
 name True string

Component name
Version
 version string

Component version to search for
Category
 category string

Component category to search for
Page
 page integer

Page number for paging through results, defaults to 0
Sort
 sort string

Field to sort on, default value lastSeen
Order
 order string

Order to return results in, default value desc

Returns

Body
ComponentsSearchHostsResponse
Operation ID:
GetHostsByCookieDomain

Searches the cookies hosts information by cookie domain.

Parameters

Name Key Required Type Description
Domain
 domain True string

Cookie domain
Page
 page integer

Page number for paging through results, defaults to 0
Sort
 sort string

Field to sort on, default value lastSeen
Order
 order string

Order to return results in, default value desc

Returns

Body
CookiesSearchResponse
Operation ID:
GetHostsByCookieName

Searches the hosts information by cookie name.

Parameters

Name Key Required Type Description
Name
 name True string

Cookie name
Page
 page integer

Page number for paging through results, defaults to 0
Sort
 sort string

Field to sort on, default value lastSeen
Order
 order string

Order to return results in, default value desc

Returns

Body
CookiesSearchResponse

Get items by classification

Operation ID:
Classifications

Retrieve items with the specified classification.

Parameters

Name Key Required Type Description
Classification
 classification string

Classification for which to retrieve items for

Returns

Body
ClassificationsResponse

Get malware

Operation ID:
GetMalware

Get malware data for a query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried

Returns

Body
EnrichmentMalwareResponse

Get malware bulk

Operation ID:
GetMalwareBulk

Get bulk malware data for many queries.

Parameters

Name Key Required Type Description
Query
 query True string

The domains and IPs being queried

Returns

Body
MalwareBulkSearchResults

Get monitor status

Operation ID:
GetMonitorStatus

Indicates whether or not a domain is monitored.

Parameters

Name Key Required Type Description
Query
 query True string

Domain for which to check for monitoring

Returns

Body
MonitorStatusResponse

Get OSINT

Operation ID:
GetOSINT

Get OSINT data for a query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried

Returns

Body
EnrichmentOsintResponse

Get OSINT bulk

Operation ID:
GetOSINTBulk

Get bulk OSINT data for many queries.

Parameters

Name Key Required Type Description
Query
 query True string

The domains and IPs being queried

Returns

Body
OsintBulkResponse

Get pairs

Operation ID:
GetPairs

Retrieves the host attribute pairs related to the query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried
Direction
 direction True string

The domain or IP being queried
Start
 start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
End
 end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
Page
 page integer

Page number for paging through results, defaults to 0

Returns

Body
PairInfo

Get passive DNS

Operation ID:
GetPassiveDNS

Retrieves the passive DNS results from active account sources.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried
Start
 start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
End
 end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
Timeout
 timeout integer

Timeout to use for external resources, defaults to 7

Returns

Body
PassiveDnsSearchResponse

Get profile details

Operation ID:
GetProfile

Retrieves the details for the given profile.

Parameters

Name Key Required Type Description
Id
 id True string

Profile Id

Returns

Body
IntelProfilesResponse

Get reputation

Operation ID:
Reputation

Retrieves reputation for given query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain, host or IP being queried

Returns

Body
ReputationResponse

Get sinkhole status

Operation ID:
GetSinkholeStatus

Indicates whether or not an IP address is a sinkhole.

Parameters

Name Key Required Type Description
Query
 query True string

IP address to check for sinkhole status

Returns

Body
SinkholeStatusResponse

Get sources used for queries

Operation ID:
Sources

Retrieve the details of sources being used for queries.

Parameters

Name Key Required Type Description
Source
 source string

The source to filter on

Returns

Body
SourcesResponse

Get SSL certificate

Operation ID:
GetSSLCertificate

Retrieves an SSL certificate by its SHA-1 hash.

Parameters

Name Key Required Type Description
Query
 query True string

SHA-1 hash of the certificate to retrieve

Returns

Body
SSLResponse

Get SSL certificate history

Operation ID:
GetSSLCertificateHistory

Retrieves the SSL certificate history for a given certificate SHA-1 hash or IP address.

Parameters

Name Key Required Type Description
Query
 query True string

SHA-1 hash or associated IP address for which to retrieve certificate history

Returns

Body
SSLHistoryResponse

Get subdomains

Operation ID:
GetSubDomains

Get subdomains data for a query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain being queried

Returns

Body
EnrichmentSubdomainsResponse

Get summary data card

Operation ID:
SummaryDataCard

Retrieves a summary data card associated to the given query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP address to be queried

Returns

Body
SummaryDataCardResponse

Get tags

Operation ID:
GetTags

Get tags from a given artifact.

Parameters

Name Key Required Type Description
Query
 query True string

Artifact for which to retrieve tags

Returns

Body
TagActionResponse

Get team activity

Operation ID:
Teamstream

Retrieve the details of team activity.

Parameters

Name Key Required Type Description
Source
 source string

Filter to this source
Date
 dt string

Filter to this datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
Type
 type string

Filter by type field
Focus
 focus string

Filter by focus (domain, ip, etc)

Returns

Body
TeamstreamResponse

Get the open ports info for the IP address given

Operation ID:
GetOpenPorts

The exposed services endpoints allow you to see services on recently open ports for an IP address.

Parameters

Name Key Required Type Description
Query
 query True string

The IP being queried

Returns

Body
ServicesResponse

Get trackers

Operation ID:
GetTrackers

Retrieves the host attribute trackers.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried
Start
 start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
End
 end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
Page
 page integer

Page number for paging through results, defaults to 0

Returns

Body
TrackerInfo

Get unique passive DNS

Operation ID:
GetUniquePassiveDNS

Retrieves the unique passive DNS results from active account sources.

Parameters

Name Key Required Type Description
Query
 query True string

The domain or IP being queried
Start
 start string

The start datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
End
 end string

The end datetime. Formats: "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss"
Timeout
 timeout integer

Timeout to use for external resources, defaults to 7

Returns

Body
PassiveUniqueDnsSearchResponse

Get WHOIS

Operation ID:
GetWHOIS

Retrieves the WHOIS data for the specified query.

Parameters

Name Key Required Type Description
Query
 query True string

The domain being queried
Compact Record
 compact_record boolean

Whether to compress the results
History
 history boolean

Whether to return historical results

Returns

Return the WHOIS data

response
object

Remove artifact tags

Operation ID:
RemoveArtifactTags

Remove a set of tags from an artifact or artifacts.

Parameters

Name Key Required Type Description
object

Returns

Remove Artifact Tag Response

response
object

Remove project tags

Operation ID:
RemoveProjectTags

Remove tags from a project by project ID.

Parameters

Name Key Required Type Description
object

Returns

Body
ProjectResponse

Search passive DNS

Operation ID:
SearchByKeyword

Searches the passive DNS data for a keyword query.

Parameters

Name Key Required Type Description
Query
 query True string

The query to execute as a keyword search.

Returns

Body
KeywordDnsSearchResponse

Search SSL certificates

Operation ID:
SearchSSLCertificates

Retrieves SSL certificates for a given field value.

Parameters

Name Key Required Type Description
Field
 field True string

Field by which to search
Query
 query True string

Field value for which to search

Returns

Body
SSLSearchResponse

Search SSL certificates by keyword

Operation ID:
SearchSSLCertificatesByKeyword

Retrieves SSL certificates for a given keyword.

Parameters

Name Key Required Type Description
Query
 query True string

Keyword on which to search

Returns

Body
SSLSearchKeywordResponse

Search tags

Operation ID:
SearchTags

Retrieve artifacts for a given tag.

Parameters

Name Key Required Type Description
Query
 query True string

Tag for which to retrieve artifacts

Returns

Body
ActionSearchTagResponse

Search trackers that match the criteria

Operation ID:
SearchTrackers

Retrieves hosts or IP addresses that employ a specific user tracking service.

Parameters

Name Key Required Type Description
Query
 query True string

Host from which trackers originate
Type
 type True string

Type of trackers to retrieve a type other than the officially supported ones may be supplied

Returns

Body
TrackersSearchResponse

Search WHOIS

Operation ID:
SearchWHOIS

Searches WHOIS data by field and query.

Parameters

Name Key Required Type Description
Query
 query True string

The value of the field being queried
Field
 field True string

The field to query

Returns

Body
ResultListResponse

Search WHOIS keyword

Operation ID:
SearchWHOISKeyword

Search WHOIS data for a keyword.

Parameters

Name Key Required Type Description
Query
 query True string

The value of the field being queried

Returns

Body
WhoisKeywordSearchResponse

Set artifact tags

Operation ID:
SetArtifactTags

Set the tags of an artifact or artifacts.

Parameters

Name Key Required Type Description
object

Returns

Set Artifact Tag Response

response
object

Set bulk classification status

Operation ID:
SetBulkClassificationStatus

Set classification statuses for given domains.

Parameters

Name Key Required Type Description
object

Returns

Body
ClassificationInfo

Set classification status

Operation ID:
SetClassificationStatus

Sets the classification status for a given domain.

Parameters

Name Key Required Type Description
object

Returns

Body
ClassificationInfo

Set compromised status

Operation ID:
SetCompromisedStatus

Sets status for a domain to indicate if it has ever been compromised.

Parameters

Name Key Required Type Description
object

Returns

Body
CompromisedStatusResponse

Set dynamic DNS status

Operation ID:
SetDynamicDNSStatus

Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.

Parameters

Name Key Required Type Description
object

Returns

Body
DynamicDnsResponse

Set project tags

Operation ID:
SetProjectTags

Set the project tags of given project ID.

Parameters

Name Key Required Type Description
object

Returns

Body
ProjectResponse

Set sinkhole status

Operation ID:
SetSinkholeStatus

Sets status for an IP address to indicate whether or not it is a sinkhole.

Parameters

Name Key Required Type Description
object

Returns

Body
SinkholeStatusResponse

Set tags

Operation ID:
SetTags

Sets tags to a given artifact.

Parameters

Name Key Required Type Description
object

Returns

Body
TagActionResponse

Update artifact

Operation ID:
UpdateArtifact

Update artifact, or toggle monitoring status.

Parameters

Name Key Required Type Description
object

Returns

Body
SingleArtifactResponse

Update artifact tags

Operation ID:
UpdateArtifactTags

Add tags to an artifact or artifacts.

Parameters

Name Key Required Type Description
object

Returns

Update Artifact Tag Response

response
object

Update project

Operation ID:
UpdateProject

Updates a project denoted by project ID.

Parameters

Name Key Required Type Description
object

Returns

Body
ProjectResponse

Definitions

AccountResponse

Name Path Type Description
Two Factor Enabled
 features.two_factor_enabled boolean
Calendly Integration
 features.calendly_integration boolean
Analyst Insights
 features.analyst_insights boolean

Analyst insights feature flag
Analyst Projects
 features.analyst_projects boolean
Async Heatmap
 features.async_heatmap boolean
Tab Update
 features.tab_update boolean
MSFT Integration
 features.msft_integration boolean
Exposed Services
 features.exposed_services boolean
Community Relaunch
 features.community_relaunch boolean
Data Table Improvement
 features.data_table_improvement boolean
Project Selector V2
 features.project_selector_v2 boolean
WHOIS History
 features.whois_history boolean

WHOIS history feature flag
Server Side Facets
 features.server_side_facets boolean
Projects Tabs
 features.projects_tabs boolean
Projects Share
 features.projects_share boolean
illuminate
 features.illuminate boolean
Triage
 features.triage boolean
Data Table Paginated
 features.data_table_paginated boolean
Username
 username string
Guest
 guest boolean
First Name
 firstName string
Last Name
 lastName string
Full Name
 fullName string
Organization
 organization string
First Active
 firstActive string
Last Active
 lastActive string
Verified
 verified string
Supplied Organization
 suppliedOrganization string
jobRole
 jobRole anyVariableValue

The value of the variable.
Roles
 roles array of string
Enterprise User
 enterpriseUser string
Approved Sources
 approvedSources string
Country
 country string
Phone Number
 phoneNumber string
State Or Region
 stateOrRegion string
Search Web Quota Exceeded
 searchWebQuotaExceeded boolean
Search API Quota Exceeded
 searchApiQuotaExceeded boolean
Project Public Quota Exceeded
 projectPublicQuotaExceeded boolean
Project Private Quota Exceeded
 projectPrivateQuotaExceeded boolean
Account Status
 accountStatus string
Monitor Frequency
 monitorFrequency string
Email Digest Frequency
 emailDigestFrequency string
Workspace ID
 workspaceId integer
Permissions
 permissions array of
Disable History
 disableHistory boolean
ssoIntegrationId
 ssoIntegrationId anyVariableValue

The value of the variable.
ssoAuthPartnerId
 ssoAuthPartnerId anyVariableValue

The value of the variable.
SSO Success
 ssoSuccess boolean
daysLeftOnTrial
 daysLeftOnTrial anyVariableValue

The value of the variable.
Dark Mode
 darkMode boolean

Dark mode feature flag
Home Opt In
 homeOptIn boolean

New home screen feature flag
Hide Home Opt In
 hideHomeOptIn boolean

Hide new home screen feature flag
Dark Mode
 preferences.darkMode boolean

Dark mode preference flag
Article Page Size
 preferences.articlePageSize integer
PT Classic Mode
 preferences.ptClassicMode boolean
Never Logged In
 preferences.neverLoggedIn boolean
Home Opt In
 preferences.homeOptIn boolean

New home screen preference flag
Hide Home Opt In
 preferences.hideHomeOptIn boolean

Hide new home screen preference flag
Trackers
 datasets.trackers boolean
Components
 datasets.components boolean
Host Pairs
 datasets.hostPairs boolean
malware
 datasets.malware anyVariableValue

The value of the variable.
WHOIS History
 datasets.whoisHistory boolean

WHOIS history dataset flag
WHOIS
 datasets.whois boolean
sslCerts
 datasets.sslCerts anyVariableValue

The value of the variable.
Attack Surface Intel
 datasets.attackSurfaceIntel boolean
Services
 datasets.services boolean
pdns
 datasets.pdns anyVariableValue

The value of the variable.
Cookies
 datasets.cookies boolean
Reputation
 datasets.reputation boolean
Analyst Insights
 datasets.analystInsights boolean

Analyst insights dataset flag
Deep Dark Web
 datasets.deepDarkWeb boolean
Brand Intel
 datasets.brandIntel boolean
RiskIQ Article Indicators
 datasets.riskiqArticleIndicators boolean
Adversary Intel
 datasets.adversaryIntel boolean
event_code
 event_code anyVariableValue

The value of the variable.
user_id
 user_id anyVariableValue

The value of the variable.
user_hash
 user_hash anyVariableValue

The value of the variable.

HistoryResponse

Name Path Type Description
history
 history array of History
teamstream
 teamstream anyVariableValue

The value of the variable.

History

Name Path Type Description
Focus
 focus string
Context
 context integer
Username
 username string
Date
 dt string
GUID
 guid string
Source
 source string
Type
 type string

MonitorsResponse

Name Path Type Description
monitors
 monitors array of Monitor

Monitor

Name Path Type Description
Focus
 focus string
Tags
 tags array of string

OrganizationResponse

Name Path Type Description
Registered
 registered string
Name
 name string
ID
 id string
watchQuota
 watchQuota anyVariableValue

The value of the variable.
licenses
 licenses OrganizationLicenses
Seats
 seats integer
illuminate
 features.illuminate boolean

illuminate feature flag
Triage
 features.triage boolean
Status
 status string
licensedMembers
 licensedMembers OrganizationLicensedMembers
Active Members
 activeMembers array of string
searchQuota
 searchQuota anyVariableValue

The value of the variable.
Show Team Search History
 showTeamSearchHistory boolean
disableIndividualSearchHistory
 disableIndividualSearchHistory anyVariableValue

The value of the variable.
disableTeamSearchHistory
 disableTeamSearchHistory anyVariableValue

The value of the variable.
Last Active
 lastActive string
Default Domains
 defaultDomains array of string
Acceptable Domains
 acceptableDomains array of string
Active
 active boolean
Inactive Members
 inactiveMembers array of
Admins
 admins array of string
disabledMembers
 disabledMembers anyVariableValue

The value of the variable.
usersNotSignedUpYet
 usersNotSignedUpYet anyVariableValue

The value of the variable.
Has Falcon Creds
 hasFalconCreds boolean
sources
 sources anyVariableValue

The value of the variable.
Enabled
 enhancedAttackSurfaceData.enabled boolean
Primary
 enhancedAttackSurfaceData.primary array of
Max Vendors
 enhancedAttackSurfaceData.maxVendors integer
Vendors
 enhancedAttackSurfaceData.vendors array of

OrganizationLicenses

Name Path Type Description
Enterprise
 enterprise integer

Enterprise organization licenses
Cyber Threat Intel
 cyberThreatIntel integer

Cyber threat intel licenses
SecOps Intel
 secOpsIntel integer

SecOps licenses
illuminate
 illuminate integer

illuminate licenses

OrganizationLicensedMembers

Name Path Type Description
Enterprise
 enterprise array of string

Enterprise organization licensed members
illuminate
 illuminate array of string

illuminate licensed members
Cyber Threat Intel
 cyberThreatIntel array of string

Cyber threat intel licensed members
SecOps Intel
 secOpsIntel array of string

SecOps licensed members

Organization

Name Path Type Description
Owner
 owner string

Organization owners
Name
 organization string

Name of organization
GUID
 guid string

GUID of organization
Keyword Monitors
 counts.keyword_monitors integer

Keyword monitors used(Organization)
Search API
 counts.search_api integer

API searches used(Organization)
Basic Monitors
 counts.basic_monitors integer

Basic monitors used(Organization)
Search Web
 counts.search_web integer

Web searches used(Organization)
Projects Private
 counts.projects_private integer

Private projects used(Organization)
Projects Public
 counts.projects_public integer

Public projects used(Organization)
Search API
 freebies.search_api integer

API searches used free accounts(Organization)
Search Web
 freebies.search_web integer

Web searches used by free accounts(Organization)
Analysis
 profile.analysis string

Analysis profile(Organization)
Workflow
 profile.workflow string

Workflow profile(Organization)
Search API
 limits.search_api integer

API search limits(Organization)
Basic Monitors
 limits.basic_monitors integer

Basic monitor limit(Organization)
Monitor Results
 limits.monitor_results integer

Monitor results limit(Organization)
Projects Private
 limits.projects_private integer

Private project limit(Organization)
Monitor Frequency
 limits.monitor_frequency string

Monitor frequency(Organization)
Keyword Monitors
 limits.keyword_monitors integer

Keyword monitor limit(Organization)
Search Web
 limits.search_web integer

Web search limits(Organization)
Projects Public
 limits.projects_public integer

Public project limit(Organization)
Create Crawls
 limits.create_crawls integer

Crawl limits(Organization)
Crawl Submissions
 limits.crawl_submissions integer

Crawl submission limits(Organization)
Quota Interval
 quotaInterval string

Quota interval of organization
licenseCounts
 licenseCounts OrganizationLicenseCounts

License counts of organization
licenseLimits
 licenseLimits OrganizationLicenseLimits

License limits of organization
Use Monthly Quota Inactive
 useMonthlyQuotaInactive boolean

Monthly quota inactive of organization
Next Reset
 next_reset string

Next reset of organization
Last Reset
 last_reset string

Last quota reset for organization
Username
 username string

Username of organization
event_code
 event_code anyVariableValue

The value of the variable.
event_code_expiration
 event_code_expiration anyVariableValue

The value of the variable.

OrganizationLicenseCounts

License counts of organization

Name Path Type Description
Search API
 enterprise.searchApi integer

Enterprise api searches used
Search Web
 enterprise.searchWeb integer

Enterprise web searches used(Organization)
Search API
 cyberThreatIntel.searchApi integer

Cyber threat intel api searches used
Search Web
 cyberThreatIntel.searchWeb integer

Cyber threat intel web searches used(Organization)
Search API
 secOpsIntel.searchApi integer

SecOps api searches used
Search Web
 secOpsIntel.searchWeb integer

SecOps web searches used(Organization)
Search API
 illuminate.searchApi integer

illuminate api searches used
Search Web
 illuminate.searchWeb integer

illuminate web searches used(Organization)

OrganizationLicenseLimits

License limits of organization

Name Path Type Description
Search API
 enterprise.searchApi integer

Enterprise api search limit
Search Web
 enterprise.searchWeb integer

Enterprise web search limit(Organization)
Search API
 cyberThreatIntel.searchApi integer

Cyber threat intel api search limit
Search Web
 cyberThreatIntel.searchWeb integer

Cyber threat intel web search limit(Organization)
Search API
 secOpsIntel.searchApi integer

SecOps api search limit
Search Web
 secOpsIntel.searchWeb integer

SecOps web search limit(Organization)
Search API
 illuminate.searchApi integer

illuminate api search limit
Search Web
 illuminate.searchWeb integer

illuminate web search limit(Organization)

QuotaResponse

Name Path Type Description
user
 user User
organization
 organization Organization

User

Name Path Type Description
Owner
 owner string

Organization users
Organization
 organization string

User organization
GUID
 guid string

GUID of user
Keyword Monitors
 counts.keyword_monitors integer

Keyword monitors used(User)
Search API
 counts.search_api integer

Search api of counts(User)
Basic Monitors
 counts.basic_monitors integer

Basic monitors used(User)
Search Web
 counts.search_web integer

Search web of counts(User)
Projects Private
 counts.projects_private integer

Private projects used(User)
Projects Public
 counts.projects_public integer

Public projects used(User)
Search API
 freebies.search_api integer

Search api of freebies(User)
Search Web
 freebies.search_web integer

Search web of freebies(User)
Analysis
 profile.analysis string

Analysis profile(User)
Workflow
 profile.workflow string

Workflow profile(User)
Search API
 limits.search_api integer

Search api of limits(User)
Basic Monitors
 limits.basic_monitors integer

Basic monitor limit(User)
Monitor Results
 limits.monitor_results integer

Monitor results limit(User)
Projects Private
 limits.projects_private integer

Private project limit(User)
Monitor Frequency
 limits.monitor_frequency string

Monitor frequency(User)
Keyword Monitors
 limits.keyword_monitors integer

Keyword monitor limit(User)
Search Web
 limits.search_web integer

Search web of limits(User)
Projects Public
 limits.projects_public integer

Public project limit(User)
Create Crawls
 limits.create_crawls integer

Crawl limits(User)
Crawl Submissions
 limits.crawl_submissions integer

Crawl submission limits(User)
Quota Interval
 quotaInterval string

Quota interval of user
Use Monthly Quota Inactive
 useMonthlyQuotaInactive boolean

Use monthly quota inactive of user
Search API
 licenseCounts.searchApi integer

Search api of license counts(User)
Search Web
 licenseCounts.searchWeb integer

Search web of license counts(User)
Search API
 licenseLimits.searchApi integer

Search api of license limits(User)
Search Web
 licenseLimits.searchWeb integer

Search web of license limits(User)
Next Reset
 next_reset string

Next reset of user
Last Reset
 last_reset string

Last quota reset for user
Username
 username string

Username of user
event_code
 event_code anyVariableValue

The value of the variable.
event_code_expiration
 event_code_expiration anyVariableValue

The value of the variable.

SourcesResponse

Name Path Type Description
sources
 sources array of Source

Source

Name Path Type Description
Controllable
 controllable boolean
Active
 active boolean
Password
 configuration.password string

Source password
Username
 configuration.username string

Source username
Token
 configuration.token string

Source configuration token
Type
 type array of string
Access
 access array of string
Description
 description string
Auth Required
 authRequired boolean
Website
 website string
Label
 label string
Auth
 auth boolean
API Key
 authMethod.apiKey string
Password
 authMethod.password string

Password auth method
Username
 authMethod.username string

Username auth method
Token
 authMethod.token string

Token auth method
Token Key
 authMethod.token_key string
Token Secret
 authMethod.token_secret string
Private Key
 authMethod.private_key string
Source
 source string
org_configuration
 org_configuration anyVariableValue

The value of the variable.

TeamstreamResponse

Name Path Type Description
history
 history anyVariableValue

The value of the variable.
teamstream
 teamstream array of Teamstream

Teamstream

Name Path Type Description
Focus
 focus string
Source
 source string
Username
 username string
Type
 type string
Context
 context integer
GUID
 guid string
Date
 dt string

ClassificationsResponse

Name Path Type Description
Malicious
 malicious array of string
Non Malicious
 non_malicious array of string
Suspicious
 suspicious array of string
Unknown
 unknown array of string

TagActionResponse

Name Path Type Description
Tags
 tags array of string

BulkClassificationResponse

Name Path Type Description
Success
 success boolean
Results
 results object

ClassificationInfo

Name Path Type Description
Classification
 classification string

CompromisedStatusResponse

Name Path Type Description
Ever Compromised
 everCompromised boolean

DynamicDnsResponse

Name Path Type Description
Dynamic DNS
 dynamicDns boolean

MonitorStatusResponse

Name Path Type Description
Monitor
 monitor boolean

SinkholeStatusResponse

Name Path Type Description
Sinkhole
 sinkhole boolean

ActionSearchTagResponse

Name Path Type Description
results
 results SearchTagElement

SearchTagElement

Name Path Type Description
Focus
 focus string
User Tags
 user_tags array of string
System Tags
 system_tags array of string
Global Tags
 global_tags array of string
Tags
 tags array of string
Tag Meta
 tag_meta object
Username
 username string

SingleArtifactResponse

Name Path Type Description
Monitor
 monitor boolean
Type
 type string
Owner
 owner string
Monitorable
 monitorable boolean
Creator
 creator string
GUID
 guid string
Project
 project string

Project where artifact is located
Success
 success boolean
Organization
 organization string
Created
 created string
Query
 query string
System Tags
 system_tags array of string
User Tags
 user_tags array of string
Global Tags
 global_tags array of string
Tag Meta
 tag_meta object
Tag
 links.tag string
Self
 links.self string
Project
 links.project string

Link to projects

ArticlesIndicatorsResponse

Name Path Type Description
Success
 success boolean
indicators
 indicators array of Indicators
Total Records
 totalRecords integer

Indicators

Name Path Type Description
Source
 source string
Value
 value string
Type
 type string
GUID
 guid string
Link
 link string
Published Date
 publishedDate string
Tags
 tags array of string

ArticlesResponse

Name Path Type Description
GUID
 guid string
Title
 title string
Summary
 summary string
Type
 type string

Indicators type
Published Date
 publishedDate string
Link
 link string
Tags
 tags array of string
Categories
 categories array of string
indicators
 indicators array of object
Type
 indicators.type string

Indicators type
Count
 indicators.count integer
Values
 indicators.values array of string
Source
 indicators.source string

ArticlesListResponse

Name Path Type Description
Success
 success boolean
articles
 articles anyVariableValue

The value of the variable.
Total Records
 totalRecords integer

SummaryDataCardResponse

Name Path Type Description
Type
 type string
Name
 name string
Link
 link string
Net Block
 netblock string
OS
 os string
ASN
 asn string
Hosting Provider
 hosting_provider string
Count
 data_summary.resolutions.count integer

Count of resolutions
Link
 data_summary.resolutions.link string

Link to resolutions
Count
 data_summary.certificates.count integer

Count of certificates
Link
 data_summary.certificates.link string

Link to certificates
Count
 data_summary.hashes.count integer

Count of hashes
Link
 data_summary.hashes.link string

Link to hashes
Count
 data_summary.projects.count integer

Count of projects
Link
 data_summary.projects.link string

Link to projects
Count
 data_summary.articles.count integer

Count of articles
Link
 data_summary.articles.link string

Link to articles
Count
 data_summary.trackers.count integer

Count of trackers
Link
 data_summary.trackers.link string

Link to trackers
Count
 data_summary.components.count integer

Count of components
Link
 data_summary.components.link string

Link to components
Count
 data_summary.host_pairs.count integer

Count of host pairs
Link
 data_summary.host_pairs.link string

Link to host pairs
Count
 data_summary.cookies.count integer

Count of cookies
Link
 data_summary.cookies.link string

Link to cookies
Count
 data_summary.reverse_dns.count integer

Count of reverse dns
Link
 data_summary.reverse_dns.link string

Link to reverse dns
Count
 data_summary.services.count integer

Count of services
Link
 data_summary.services.link string

Link to services

EnrichmentResponse

Name Path Type Description
Classification
 classification string
Sinkhole
 sinkhole boolean
Ever Compromised
 everCompromised boolean
Query Type
 queryType string
Query Value
 queryValue string
Primary Domain
 primaryDomain string
TLD
 tld string
Subdomains
 subdomains array of string
Tag Meta
 tag_meta object
Global Tags
 global_tags array of string
Tags
 tags array of string
System Tags
 system_tags array of string
Dynamic DNS
 dynamicDns boolean
Autonomous System Number
 autonomousSystemNumber integer
Autonomous System Name
 autonomousSystemName string
Network
 network string
Country
 country string
Longitude
 longitude float
Latitude
 latitude float
dynamic
 dynamic anyVariableValue

The value of the variable.

EnrichmentMalwareResponse

Name Path Type Description
Success
 success boolean
results
 results array of EnrichmentMalwareResult

EnrichmentMalwareResult

Name Path Type Description
Collection Date
 collectionDate string
Sample
 sample string
Source
 source string
Source URL
 sourceUrl string

EnrichmentOsintResponse

Name Path Type Description
Success
 success boolean
results
 results array of EnrichmentOsintResult

EnrichmentOsintResult

Name Path Type Description
Derived
 derived array of
In Reports
 inReport array of string
Source
 source string
Source URL
 sourceUrl string
Tags
 tags array of string
Indicators
 indicators array of
Compromised
 compromised array of

EnrichmentSubdomainsResponse

Name Path Type Description
Success
 success boolean
Primary Domain
 primaryDomain string
Subdomains
 subdomains array of string
Query Value
 queryValue string

ServicesResponse

Name Path Type Description
Success
 success boolean
Total Records
 totalRecords integer
results
 results array of object
First Seen
 results.firstSeen string

Results first seen
Last Seen
 results.lastSeen string

Results last seen
Last Scan
 results.lastScan string
Port Number
 results.portNumber integer
Count
 results.count integer

Count of results
Status
 results.status string
Protocol
 results.protocol string
banners
 results.banners array of object
Banner
 results.banners.banner string
Scan Type
 results.banners.scanType string
First Seen
 results.banners.firstSeen string

Banner first seen
Last Seen
 results.banners.lastSeen string

Banner last seen
Count
 results.banners.count integer

Banner count
currentServices
 results.currentServices array of object
First Seen
 results.currentServices.firstSeen string

Current service first seen
Last Seen
 results.currentServices.lastSeen string

Current service last seen
Version
 results.currentServices.version string

Current service version
Category
 results.currentServices.category string

Current service category
Label
 results.currentServices.label string

Current service label
recentServices
 results.recentServices array of object
First Seen
 results.recentServices.firstSeen string

Recent service first seen
Last Seen
 results.recentServices.lastSeen string

Recent service last seen
Version
 results.recentServices.version string

Recent service version
Category
 results.recentServices.category string

Recent service category
Label
 results.recentServices.label string

Recent service label
First Seen
 results.mostRecentSslCert.firstSeen integer

Most recent ssl cert first seen
Last Seen
 results.mostRecentSslCert.lastSeen integer

Most recent ssl cert last seen
Finger Print
 results.mostRecentSslCert.fingerprint string
SSL Version
 results.mostRecentSslCert.sslVersion string
Expiration Date
 results.mostRecentSslCert.expirationDate string
Issue Date
 results.mostRecentSslCert.issueDate string
SHA1
 results.mostRecentSslCert.sha1 string
Serial Number
 results.mostRecentSslCert.serialNumber string
Subject Country
 results.mostRecentSslCert.subjectCountry string
Issuer Common Name
 results.mostRecentSslCert.issuerCommonName string
Issuer Province
 results.mostRecentSslCert.issuerProvince string
Subject State Or Province Name
 results.mostRecentSslCert.subjectStateOrProvinceName string
Subject Street Address
 results.mostRecentSslCert.subjectStreetAddress string
Issuer State Or Province Name
 results.mostRecentSslCert.issuerStateOrProvinceName string
Subject Surname
 results.mostRecentSslCert.subjectSurname string
Issuer Country
 results.mostRecentSslCert.issuerCountry string
Subject Locality Name
 results.mostRecentSslCert.subjectLocalityName string
Issuer Organization Unit Name
 results.mostRecentSslCert.issuerOrganizationUnitName string
Issuer Organization Name
 results.mostRecentSslCert.issuerOrganizationName string
Subject Email Address
 results.mostRecentSslCert.subjectEmailAddress string
Subject Organization Name
 results.mostRecentSslCert.subjectOrganizationName string
Issuer Locality Name
 results.mostRecentSslCert.issuerLocalityName string
Subject Common Name
 results.mostRecentSslCert.subjectCommonName string
Subject Province
 results.mostRecentSslCert.subjectProvince string
Issuer Given Name
 results.mostRecentSslCert.issuerGivenName string
Subject Organization Unit Name
 results.mostRecentSslCert.subjectOrganizationUnitName string
Issuer Email Address
 results.mostRecentSslCert.issuerEmailAddress string
Subject Given Name
 results.mostRecentSslCert.subjectGivenName string
Subject Serial Number
 results.mostRecentSslCert.subjectSerialNumber string
Issuer Street Address
 results.mostRecentSslCert.issuerStreetAddress string
Issuer Serial Number
 results.mostRecentSslCert.issuerSerialNumber string
Issuer Surname
 results.mostRecentSslCert.issuerSurname string
Subject Alternative Names
 results.mostRecentSslCert.subjectAlternativeNames array of string

MonitorResponse

Name Path Type Description
Results
 results object
error
 error anyVariableValue

The value of the variable.
Total Records
 totalRecords integer
Success
 success boolean

ProjectResponse

Name Path Type Description
Visibility
 visibility string
Owner
 owner string
Active
 active boolean
Description
 description string
Subscribers
 subscribers array of string
Creator
 creator string
GUID
 guid string
Featured
 featured boolean
Tags
 tags array of string
Collaborators
 collaborators array of string
Name
 name string
Created
 created string
Organization
 organization string
Tag
 links.tag string

Link to tags
Self
 links.self string
Artifact
 links.artifact string
Success
 success boolean
Can Edit
 can_edit boolean
link
 link anyVariableValue

The value of the variable.

SSLResponse

Name Path Type Description
Success
 success boolean
Overall Total Records
 overallTotalRecords integer
results
 results array of SSLResponseResult

SSLResponseResult

Name Path Type Description
First Seen
 firstSeen integer
Last Seen
 lastSeen integer
Finger Print
 fingerprint string
SSL Version
 sslVersion string
Expiration Date
 expirationDate string
Issue Date
 issueDate string
SHA1
 sha1 string
Serial Number
 serialNumber string
Subject Country
 subjectCountry string
Issuer Common Name
 issuerCommonName string
Issuer Province
 issuerProvince string
Subject State Or Province Name
 subjectStateOrProvinceName string
Subject Street Address
 subjectStreetAddress string
Issuer State Or Province Name
 issuerStateOrProvinceName string
Subject Surname
 subjectSurname string
Issuer Country
 issuerCountry string
Subject Locality Name
 subjectLocalityName string
Issuer Organization Unit Name
 issuerOrganizationUnitName string
Issuer Organization Name
 issuerOrganizationName string
Subject Email Address
 subjectEmailAddress string
Subject Organization Name
 subjectOrganizationName string
Issuer Locality Name
 issuerLocalityName string
Subject Common Name
 subjectCommonName string
Subject Province
 subjectProvince string
Issuer Given Name
 issuerGivenName string
Subject Organization Unit Name
 subjectOrganizationUnitName string
Issuer Email Address
 issuerEmailAddress string
Subject Given Name
 subjectGivenName string
Subject Serial Number
 subjectSerialNumber string
Issuer Street Address
 issuerStreetAddress string
Issuer Serial Number
 issuerSerialNumber string
Issuer Surname
 issuerSurname string
Subject Alternative Names
 subjectAlternativeNames array of string

SSLSearchKeywordResponse

Name Path Type Description
Query Value
 queryValue string
results
 results array of SSLSearchKeywordResult
Success
 success boolean

SSLSearchKeywordResult

Name Path Type Description
Match Type
 matchType string
Field Match
 fieldMatch string
Focus Point
 focusPoint string

SSLHistoryResponse

Name Path Type Description
results
 results array of SSLHistoryResult
Success
 success boolean

SSLHistoryResult

Name Path Type Description
SHA1
 sha1 string
First Seen
 firstSeen string
IP Addresses
 ipAddresses array of string
Last Seen
 lastSeen string

SSLSearchResponse

Name Path Type Description
Query Value
 queryValue string
results
 results array of SSLResponseResult
Success
 success boolean
Overall Total Records
 overallTotalRecords integer

ArtifactTagResponse

Name Path Type Description
Tags
 tags array of string
System Tags
 system_tags array of string
Tag Meta
 tag_meta object
User Tags
 user_tags array of string
Success
 success boolean

TrackersSearchResponse

Name Path Type Description
results
 results array of TrackersSearchResult
Total Records
 totalRecords integer
Success
 success boolean

TrackersSearchResult

Name Path Type Description
Entity
 entity string
Last Seen
 lastSeen string
First Seen
 firstSeen string

ComponentInfo

Name Path Type Description
Success
 success boolean
Total Records
 totalRecords integer
results
 results array of object
First Seen
 results.firstSeen string
Last Seen
 results.lastSeen string
Version
 results.version string
Category
 results.category string
Label
 results.label string
Host Name
 results.hostname string
Address
 results.address string

PairInfo

Name Path Type Description
Success
 success boolean
Total Records
 totalRecords integer
results
 results array of object
First Seen
 results.firstSeen string
Last Seen
 results.lastSeen string
Cause
 results.cause string
Parent
 results.parent string
Child
 results.child string

TrackerInfo

Name Path Type Description
Success
 success boolean
Total Records
 totalRecords integer
results
 results array of object
First Seen
 results.firstSeen string
Last Seen
 results.lastSeen string
Attribute Value
 results.attributeValue string
Attribute Type
 results.attributeType string
Host Name
 results.hostname string
Address
 results.address string

CookiesResponse

Name Path Type Description
Total Records
 totalRecords integer
Success
 success boolean
results
 results array of CookieInfo

CookieInfo

Name Path Type Description
Cookie Domain
 cookieDomain string
Cookie Name
 cookieName string
Last Seen
 lastSeen string
First Seen
 firstSeen string
Host Name
 hostname string

CookiesSearchResponse

Name Path Type Description
Success
 success boolean
Total Records
 totalRecords integer
results
 results array of object
First Seen
 results.firstSeen string
Last Seen
 results.lastSeen string
Host Name
 results.hostname string
Cookie Name
 results.cookieName string
Cookie Domain
 results.cookieDomain string

ComponentsSearchAddressesResponse

Name Path Type Description
Success
 success boolean
Total Records
 totalRecords integer
results
 results array of object
First Seen
 results.firstSeen string
Last Seen
 results.lastSeen string
Version
 results.version string
Category
 results.category string
Label
 results.label string
Address
 results.address string

ComponentsSearchHostsResponse

Name Path Type Description
Success
 success boolean
Total Records
 totalRecords integer
results
 results array of object
First Seen
 results.firstSeen string
Last Seen
 results.lastSeen string
Version
 results.version string
Category
 results.category string
Label
 results.label string
Host Name
 results.hostname string

PassiveDnsSearchResponse

Name Path Type Description
Total Records
 totalRecords integer
First Seen
 firstSeen string

First seen of passive dns search
Last Seen
 lastSeen string

Last seen of passive dns search
results
 results array of DnsSearchResult
Query Type
 queryType string
Pager
 pager string
Query Value
 queryValue string

DnsSearchResult

Name Path Type Description
First Seen
 firstSeen string

First seen of results
Resolve Type
 resolveType string
Value
 value string
Record Hash
 recordHash string
Last Seen
 lastSeen string

Last seen of results
Resolve
 resolve string
Source
 source array of string
Record Type
 recordType string
Collected
 collected string

PassiveUniqueDnsSearchResponse

Name Path Type Description
Pager
 pager string
Frequency
 frequency array of array
items
 frequency array of
Query Value
 queryValue string
Results
 results array of string
Query Type
 queryType string
Total
 total integer

KeywordDnsSearchResponse

Name Path Type Description
results
 results array of DnsKeywordSearchMatch
Query Value
 queryValue string

DnsKeywordSearchMatch

Name Path Type Description
Field Match
 fieldMatch string
Focus Point
 focusPoint string
Match Type
 matchType string

KeywordSearchResult

Name Path Type Description
Match Type
 matchType string
Field Match
 fieldMatch string
Focus Point
 focusPoint string

WhoisKeywordSearchResponse

Name Path Type Description
Query Value
 queryValue string
results
 results array of KeywordSearchResult
Total Records
 totalrecords integer

ResultListResponse

Name Path Type Description
Success
 success boolean
results
 results array of WhoisSearchResult
Total Records
 totalrecords integer

WhoisSearchResult

Name Path Type Description
Telephone
 telephone string
Name Servers
 nameServers array of string
Billing
 billing object
Zone
 zone object
Admin
 admin object
Tech
 tech object
Registrant
 registrant object
Registry Updated At
 registryUpdatedAt string
Organization
 organization string
Contact Email
 contactEmail string
Registered
 registered string
Last Loaded At
 lastLoadedAt string
Expires At
 expiresAt string
Domain
 domain string
WHOIS Server
 whoisServer string
Name
 name string
Registrar
 registrar string
Raw Text
 rawText string

EnrichmentBulkResponse

Name Path Type Description
Results
 results object

MalwareBulkSearchResults

Name Path Type Description
Success
 success boolean
Results
 results object

OsintBulkResponse

Name Path Type Description
Success
 success boolean
Results
 results object

ReputationResponse

Name Path Type Description
Score
 score integer
Classification
 classification string
rules
 rules array of ReputationRules

ReputationRules

Name Path Type Description
Name
 name string
Description
 description string
Severity
 severity integer
Link
 link string

IntelProfilesResponse

Name Path Type Description
Id
 id string
Title
 title string
Link
 link string
Osint Indicators Count
 osintIndicatorsCount integer
Riskiq Indicators Count
 riskIqIndicatorsCount integer
Indicators
 indicators string
tags
 tags array of IntelProfileTag
Aliases
 aliases array of string

IntelProfilesListResponse

Name Path Type Description
Total Count
 totalCount integer
results
 results array of IntelProfilesResponse

IntelProfileTag

Name Path Type Description
Label
 label string
Country Code
 countryCode string

IntelProfilesIndicatorListResponse

Name Path Type Description
Total Count
 totalCount integer
Types
 types array of string
results
 results array of IntelProfileIndicator

IntelProfileIndicator

Name Path Type Description
Id
 id string
Profile Id
 profileId string
Type
 type string

Type of intel profile indicator
Value
 value string
Category
 category string
First Seen
 firstSeen string
Last Seen
 lastSeen string
Osint
 osint boolean
Osint Url
 osintUrl string
Article Guids
 articleGuids array of string

VendorInfo

Name Path Type Description
Id
 id integer
Name
 name string
Observation Count
 priorities.high.observationCount integer

High prioirity observation count
Link
 priorities.high.link string

High priority link
Observation Count
 priorities.medium.observationCount integer

Medium prioirity observation count
Link
 priorities.medium.link string

Medium priority link
Observation Count
 priorities.low.observationCount integer

Low prioirity observation count
Link
 priorities.low.link string

Low priority link

AttackSurfaceResponse

Name Path Type Description
Total Count
 totalCount integer
Total Pages
 totalPages integer
NextPage
 nextPage string
vendors
 vendors array of VendorInfo

AttackSurfacePriorityResponse

Name Path Type Description
Active Insight Count
 activeInsightCount integer
Total Insight Count
 totalInsightCount integer
Total Observations
 totalObservations integer
insights
 insights array of InsightInfo

InsightInfo

Name Path Type Description
Name
 name string
Description
 description string
Observation Count
 observationCount integer
Link
 link string

AttackSurfaceInsightResponse

Name Path Type Description
Total Count
 totalCount integer
Total Pages
 totalPages integer
Next Page
 nextPage string
assets
 assets array of AssetInfo

AssetInfo

Name Path Type Description
Type
 type string
Name
 name string
First Seen
 firstSeen string
Last Seen
 lastSeen string

AttackSurfaceCveResponse

Name Path Type Description
Total Count
 totalCount integer
Total Pages
 totalPages integer
Next Page
 nextPage string
cves
 cves array of CveInfo

AttackSurfaceCveObservationsResponse

Name Path Type Description
Total Count
 totalCount integer
Total Pages
 totalPages integer
Next Page
 nextPage string
Cve Id
 cveId string
cwes
 cwes array of CweInfo
assets
 assets array of AssetInfo

VulnerableComponentResponse

Name Path Type Description
Total Count
 totalCount integer
Total Pages
 totalPages integer
Next Page
 nextPage string
vulnerableComponents
 vulnerableComponents array of VulnerableComponent

VulnerableComponent

Name Path Type Description
Name
 name string
Type
 type string
Severity
 severity string
Count
 count integer

CveInfo

Name Path Type Description
Cve Id
 cveId string
Priority Score
 priorityScore number
Observation Count
 observationCount integer
Cve Link
 cveLink string
cwes
 cwes array of CweInfo

CweInfo

Name Path Type Description
Cwe Id
 cweId string

anyVariableValue

The value of the variable.

The value of the variable.

object

This is the type 'object'.