# Cloudforce One # Scans # Results ## Get the Latest Scan Result `client.CloudforceOne.Scans.Results.Get(ctx, configID, query) (*ScanResultGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/scans/results/{config_id}` Get the Latest Scan Result ### Parameters - `configID string` Defines the Config ID. - `query ScanResultGetParams` - `AccountID param.Field[string]` Defines the Account ID. ### Returns - `type ScanResultGetResponse struct{…}` - `OneOneOneOne []ScanResult` - `Number float64` - `Proto string` - `Status string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) result, err := client.CloudforceOne.Scans.Results.Get( context.TODO(), "config_id", cloudforce_one.ScanResultGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", result.Number1.Number1.Number1.Number1) } ``` #### Response ```json { "errors": [ "string" ], "messages": [ "string" ], "result": { "1.1.1.1": [ { "number": 8080, "proto": "tcp", "status": "open" } ] }, "success": true } ``` ## Domain Types ### Scan Result - `type ScanResult struct{…}` - `Number float64` - `Proto string` - `Status string` # Config ## List Scan Configs `client.CloudforceOne.Scans.Config.List(ctx, query) (*SinglePage[ScanConfigListResponse], error)` **get** `/accounts/{account_id}/cloudforce-one/scans/config` List Scan Configs ### Parameters - `query ScanConfigListParams` - `AccountID param.Field[string]` Defines the Account ID. ### Returns - `type ScanConfigListResponse struct{…}` - `ID string` Defines the Config ID. - `AccountID string` - `Frequency float64` Defines the number of days between each scan (0 = One-off scan). - `IPs []string` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `Ports []string` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.CloudforceOne.Scans.Config.List(context.TODO(), cloudforce_one.ScanConfigListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "uuid", "account_id": "abcd1234abcd1234abcd1234abcd1234", "frequency": 7, "ips": [ "1.1.1.1", "2606:4700:4700::1111" ], "ports": [ "default" ] } ] } ``` ## Create a new Scan Config `client.CloudforceOne.Scans.Config.New(ctx, params) (*ScanConfigNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/scans/config` Create a new Scan Config ### Parameters - `params ScanConfigNewParams` - `AccountID param.Field[string]` Path param: Defines the Account ID. - `IPs param.Field[[]string]` Body param: Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `Frequency param.Field[float64]` Body param: Defines the number of days between each scan (0 = One-off scan). - `Ports param.Field[[]string]` Body param: Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Returns - `type ScanConfigNewResponse struct{…}` - `ID string` Defines the Config ID. - `AccountID string` - `Frequency float64` Defines the number of days between each scan (0 = One-off scan). - `IPs []string` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `Ports []string` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) config, err := client.CloudforceOne.Scans.Config.New(context.TODO(), cloudforce_one.ScanConfigNewParams{ AccountID: cloudflare.F("account_id"), IPs: cloudflare.F([]string{"1.1.1.1", "2606:4700:4700::1111"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", config.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "uuid", "account_id": "abcd1234abcd1234abcd1234abcd1234", "frequency": 7, "ips": [ "1.1.1.1", "2606:4700:4700::1111" ], "ports": [ "default" ] } } ``` ## Update an existing Scan Config `client.CloudforceOne.Scans.Config.Edit(ctx, configID, params) (*ScanConfigEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/scans/config/{config_id}` Update an existing Scan Config ### Parameters - `configID string` Defines the Config ID. - `params ScanConfigEditParams` - `AccountID param.Field[string]` Path param: Defines the Account ID. - `Frequency param.Field[float64]` Body param: Defines the number of days between each scan (0 = One-off scan). - `IPs param.Field[[]string]` Body param: Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `Ports param.Field[[]string]` Body param: Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Returns - `type ScanConfigEditResponse struct{…}` - `ID string` Defines the Config ID. - `AccountID string` - `Frequency float64` Defines the number of days between each scan (0 = One-off scan). - `IPs []string` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `Ports []string` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.Scans.Config.Edit( context.TODO(), "config_id", cloudforce_one.ScanConfigEditParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "uuid", "account_id": "abcd1234abcd1234abcd1234abcd1234", "frequency": 7, "ips": [ "1.1.1.1", "2606:4700:4700::1111" ], "ports": [ "default" ] } } ``` ## Delete a Scan Config `client.CloudforceOne.Scans.Config.Delete(ctx, configID, body) (*ScanConfigDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/scans/config/{config_id}` Delete a Scan Config ### Parameters - `configID string` Defines the Config ID. - `body ScanConfigDeleteParams` - `AccountID param.Field[string]` Defines the Account ID. ### Returns - `type ScanConfigDeleteResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) config, err := client.CloudforceOne.Scans.Config.Delete( context.TODO(), "config_id", cloudforce_one.ScanConfigDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", config) } ``` #### Response ```json { "errors": [ "string" ], "messages": [ "string" ], "result": {}, "success": true } ``` # Binary Storage ## Retrieves a file from Binary Storage `client.CloudforceOne.BinaryStorage.Get(ctx, hash, query) error` **get** `/accounts/{account_id}/cloudforce-one/binary/{hash}` Retrieves a file from Binary Storage ### Parameters - `hash string` hash of the binary - `query BinaryStorageGetParams` - `AccountID param.Field[string]` Account ID. ### Example ```go package main import ( "context" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) err := client.CloudforceOne.BinaryStorage.Get( context.TODO(), "hash", cloudforce_one.BinaryStorageGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } } ``` ## Posts a file to Binary Storage `client.CloudforceOne.BinaryStorage.New(ctx, params) (*BinaryStorageNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/binary` Posts a file to Binary Storage ### Parameters - `params BinaryStorageNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `File param.Field[Reader]` Body param: The binary file content to upload. ### Returns - `type BinaryStorageNewResponse struct{…}` - `ContentType string` - `Md5 string` - `Sha1 string` - `Sha256 string` ### Example ```go package main import ( "bytes" "context" "fmt" "io" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) binaryStorage, err := client.CloudforceOne.BinaryStorage.New(context.TODO(), cloudforce_one.BinaryStorageNewParams{ AccountID: cloudflare.F("account_id"), File: cloudflare.F(io.Reader(bytes.NewBuffer([]byte("Example data")))), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", binaryStorage.ContentType) } ``` #### Response ```json { "content_type": "text/plain", "md5": "5d84ade76d2a8387c81175bb0cbe6492", "sha1": "9aff6879626d957eafadda044e4f879aae1e7278", "sha256": "0000a7f2692ef479e2e3d02661568882cadec451cc8a64d4e7faca29810cd626" } ``` # Requests ## List Requests `client.CloudforceOne.Requests.List(ctx, params) (*SinglePage[ListItem], error)` **post** `/accounts/{account_id}/cloudforce-one/requests` List Requests ### Parameters - `params RequestListParams` - `AccountID param.Field[string]` Path param: Identifier. - `Page param.Field[int64]` Body param: Page number of results. - `PerPage param.Field[int64]` Body param: Number of results per page. - `CompletedAfter param.Field[Time]` Body param: Retrieve requests completed after this time. - `CompletedBefore param.Field[Time]` Body param: Retrieve requests completed before this time. - `CreatedAfter param.Field[Time]` Body param: Retrieve requests created after this time. - `CreatedBefore param.Field[Time]` Body param: Retrieve requests created before this time. - `RequestType param.Field[string]` Body param: Requested information from request. - `SortBy param.Field[string]` Body param: Field to sort results by. - `SortOrder param.Field[RequestListParamsSortOrder]` Body param: Sort order (asc or desc). - `const RequestListParamsSortOrderAsc RequestListParamsSortOrder = "asc"` - `const RequestListParamsSortOrderDesc RequestListParamsSortOrder = "desc"` - `Status param.Field[RequestListParamsStatus]` Body param: Request Status. - `const RequestListParamsStatusOpen RequestListParamsStatus = "open"` - `const RequestListParamsStatusAccepted RequestListParamsStatus = "accepted"` - `const RequestListParamsStatusReported RequestListParamsStatus = "reported"` - `const RequestListParamsStatusApproved RequestListParamsStatus = "approved"` - `const RequestListParamsStatusCompleted RequestListParamsStatus = "completed"` - `const RequestListParamsStatusDeclined RequestListParamsStatus = "declined"` ### Returns - `type ListItem struct{…}` - `ID string` UUID. - `Created Time` Request creation time. - `Priority ListItemPriority` - `const ListItemPriorityRoutine ListItemPriority = "routine"` - `const ListItemPriorityHigh ListItemPriority = "high"` - `const ListItemPriorityUrgent ListItemPriority = "urgent"` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ListItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ListItemTLPClear ListItemTLP = "clear"` - `const ListItemTLPAmber ListItemTLP = "amber"` - `const ListItemTLPAmberStrict ListItemTLP = "amber-strict"` - `const ListItemTLPGreen ListItemTLP = "green"` - `const ListItemTLPRed ListItemTLP = "red"` - `Updated Time` Request last updated time. - `Completed Time` Request completion time. - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ListItemStatus` Request Status. - `const ListItemStatusOpen ListItemStatus = "open"` - `const ListItemStatusAccepted ListItemStatus = "accepted"` - `const ListItemStatusReported ListItemStatus = "reported"` - `const ListItemStatusApproved ListItemStatus = "approved"` - `const ListItemStatusCompleted ListItemStatus = "completed"` - `const ListItemStatusDeclined ListItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.CloudforceOne.Requests.List(context.TODO(), cloudforce_one.RequestListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Page: cloudflare.F(int64(0)), PerPage: cloudflare.F(int64(10)), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2022-04-01T00:00:00Z", "priority": "routine", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T00:00:00Z", "completed": "2024-01-01T00:00:00Z", "message_tokens": 16, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 0 } ] } ``` ## Get a Request `client.CloudforceOne.Requests.Get(ctx, requestID, query) (*Item, error)` **get** `/accounts/{account_id}/cloudforce-one/requests/{request_id}` Get a Request ### Parameters - `requestID string` UUID. - `query RequestGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type Item struct{…}` - `ID string` UUID. - `Content string` Request content. - `Created Time` - `Priority Time` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ItemTLPClear ItemTLP = "clear"` - `const ItemTLPAmber ItemTLP = "amber"` - `const ItemTLPAmberStrict ItemTLP = "amber-strict"` - `const ItemTLPGreen ItemTLP = "green"` - `const ItemTLPRed ItemTLP = "red"` - `Updated Time` - `Completed Time` - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ItemStatus` Request Status. - `const ItemStatusOpen ItemStatus = "open"` - `const ItemStatusAccepted ItemStatus = "accepted"` - `const ItemStatusReported ItemStatus = "reported"` - `const ItemStatusApproved ItemStatus = "approved"` - `const ItemStatusCompleted ItemStatus = "completed"` - `const ItemStatusDeclined ItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) item, err := client.CloudforceOne.Requests.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", item.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Create a New Request. `client.CloudforceOne.Requests.New(ctx, params) (*Item, error)` **post** `/accounts/{account_id}/cloudforce-one/requests/new` Creating a request adds the request into the Cloudforce One queue for analysis. In addition to the content, a short title, type, priority, and releasability should be provided. If one is not provided, a default will be assigned. ### Parameters - `params RequestNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `Content param.Field[string]` Body param: Request content. - `Priority param.Field[string]` Body param: Priority for analyzing the request. - `RequestType param.Field[string]` Body param: Requested information from request. - `Summary param.Field[string]` Body param: Brief description of the request. - `TLP param.Field[RequestNewParamsTLP]` Body param: The CISA defined Traffic Light Protocol (TLP). - `const RequestNewParamsTLPClear RequestNewParamsTLP = "clear"` - `const RequestNewParamsTLPAmber RequestNewParamsTLP = "amber"` - `const RequestNewParamsTLPAmberStrict RequestNewParamsTLP = "amber-strict"` - `const RequestNewParamsTLPGreen RequestNewParamsTLP = "green"` - `const RequestNewParamsTLPRed RequestNewParamsTLP = "red"` ### Returns - `type Item struct{…}` - `ID string` UUID. - `Content string` Request content. - `Created Time` - `Priority Time` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ItemTLPClear ItemTLP = "clear"` - `const ItemTLPAmber ItemTLP = "amber"` - `const ItemTLPAmberStrict ItemTLP = "amber-strict"` - `const ItemTLPGreen ItemTLP = "green"` - `const ItemTLPRed ItemTLP = "red"` - `Updated Time` - `Completed Time` - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ItemStatus` Request Status. - `const ItemStatusOpen ItemStatus = "open"` - `const ItemStatusAccepted ItemStatus = "accepted"` - `const ItemStatusReported ItemStatus = "reported"` - `const ItemStatusApproved ItemStatus = "approved"` - `const ItemStatusCompleted ItemStatus = "completed"` - `const ItemStatusDeclined ItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) item, err := client.CloudforceOne.Requests.New(context.TODO(), cloudforce_one.RequestNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", item.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Update a Request `client.CloudforceOne.Requests.Update(ctx, requestID, params) (*Item, error)` **put** `/accounts/{account_id}/cloudforce-one/requests/{request_id}` Updating a request alters the request in the Cloudforce One queue. This API may be used to update any attributes of the request after the initial submission. Only fields that you choose to update need to be add to the request body. ### Parameters - `requestID string` UUID. - `params RequestUpdateParams` - `AccountID param.Field[string]` Path param: Identifier. - `Content param.Field[string]` Body param: Request content. - `Priority param.Field[string]` Body param: Priority for analyzing the request. - `RequestType param.Field[string]` Body param: Requested information from request. - `Summary param.Field[string]` Body param: Brief description of the request. - `TLP param.Field[RequestUpdateParamsTLP]` Body param: The CISA defined Traffic Light Protocol (TLP). - `const RequestUpdateParamsTLPClear RequestUpdateParamsTLP = "clear"` - `const RequestUpdateParamsTLPAmber RequestUpdateParamsTLP = "amber"` - `const RequestUpdateParamsTLPAmberStrict RequestUpdateParamsTLP = "amber-strict"` - `const RequestUpdateParamsTLPGreen RequestUpdateParamsTLP = "green"` - `const RequestUpdateParamsTLPRed RequestUpdateParamsTLP = "red"` ### Returns - `type Item struct{…}` - `ID string` UUID. - `Content string` Request content. - `Created Time` - `Priority Time` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ItemTLPClear ItemTLP = "clear"` - `const ItemTLPAmber ItemTLP = "amber"` - `const ItemTLPAmberStrict ItemTLP = "amber-strict"` - `const ItemTLPGreen ItemTLP = "green"` - `const ItemTLPRed ItemTLP = "red"` - `Updated Time` - `Completed Time` - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ItemStatus` Request Status. - `const ItemStatusOpen ItemStatus = "open"` - `const ItemStatusAccepted ItemStatus = "accepted"` - `const ItemStatusReported ItemStatus = "reported"` - `const ItemStatusApproved ItemStatus = "approved"` - `const ItemStatusCompleted ItemStatus = "completed"` - `const ItemStatusDeclined ItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) item, err := client.CloudforceOne.Requests.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", item.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Delete a Request `client.CloudforceOne.Requests.Delete(ctx, requestID, body) (*RequestDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/requests/{request_id}` Delete a Request ### Parameters - `requestID string` UUID. - `body RequestDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type RequestDeleteResponse struct{…}` - `Errors []RequestDeleteResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestDeleteResponseErrorsSource` - `Pointer string` - `Messages []RequestDeleteResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestDeleteResponseMessagesSource` - `Pointer string` - `Success RequestDeleteResponseSuccess` Whether the API call was successful. - `const RequestDeleteResponseSuccessTrue RequestDeleteResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) request, err := client.CloudforceOne.Requests.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", request.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Get Request Quota `client.CloudforceOne.Requests.Quota(ctx, query) (*Quota, error)` **get** `/accounts/{account_id}/cloudforce-one/requests/quota` Get Request Quota ### Parameters - `query RequestQuotaParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type Quota struct{…}` - `AnniversaryDate Time` Anniversary date is when annual quota limit is refreshed. - `QuarterAnniversaryDate Time` Quarter anniversary date is when quota limit is refreshed each quarter. - `Quota int64` Tokens for the quarter. - `Remaining int64` Tokens remaining for the quarter. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) quota, err := client.CloudforceOne.Requests.Quota(context.TODO(), cloudforce_one.RequestQuotaParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", quota.AnniversaryDate) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "anniversary_date": "2022-04-01T00:00:00Z", "quarter_anniversary_date": "2022-04-01T00:00:00Z", "quota": 120, "remaining": 64 } } ``` ## Get Request Types `client.CloudforceOne.Requests.Types(ctx, query) (*SinglePage[string], error)` **get** `/accounts/{account_id}/cloudforce-one/requests/types` Get Request Types ### Parameters - `query RequestTypesParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type RequestTypesItem string` Request Types. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.CloudforceOne.Requests.Types(context.TODO(), cloudforce_one.RequestTypesParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ "Indicators of Compromise", "Victomology" ] } ``` ## Get Request Priority, Status, and TLP constants `client.CloudforceOne.Requests.Constants(ctx, query) (*RequestConstants, error)` **get** `/accounts/{account_id}/cloudforce-one/requests/constants` Get Request Priority, Status, and TLP constants ### Parameters - `query RequestConstantsParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type RequestConstants struct{…}` - `Priority []RequestConstantsPriority` - `const RequestConstantsPriorityRoutine RequestConstantsPriority = "routine"` - `const RequestConstantsPriorityHigh RequestConstantsPriority = "high"` - `const RequestConstantsPriorityUrgent RequestConstantsPriority = "urgent"` - `Status []RequestConstantsStatus` - `const RequestConstantsStatusOpen RequestConstantsStatus = "open"` - `const RequestConstantsStatusAccepted RequestConstantsStatus = "accepted"` - `const RequestConstantsStatusReported RequestConstantsStatus = "reported"` - `const RequestConstantsStatusApproved RequestConstantsStatus = "approved"` - `const RequestConstantsStatusCompleted RequestConstantsStatus = "completed"` - `const RequestConstantsStatusDeclined RequestConstantsStatus = "declined"` - `TLP []RequestConstantsTLP` - `const RequestConstantsTLPClear RequestConstantsTLP = "clear"` - `const RequestConstantsTLPAmber RequestConstantsTLP = "amber"` - `const RequestConstantsTLPAmberStrict RequestConstantsTLP = "amber-strict"` - `const RequestConstantsTLPGreen RequestConstantsTLP = "green"` - `const RequestConstantsTLPRed RequestConstantsTLP = "red"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) requestConstants, err := client.CloudforceOne.Requests.Constants(context.TODO(), cloudforce_one.RequestConstantsParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", requestConstants.Priority) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "priority": [ "routine", "high", "urgent" ], "status": [ "open", "accepted", "reported", "approved", "completed", "declined" ], "tlp": [ "clear", "green", "amber", "amber-strict", "red" ] } } ``` ## Domain Types ### Item - `type Item struct{…}` - `ID string` UUID. - `Content string` Request content. - `Created Time` - `Priority Time` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ItemTLPClear ItemTLP = "clear"` - `const ItemTLPAmber ItemTLP = "amber"` - `const ItemTLPAmberStrict ItemTLP = "amber-strict"` - `const ItemTLPGreen ItemTLP = "green"` - `const ItemTLPRed ItemTLP = "red"` - `Updated Time` - `Completed Time` - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ItemStatus` Request Status. - `const ItemStatusOpen ItemStatus = "open"` - `const ItemStatusAccepted ItemStatus = "accepted"` - `const ItemStatusReported ItemStatus = "reported"` - `const ItemStatusApproved ItemStatus = "approved"` - `const ItemStatusCompleted ItemStatus = "completed"` - `const ItemStatusDeclined ItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### List Item - `type ListItem struct{…}` - `ID string` UUID. - `Created Time` Request creation time. - `Priority ListItemPriority` - `const ListItemPriorityRoutine ListItemPriority = "routine"` - `const ListItemPriorityHigh ListItemPriority = "high"` - `const ListItemPriorityUrgent ListItemPriority = "urgent"` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ListItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ListItemTLPClear ListItemTLP = "clear"` - `const ListItemTLPAmber ListItemTLP = "amber"` - `const ListItemTLPAmberStrict ListItemTLP = "amber-strict"` - `const ListItemTLPGreen ListItemTLP = "green"` - `const ListItemTLPRed ListItemTLP = "red"` - `Updated Time` Request last updated time. - `Completed Time` Request completion time. - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ListItemStatus` Request Status. - `const ListItemStatusOpen ListItemStatus = "open"` - `const ListItemStatusAccepted ListItemStatus = "accepted"` - `const ListItemStatusReported ListItemStatus = "reported"` - `const ListItemStatusApproved ListItemStatus = "approved"` - `const ListItemStatusCompleted ListItemStatus = "completed"` - `const ListItemStatusDeclined ListItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### Quota - `type Quota struct{…}` - `AnniversaryDate Time` Anniversary date is when annual quota limit is refreshed. - `QuarterAnniversaryDate Time` Quarter anniversary date is when quota limit is refreshed each quarter. - `Quota int64` Tokens for the quarter. - `Remaining int64` Tokens remaining for the quarter. ### Request Constants - `type RequestConstants struct{…}` - `Priority []RequestConstantsPriority` - `const RequestConstantsPriorityRoutine RequestConstantsPriority = "routine"` - `const RequestConstantsPriorityHigh RequestConstantsPriority = "high"` - `const RequestConstantsPriorityUrgent RequestConstantsPriority = "urgent"` - `Status []RequestConstantsStatus` - `const RequestConstantsStatusOpen RequestConstantsStatus = "open"` - `const RequestConstantsStatusAccepted RequestConstantsStatus = "accepted"` - `const RequestConstantsStatusReported RequestConstantsStatus = "reported"` - `const RequestConstantsStatusApproved RequestConstantsStatus = "approved"` - `const RequestConstantsStatusCompleted RequestConstantsStatus = "completed"` - `const RequestConstantsStatusDeclined RequestConstantsStatus = "declined"` - `TLP []RequestConstantsTLP` - `const RequestConstantsTLPClear RequestConstantsTLP = "clear"` - `const RequestConstantsTLPAmber RequestConstantsTLP = "amber"` - `const RequestConstantsTLPAmberStrict RequestConstantsTLP = "amber-strict"` - `const RequestConstantsTLPGreen RequestConstantsTLP = "green"` - `const RequestConstantsTLPRed RequestConstantsTLP = "red"` ### Request Types - `type RequestTypes []string` # Message ## List Request Messages `client.CloudforceOne.Requests.Message.Get(ctx, requestID, params) (*SinglePage[Message], error)` **post** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message` List Request Messages ### Parameters - `requestID string` UUID. - `params RequestMessageGetParams` - `AccountID param.Field[string]` Path param: Identifier. - `Page param.Field[int64]` Body param: Page number of results. - `PerPage param.Field[int64]` Body param: Number of results per page. - `After param.Field[Time]` Body param: Retrieve mes ges created after this time. - `Before param.Field[Time]` Body param: Retrieve messages created before this time. - `SortBy param.Field[string]` Body param: Field to sort results by. - `SortOrder param.Field[RequestMessageGetParamsSortOrder]` Body param: Sort order (asc or desc). - `const RequestMessageGetParamsSortOrderAsc RequestMessageGetParamsSortOrder = "asc"` - `const RequestMessageGetParamsSortOrderDesc RequestMessageGetParamsSortOrder = "desc"` ### Returns - `type Message struct{…}` - `ID int64` Message ID. - `Author string` Author of message. - `Content string` Content of message. - `IsFollowOnRequest bool` Whether the message is a follow-on request. - `Updated Time` Defines the message last updated time. - `Created Time` Defines the message creation time. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.CloudforceOne.Requests.Message.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestMessageGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Page: cloudflare.F(int64(0)), PerPage: cloudflare.F(int64(10)), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 0, "author": "user@domain.com", "content": "Can you elaborate on the type of DoS that occurred?", "is_follow_on_request": true, "updated": "2022-01-01T00:00:00Z", "created": "2022-01-01T00:00:00Z" } ] } ``` ## Create a New Request Message `client.CloudforceOne.Requests.Message.New(ctx, requestID, params) (*Message, error)` **post** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/new` Create a New Request Message ### Parameters - `requestID string` UUID. - `params RequestMessageNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `Content param.Field[string]` Body param: Content of message. ### Returns - `type Message struct{…}` - `ID int64` Message ID. - `Author string` Author of message. - `Content string` Content of message. - `IsFollowOnRequest bool` Whether the message is a follow-on request. - `Updated Time` Defines the message last updated time. - `Created Time` Defines the message creation time. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) message, err := client.CloudforceOne.Requests.Message.New( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestMessageNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", message.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 0, "author": "user@domain.com", "content": "Can you elaborate on the type of DoS that occurred?", "is_follow_on_request": true, "updated": "2022-01-01T00:00:00Z", "created": "2022-01-01T00:00:00Z" } } ``` ## Update a Request Message `client.CloudforceOne.Requests.Message.Update(ctx, requestID, messageID, params) (*Message, error)` **put** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/{message_id}` Update a Request Message ### Parameters - `requestID string` UUID. - `messageID int64` - `params RequestMessageUpdateParams` - `AccountID param.Field[string]` Path param: Identifier. - `Content param.Field[string]` Body param: Content of message. ### Returns - `type Message struct{…}` - `ID int64` Message ID. - `Author string` Author of message. - `Content string` Content of message. - `IsFollowOnRequest bool` Whether the message is a follow-on request. - `Updated Time` Defines the message last updated time. - `Created Time` Defines the message creation time. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) message, err := client.CloudforceOne.Requests.Message.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", int64(0), cloudforce_one.RequestMessageUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", message.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 0, "author": "user@domain.com", "content": "Can you elaborate on the type of DoS that occurred?", "is_follow_on_request": true, "updated": "2022-01-01T00:00:00Z", "created": "2022-01-01T00:00:00Z" } } ``` ## Delete a Request Message `client.CloudforceOne.Requests.Message.Delete(ctx, requestID, messageID, body) (*RequestMessageDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/{message_id}` Delete a Request Message ### Parameters - `requestID string` UUID. - `messageID int64` - `body RequestMessageDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type RequestMessageDeleteResponse struct{…}` - `Errors []RequestMessageDeleteResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestMessageDeleteResponseErrorsSource` - `Pointer string` - `Messages []RequestMessageDeleteResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestMessageDeleteResponseMessagesSource` - `Pointer string` - `Success RequestMessageDeleteResponseSuccess` Whether the API call was successful. - `const RequestMessageDeleteResponseSuccessTrue RequestMessageDeleteResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) message, err := client.CloudforceOne.Requests.Message.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", int64(0), cloudforce_one.RequestMessageDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", message.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Message - `type Message struct{…}` - `ID int64` Message ID. - `Author string` Author of message. - `Content string` Content of message. - `IsFollowOnRequest bool` Whether the message is a follow-on request. - `Updated Time` Defines the message last updated time. - `Created Time` Defines the message creation time. # Priority ## Get a Priority Intelligence Requirement `client.CloudforceOne.Requests.Priority.Get(ctx, priorityID, query) (*Item, error)` **get** `/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}` Get a Priority Intelligence Requirement ### Parameters - `priorityID string` UUID. - `query RequestPriorityGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type Item struct{…}` - `ID string` UUID. - `Content string` Request content. - `Created Time` - `Priority Time` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ItemTLPClear ItemTLP = "clear"` - `const ItemTLPAmber ItemTLP = "amber"` - `const ItemTLPAmberStrict ItemTLP = "amber-strict"` - `const ItemTLPGreen ItemTLP = "green"` - `const ItemTLPRed ItemTLP = "red"` - `Updated Time` - `Completed Time` - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ItemStatus` Request Status. - `const ItemStatusOpen ItemStatus = "open"` - `const ItemStatusAccepted ItemStatus = "accepted"` - `const ItemStatusReported ItemStatus = "reported"` - `const ItemStatusApproved ItemStatus = "approved"` - `const ItemStatusCompleted ItemStatus = "completed"` - `const ItemStatusDeclined ItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) item, err := client.CloudforceOne.Requests.Priority.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestPriorityGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", item.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Create a New Priority Intelligence Requirement `client.CloudforceOne.Requests.Priority.New(ctx, params) (*Priority, error)` **post** `/accounts/{account_id}/cloudforce-one/requests/priority/new` Create a New Priority Intelligence Requirement ### Parameters - `params RequestPriorityNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `PriorityEdit param.Field[PriorityEdit]` Body param ### Returns - `type Priority struct{…}` - `ID string` UUID. - `Created Time` Priority creation time. - `Labels []Label` List of labels. - `Priority int64` Priority. - `Requirement string` Requirement. - `TLP PriorityTLP` The CISA defined Traffic Light Protocol (TLP). - `const PriorityTLPClear PriorityTLP = "clear"` - `const PriorityTLPAmber PriorityTLP = "amber"` - `const PriorityTLPAmberStrict PriorityTLP = "amber-strict"` - `const PriorityTLPGreen PriorityTLP = "green"` - `const PriorityTLPRed PriorityTLP = "red"` - `Updated Time` Priority last updated time. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) priority, err := client.CloudforceOne.Requests.Priority.New(context.TODO(), cloudforce_one.RequestPriorityNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), PriorityEdit: cloudforce_one.PriorityEditParam{ Labels: cloudflare.F([]cloudforce_one.LabelParam{"DoS", "CVE"}), Priority: cloudflare.F(int64(1)), Requirement: cloudflare.F("DoS attacks carried out by CVEs"), TLP: cloudflare.F(cloudforce_one.PriorityEditTLPClear), }, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", priority.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2022-04-01T05:20:00Z", "labels": [ "DoS", "CVE" ], "priority": 1, "requirement": "DoS attacks carried out by CVEs", "tlp": "clear", "updated": "2022-04-01T05:20:00Z" } } ``` ## Update a Priority Intelligence Requirement `client.CloudforceOne.Requests.Priority.Update(ctx, priorityID, params) (*Item, error)` **put** `/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}` Update a Priority Intelligence Requirement ### Parameters - `priorityID string` UUID. - `params RequestPriorityUpdateParams` - `AccountID param.Field[string]` Path param: Identifier. - `PriorityEdit param.Field[PriorityEdit]` Body param ### Returns - `type Item struct{…}` - `ID string` UUID. - `Content string` Request content. - `Created Time` - `Priority Time` - `Request string` Requested information from request. - `Summary string` Brief description of the request. - `TLP ItemTLP` The CISA defined Traffic Light Protocol (TLP). - `const ItemTLPClear ItemTLP = "clear"` - `const ItemTLPAmber ItemTLP = "amber"` - `const ItemTLPAmberStrict ItemTLP = "amber-strict"` - `const ItemTLPGreen ItemTLP = "green"` - `const ItemTLPRed ItemTLP = "red"` - `Updated Time` - `Completed Time` - `MessageTokens int64` Tokens for the request messages. - `ReadableID string` Readable Request ID. - `Status ItemStatus` Request Status. - `const ItemStatusOpen ItemStatus = "open"` - `const ItemStatusAccepted ItemStatus = "accepted"` - `const ItemStatusReported ItemStatus = "reported"` - `const ItemStatusApproved ItemStatus = "approved"` - `const ItemStatusCompleted ItemStatus = "completed"` - `const ItemStatusDeclined ItemStatus = "declined"` - `Tokens int64` Tokens for the request. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) item, err := client.CloudforceOne.Requests.Priority.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestPriorityUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), PriorityEdit: cloudforce_one.PriorityEditParam{ Labels: cloudflare.F([]cloudforce_one.LabelParam{"DoS", "CVE"}), Priority: cloudflare.F(int64(1)), Requirement: cloudflare.F("DoS attacks carried out by CVEs"), TLP: cloudflare.F(cloudforce_one.PriorityEditTLPClear), }, }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", item.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Delete a Priority Intelligence Requirement `client.CloudforceOne.Requests.Priority.Delete(ctx, priorityID, body) (*RequestPriorityDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}` Delete a Priority Intelligence Requirement ### Parameters - `priorityID string` UUID. - `body RequestPriorityDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type RequestPriorityDeleteResponse struct{…}` - `Errors []RequestPriorityDeleteResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestPriorityDeleteResponseErrorsSource` - `Pointer string` - `Messages []RequestPriorityDeleteResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestPriorityDeleteResponseMessagesSource` - `Pointer string` - `Success RequestPriorityDeleteResponseSuccess` Whether the API call was successful. - `const RequestPriorityDeleteResponseSuccessTrue RequestPriorityDeleteResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) priority, err := client.CloudforceOne.Requests.Priority.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestPriorityDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", priority.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Get Priority Intelligence Requirement Quota `client.CloudforceOne.Requests.Priority.Quota(ctx, query) (*Quota, error)` **get** `/accounts/{account_id}/cloudforce-one/requests/priority/quota` Get Priority Intelligence Requirement Quota ### Parameters - `query RequestPriorityQuotaParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type Quota struct{…}` - `AnniversaryDate Time` Anniversary date is when annual quota limit is refreshed. - `QuarterAnniversaryDate Time` Quarter anniversary date is when quota limit is refreshed each quarter. - `Quota int64` Tokens for the quarter. - `Remaining int64` Tokens remaining for the quarter. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) quota, err := client.CloudforceOne.Requests.Priority.Quota(context.TODO(), cloudforce_one.RequestPriorityQuotaParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", quota.AnniversaryDate) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "anniversary_date": "2022-04-01T00:00:00Z", "quarter_anniversary_date": "2022-04-01T00:00:00Z", "quota": 120, "remaining": 64 } } ``` ## Domain Types ### Label - `type Label string` ### Priority - `type Priority struct{…}` - `ID string` UUID. - `Created Time` Priority creation time. - `Labels []Label` List of labels. - `Priority int64` Priority. - `Requirement string` Requirement. - `TLP PriorityTLP` The CISA defined Traffic Light Protocol (TLP). - `const PriorityTLPClear PriorityTLP = "clear"` - `const PriorityTLPAmber PriorityTLP = "amber"` - `const PriorityTLPAmberStrict PriorityTLP = "amber-strict"` - `const PriorityTLPGreen PriorityTLP = "green"` - `const PriorityTLPRed PriorityTLP = "red"` - `Updated Time` Priority last updated time. ### Priority Edit - `type PriorityEdit struct{…}` - `Labels []Label` List of labels. - `Priority int64` Priority. - `Requirement string` Requirement. - `TLP PriorityEditTLP` The CISA defined Traffic Light Protocol (TLP). - `const PriorityEditTLPClear PriorityEditTLP = "clear"` - `const PriorityEditTLPAmber PriorityEditTLP = "amber"` - `const PriorityEditTLPAmberStrict PriorityEditTLP = "amber-strict"` - `const PriorityEditTLPGreen PriorityEditTLP = "green"` - `const PriorityEditTLPRed PriorityEditTLP = "red"` # Assets ## Get a Request Asset `client.CloudforceOne.Requests.Assets.Get(ctx, requestID, assetID, query) (*SinglePage[RequestAssetGetResponse], error)` **get** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}` Get a Request Asset ### Parameters - `requestID string` UUID. - `assetID string` UUID. - `query RequestAssetGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type RequestAssetGetResponse struct{…}` - `ID int64` Asset ID. - `Name string` Asset name. - `Created Time` Defines the asset creation time. - `Description string` Asset description. - `FileType string` Asset file type. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.CloudforceOne.Requests.Assets.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestAssetGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 0, "name": "example.docx", "created": "2022-01-01T00:00:00Z", "description": "example description", "file_type": "docx" } ] } ``` ## List Request Assets `client.CloudforceOne.Requests.Assets.New(ctx, requestID, params) (*SinglePage[RequestAssetNewResponse], error)` **post** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset` List Request Assets ### Parameters - `requestID string` UUID. - `params RequestAssetNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `Page param.Field[int64]` Body param: Page number of results. - `PerPage param.Field[int64]` Body param: Number of results per page. ### Returns - `type RequestAssetNewResponse struct{…}` - `ID int64` Asset ID. - `Name string` Asset name. - `Created Time` Defines the asset creation time. - `Description string` Asset description. - `FileType string` Asset file type. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.CloudforceOne.Requests.Assets.New( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestAssetNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Page: cloudflare.F(int64(0)), PerPage: cloudflare.F(int64(10)), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 0, "name": "example.docx", "created": "2022-01-01T00:00:00Z", "description": "example description", "file_type": "docx" } ] } ``` ## Update a Request Asset `client.CloudforceOne.Requests.Assets.Update(ctx, requestID, assetID, params) (*RequestAssetUpdateResponse, error)` **put** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}` Update a Request Asset ### Parameters - `requestID string` UUID. - `assetID string` UUID. - `params RequestAssetUpdateParams` - `AccountID param.Field[string]` Path param: Identifier. - `Source param.Field[string]` Body param: Asset file to upload. ### Returns - `type RequestAssetUpdateResponse struct{…}` - `ID int64` Asset ID. - `Name string` Asset name. - `Created Time` Defines the asset creation time. - `Description string` Asset description. - `FileType string` Asset file type. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) asset, err := client.CloudforceOne.Requests.Assets.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestAssetUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", asset.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 0, "name": "example.docx", "created": "2022-01-01T00:00:00Z", "description": "example description", "file_type": "docx" } } ``` ## Delete a Request Asset `client.CloudforceOne.Requests.Assets.Delete(ctx, requestID, assetID, body) (*RequestAssetDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}` Delete a Request Asset ### Parameters - `requestID string` UUID. - `assetID string` UUID. - `body RequestAssetDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type RequestAssetDeleteResponse struct{…}` - `Errors []RequestAssetDeleteResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestAssetDeleteResponseErrorsSource` - `Pointer string` - `Messages []RequestAssetDeleteResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source RequestAssetDeleteResponseMessagesSource` - `Pointer string` - `Success RequestAssetDeleteResponseSuccess` Whether the API call was successful. - `const RequestAssetDeleteResponseSuccessTrue RequestAssetDeleteResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) asset, err := client.CloudforceOne.Requests.Assets.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", cloudforce_one.RequestAssetDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", asset.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` # Threat Events ## Filter and list events `client.CloudforceOne.ThreatEvents.List(ctx, params) (*[]ThreatEventListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events` When `datasetId` is unspecified, events will be listed from the `Cloudforce One Threat Events` dataset. To list existing datasets (and their IDs), use the [`List Datasets`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/) endpoint). Also, must provide query parameters. ### Parameters - `params ThreatEventListParams` - `AccountID param.Field[string]` Path param: Account ID. - `Cursor param.Field[string]` Query param: Cursor for pagination. When provided, filters are embedded in the cursor so you only need to pass cursor and pageSize. Returned in the previous response's result_info.cursor field. Use cursor-based pagination for deep pagination (beyond 100,000 records) or for optimal performance. - `DatasetID param.Field[[]string]` Query param - `ForceRefresh param.Field[bool]` Query param - `Format param.Field[ThreatEventListParamsFormat]` Query param - `const ThreatEventListParamsFormatJson ThreatEventListParamsFormat = "json"` - `const ThreatEventListParamsFormatStix2 ThreatEventListParamsFormat = "stix2"` - `Order param.Field[ThreatEventListParamsOrder]` Query param - `const ThreatEventListParamsOrderAsc ThreatEventListParamsOrder = "asc"` - `const ThreatEventListParamsOrderDesc ThreatEventListParamsOrder = "desc"` - `OrderBy param.Field[string]` Query param - `Page param.Field[float64]` Query param: Page number (1-indexed) for offset-based pagination. Limited to offset of 100,000 records. For deep pagination, use cursor-based pagination instead. - `PageSize param.Field[float64]` Query param: Number of results per page. Maximum 25,000. - `Search param.Field[[]ThreatEventListParamsSearch]` Query param - `Field string` Event field to search on. Allowed: attacker, attackerCountry, category, createdAt, date, event, indicator, indicatorType, killChain, mitreAttack, tags, targetCountry, targetIndustry, tlp, uuid. - `Op ThreatEventListParamsSearchOp` Search operator. Use 'in' for bulk lookup of up to 100 values at once, e.g. {field:'tags', op:'in', value:['malware','apt']}. - `const ThreatEventListParamsSearchOpEquals ThreatEventListParamsSearchOp = "equals"` - `const ThreatEventListParamsSearchOpNot ThreatEventListParamsSearchOp = "not"` - `const ThreatEventListParamsSearchOpGt ThreatEventListParamsSearchOp = "gt"` - `const ThreatEventListParamsSearchOpGte ThreatEventListParamsSearchOp = "gte"` - `const ThreatEventListParamsSearchOpLt ThreatEventListParamsSearchOp = "lt"` - `const ThreatEventListParamsSearchOpLte ThreatEventListParamsSearchOp = "lte"` - `const ThreatEventListParamsSearchOpLike ThreatEventListParamsSearchOp = "like"` - `const ThreatEventListParamsSearchOpContains ThreatEventListParamsSearchOp = "contains"` - `const ThreatEventListParamsSearchOpStartsWith ThreatEventListParamsSearchOp = "startsWith"` - `const ThreatEventListParamsSearchOpEndsWith ThreatEventListParamsSearchOp = "endsWith"` - `const ThreatEventListParamsSearchOpIn ThreatEventListParamsSearchOp = "in"` - `const ThreatEventListParamsSearchOpFind ThreatEventListParamsSearchOp = "find"` - `Value ThreatEventListParamsSearchValueUnion` Search value. String or number for most operators. Array for 'in' operator (max 100 items). - `UnionString` - `UnionFloat` - `type ThreatEventListParamsSearchValueArray []ThreatEventListParamsSearchValueArrayUnion` - `UnionString` - `UnionFloat` ### Returns - `type ThreatEventListResponse []ThreatEventListResponse` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvents, err := client.CloudforceOne.ThreatEvents.List(context.TODO(), cloudforce_one.ThreatEventListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvents) } ``` #### Response ```json [ { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ] ``` ## Reads an event `client.CloudforceOne.ThreatEvents.Get(ctx, eventID, query) (*ThreatEventGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/{event_id}` This Method is deprecated. Please use /events/dataset/:dataset_id/events/:event_id instead. ### Parameters - `eventID string` Event UUID. - `query ThreatEventGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventGetResponse struct{…}` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvent, err := client.CloudforceOne.ThreatEvents.Get( context.TODO(), "event_id", cloudforce_one.ThreatEventGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvent.UUID) } ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Creates a new event `client.CloudforceOne.ThreatEvents.New(ctx, params) (*ThreatEventNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/create` To create a dataset, see the [`Create Dataset`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/create/) endpoint. When `datasetId` parameter is unspecified, it will be created in a default dataset named `Cloudforce One Threat Events`. ### Parameters - `params ThreatEventNewParams` - `PathAccountID param.Field[string]` Path param: Account ID. - `Category param.Field[string]` Body param - `Date param.Field[Time]` Body param - `Event param.Field[string]` Body param - `Raw param.Field[ThreatEventNewParamsRaw]` Body param - `Data map[string, unknown]` - `Source string` - `TLP string` - `TLP param.Field[string]` Body param - `BodyAccountID param.Field[float64]` Body param - `Attacker param.Field[string]` Body param - `AttackerCountry param.Field[string]` Body param - `DatasetID param.Field[string]` Body param - `Indicator param.Field[string]` Body param - `Indicators param.Field[[]ThreatEventNewParamsIndicator]` Body param: Array of indicators for this event. Supports multiple indicators per event for complex scenarios. - `IndicatorType string` The type of indicator (e.g., DOMAIN, IP, JA3, HASH) - `Value string` The indicator value (e.g., domain name, IP address, hash) - `IndicatorType param.Field[string]` Body param - `Insight param.Field[string]` Body param - `Tags param.Field[[]string]` Body param - `TargetCountry param.Field[string]` Body param - `TargetIndustry param.Field[string]` Body param ### Returns - `type ThreatEventNewResponse struct{…}` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvent, err := client.CloudforceOne.ThreatEvents.New(context.TODO(), cloudforce_one.ThreatEventNewParams{ PathAccountID: cloudflare.F("account_id"), Category: cloudflare.F("Domain Resolution"), Date: cloudflare.F(time.Now()), Event: cloudflare.F("An attacker registered the domain domain.com"), Raw: cloudflare.F(cloudforce_one.ThreatEventNewParamsRaw{ Data: cloudflare.F(map[string]interface{}{ "foo": "bar", }), }), TLP: cloudflare.F("amber"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvent.UUID) } ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Updates an event `client.CloudforceOne.ThreatEvents.Edit(ctx, eventID, params) (*ThreatEventEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/{event_id}` Updates an event ### Parameters - `eventID string` Event UUID. - `params ThreatEventEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetID param.Field[string]` Body param: Dataset ID containing the event to update. - `Attacker param.Field[string]` Body param - `AttackerCountry param.Field[string]` Body param - `Category param.Field[string]` Body param - `CreatedAt param.Field[Time]` Body param - `Date param.Field[Time]` Body param - `Event param.Field[string]` Body param - `Indicator param.Field[string]` Body param - `IndicatorType param.Field[string]` Body param - `Insight param.Field[string]` Body param - `Raw param.Field[ThreatEventEditParamsRaw]` Body param - `Data map[string, unknown]` - `Source string` - `TLP string` - `TargetCountry param.Field[string]` Body param - `TargetIndustry param.Field[string]` Body param - `TLP param.Field[string]` Body param ### Returns - `type ThreatEventEditResponse struct{…}` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Edit( context.TODO(), "event_id", cloudforce_one.ThreatEventEditParams{ AccountID: cloudflare.F("account_id"), DatasetID: cloudflare.F("9b769969-a211-466c-8ac3-cb91266a066a"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.UUID) } ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Creates bulk events `client.CloudforceOne.ThreatEvents.BulkNew(ctx, params) (*ThreatEventBulkNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/create/bulk` The `datasetId` parameter must be defined. To list existing datasets (and their IDs) in your account, use the [`List Datasets`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/) endpoint. ### Parameters - `params ThreatEventBulkNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `Data param.Field[[]ThreatEventBulkNewParamsData]` Body param - `Category string` - `Date Time` - `Event string` - `Raw ThreatEventBulkNewParamsDataRaw` - `Data map[string, unknown]` - `Source string` - `TLP string` - `TLP string` - `AccountID float64` - `Attacker string` - `AttackerCountry string` - `DatasetID string` - `Indicator string` - `Indicators []ThreatEventBulkNewParamsDataIndicator` Array of indicators for this event. Supports multiple indicators per event for complex scenarios. - `IndicatorType string` The type of indicator (e.g., DOMAIN, IP, JA3, HASH) - `Value string` The indicator value (e.g., domain name, IP address, hash) - `IndicatorType string` - `Insight string` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `DatasetID param.Field[string]` Body param - `IncludeCreatedEvents param.Field[bool]` Body param: When true, response includes array of created event UUIDs and shard IDs. Useful for tracking which events were created and where. ### Returns - `type ThreatEventBulkNewResponse struct{…}` Detailed result of bulk event creation with auto-tag management - `CreatedEventsCount float64` Number of events created - `CreatedTagsCount float64` Number of new tags created in SoT - `ErrorCount float64` Number of errors encountered - `QueuedIndicatorsCount float64` Number of indicators queued for async processing - `CreateBulkEventsRequestID string` Correlation ID for async indicator processing - `CreatedEvents []ThreatEventBulkNewResponseCreatedEvent` Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true - `EventIndex float64` Original index in the input data array - `ShardID string` Dataset ID of the shard where the event was created - `UUID string` UUID of the created event - `Errors []ThreatEventBulkNewResponseError` Array of error details - `Error string` Error message - `EventIndex float64` Index of the event that caused the error ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.BulkNew(context.TODO(), cloudforce_one.ThreatEventBulkNewParams{ AccountID: cloudflare.F("account_id"), Data: cloudflare.F([]cloudforce_one.ThreatEventBulkNewParamsData{cloudforce_one.ThreatEventBulkNewParamsData{ Category: cloudflare.F("Domain Resolution"), Date: cloudflare.F(time.Now()), Event: cloudflare.F("An attacker registered the domain domain.com"), Raw: cloudflare.F(cloudforce_one.ThreatEventBulkNewParamsDataRaw{ Data: cloudflare.F(map[string]interface{}{ "foo": "bar", }), }), TLP: cloudflare.F("amber"), }}), DatasetID: cloudflare.F("durableObjectName"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.CreatedEventsCount) } ``` #### Response ```json { "createdEventsCount": 0, "createdTagsCount": 0, "errorCount": 0, "queuedIndicatorsCount": 0, "createBulkEventsRequestId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "createdEvents": [ { "eventIndex": 0, "shardId": "shardId", "uuid": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } ], "errors": [ { "error": "error", "eventIndex": 0 } ] } ``` # Attackers ## Lists attackers across multiple datasets `client.CloudforceOne.ThreatEvents.Attackers.List(ctx, params) (*ThreatEventAttackerListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/attackers` Lists attackers across multiple datasets ### Parameters - `params ThreatEventAttackerListParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetIDs param.Field[[]string]` Query param: Array of dataset IDs to query attackers from. If not provided, uses the default dataset. ### Returns - `type ThreatEventAttackerListResponse struct{…}` - `Items ThreatEventAttackerListResponseItems` - `Type string` - `Type string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) attackers, err := client.CloudforceOne.ThreatEvents.Attackers.List(context.TODO(), cloudforce_one.ThreatEventAttackerListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", attackers.Items) } ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` # Categories ## Lists categories across multiple datasets `client.CloudforceOne.ThreatEvents.Categories.List(ctx, params) (*[]ThreatEventCategoryListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/categories` Lists categories across multiple datasets ### Parameters - `params ThreatEventCategoryListParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetIDs param.Field[[]string]` Query param: Array of dataset IDs to query categories from. If not provided, uses the default dataset. ### Returns - `type ThreatEventCategoryListResponse []ThreatEventCategoryListResponse` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) categories, err := client.CloudforceOne.ThreatEvents.Categories.List(context.TODO(), cloudforce_one.ThreatEventCategoryListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", categories) } ``` #### Response ```json [ { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ] ``` ## Reads a category `client.CloudforceOne.ThreatEvents.Categories.Get(ctx, categoryID, query) (*ThreatEventCategoryGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Reads a category ### Parameters - `categoryID string` Category UUID. - `query ThreatEventCategoryGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventCategoryGetResponse struct{…}` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) category, err := client.CloudforceOne.ThreatEvents.Categories.Get( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventCategoryGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", category.UUID) } ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Creates a new category `client.CloudforceOne.ThreatEvents.Categories.New(ctx, params) (*ThreatEventCategoryNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/categories/create` Creates a new category ### Parameters - `params ThreatEventCategoryNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `KillChain param.Field[float64]` Body param - `Name param.Field[string]` Body param - `MitreAttack param.Field[[]string]` Body param - `MitreCapec param.Field[[]string]` Body param - `Shortname param.Field[string]` Body param ### Returns - `type ThreatEventCategoryNewResponse struct{…}` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) category, err := client.CloudforceOne.ThreatEvents.Categories.New(context.TODO(), cloudforce_one.ThreatEventCategoryNewParams{ AccountID: cloudflare.F("account_id"), KillChain: cloudflare.F(0.000000), Name: cloudflare.F("name"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", category.UUID) } ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Updates a category `client.CloudforceOne.ThreatEvents.Categories.Edit(ctx, categoryID, params) (*ThreatEventCategoryEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Updates a category ### Parameters - `categoryID string` Category UUID. - `params ThreatEventCategoryEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `KillChain param.Field[float64]` Body param - `MitreAttack param.Field[[]string]` Body param - `MitreCapec param.Field[[]string]` Body param - `Name param.Field[string]` Body param - `Shortname param.Field[string]` Body param ### Returns - `type ThreatEventCategoryEditResponse struct{…}` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Categories.Edit( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventCategoryEditParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.UUID) } ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Deletes a category `client.CloudforceOne.ThreatEvents.Categories.Delete(ctx, categoryID, body) (*ThreatEventCategoryDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Deletes a category ### Parameters - `categoryID string` Category UUID. - `body ThreatEventCategoryDeleteParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventCategoryDeleteResponse struct{…}` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) category, err := client.CloudforceOne.ThreatEvents.Categories.Delete( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventCategoryDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", category.UUID) } ``` #### Response ```json { "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` # Countries ## Retrieves countries information for all countries `client.CloudforceOne.ThreatEvents.Countries.List(ctx, query) (*[]ThreatEventCountryListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/countries` Retrieves countries information for all countries ### Parameters - `query ThreatEventCountryListParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventCountryListResponse []ThreatEventCountryListResponse` - `Result []ThreatEventCountryListResponseResult` - `Alpha3 string` - `Name string` - `Success string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) countries, err := client.CloudforceOne.ThreatEvents.Countries.List(context.TODO(), cloudforce_one.ThreatEventCountryListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", countries) } ``` #### Response ```json [ { "result": [ { "alpha3": "AF", "name": "Afghanistan" } ], "success": "true" } ] ``` # Crons # Datasets ## Lists all datasets in an account `client.CloudforceOne.ThreatEvents.Datasets.List(ctx, query) (*[]ThreatEventDatasetListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/dataset` Lists all datasets in an account ### Parameters - `query ThreatEventDatasetListParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventDatasetListResponse []ThreatEventDatasetListResponse` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) datasets, err := client.CloudforceOne.ThreatEvents.Datasets.List(context.TODO(), cloudforce_one.ThreatEventDatasetListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", datasets) } ``` #### Response ```json [ { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ] ``` ## Reads a dataset `client.CloudforceOne.ThreatEvents.Datasets.Get(ctx, datasetID, query) (*ThreatEventDatasetGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}` Reads a dataset ### Parameters - `datasetID string` Dataset ID. - `query ThreatEventDatasetGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventDatasetGetResponse struct{…}` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) dataset, err := client.CloudforceOne.ThreatEvents.Datasets.Get( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventDatasetGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dataset.UUID) } ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Creates a dataset `client.CloudforceOne.ThreatEvents.Datasets.New(ctx, params) (*ThreatEventDatasetNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/dataset/create` Creates a dataset ### Parameters - `params ThreatEventDatasetNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `IsPublic param.Field[bool]` Body param: If true, then anyone can search the dataset. If false, then its limited to the account. - `Name param.Field[string]` Body param: Used to describe the dataset within the account context. ### Returns - `type ThreatEventDatasetNewResponse struct{…}` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) dataset, err := client.CloudforceOne.ThreatEvents.Datasets.New(context.TODO(), cloudforce_one.ThreatEventDatasetNewParams{ AccountID: cloudflare.F("account_id"), IsPublic: cloudflare.F(true), Name: cloudflare.F("x"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dataset.UUID) } ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Updates an existing dataset `client.CloudforceOne.ThreatEvents.Datasets.Edit(ctx, datasetID, params) (*ThreatEventDatasetEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}` Updates an existing dataset ### Parameters - `datasetID string` Dataset ID. - `params ThreatEventDatasetEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `IsPublic param.Field[bool]` Body param: If true, then anyone can search the dataset. If false, then its limited to the account. - `Name param.Field[string]` Body param: Used to describe the dataset within the account context. ### Returns - `type ThreatEventDatasetEditResponse struct{…}` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Datasets.Edit( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventDatasetEditParams{ AccountID: cloudflare.F("account_id"), IsPublic: cloudflare.F(true), Name: cloudflare.F("x"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.UUID) } ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Reads raw data for an event by UUID `client.CloudforceOne.ThreatEvents.Datasets.Raw(ctx, datasetID, eventID, query) (*ThreatEventDatasetRawResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/raw/{dataset_id}/{event_id}` Retrieves the raw data associated with an event. Searches across all shards in the dataset. ### Parameters - `datasetID string` Dataset ID. - `eventID string` Event ID. - `query ThreatEventDatasetRawParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventDatasetRawResponse struct{…}` - `ID float64` - `AccountID float64` - `Created string` - `Data string` - `Source string` - `TLP string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Datasets.Raw( context.TODO(), "dataset_id", "event_id", cloudforce_one.ThreatEventDatasetRawParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "id": 1, "accountId": 1234, "created": "1970-01-01T00:00:00.000Z", "data": "{\"foo\": \"bar\"}", "source": "https://example.com", "tlp": "amber" } ``` # Health # Indicator Types ## Lists all indicator types `client.CloudforceOne.ThreatEvents.IndicatorTypes.List(ctx, query) (*ThreatEventIndicatorTypeListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/indicatorTypes` This Method is deprecated. Please use /events/dataset/:dataset_id/indicatorTypes instead. ### Parameters - `query ThreatEventIndicatorTypeListParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventIndicatorTypeListResponse struct{…}` - `Items ThreatEventIndicatorTypeListResponseItems` - `Type string` - `Type string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) indicatorTypes, err := client.CloudforceOne.ThreatEvents.IndicatorTypes.List(context.TODO(), cloudforce_one.ThreatEventIndicatorTypeListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", indicatorTypes.Items) } ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` # Raw ## Reads data for a raw event `client.CloudforceOne.ThreatEvents.Raw.Get(ctx, eventID, rawID, query) (*ThreatEventRawGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}` Reads data for a raw event ### Parameters - `eventID string` Event UUID. - `rawID string` Raw Event UUID. - `query ThreatEventRawGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventRawGetResponse struct{…}` - `ID string` - `AccountID float64` - `Created string` - `Data unknown` - `Source string` - `TLP string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) raw, err := client.CloudforceOne.ThreatEvents.Raw.Get( context.TODO(), "event_id", "raw_id", cloudforce_one.ThreatEventRawGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", raw.ID) } ``` #### Response ```json { "id": "1234", "accountId": 1234, "created": "1970-01-01", "data": {}, "source": "https://example.com", "tlp": "amber" } ``` ## Updates a raw event `client.CloudforceOne.ThreatEvents.Raw.Edit(ctx, eventID, rawID, params) (*ThreatEventRawEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}` Updates a raw event ### Parameters - `eventID string` Event UUID. - `rawID string` Raw Event UUID. - `params ThreatEventRawEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `Data param.Field[unknown]` Body param - `Source param.Field[string]` Body param - `TLP param.Field[string]` Body param ### Returns - `type ThreatEventRawEditResponse struct{…}` - `ID string` - `Data unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Raw.Edit( context.TODO(), "event_id", "raw_id", cloudforce_one.ThreatEventRawEditParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "id": "1234", "data": {} } ``` # Relate ## Removes an event reference `client.CloudforceOne.ThreatEvents.Relate.Delete(ctx, eventID, body) (*ThreatEventRelateDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/events/relate/{event_id}` Removes an event reference ### Parameters - `eventID string` Event UUID. - `body ThreatEventRelateDeleteParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventRelateDeleteResponse struct{…}` - `Success bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) relate, err := client.CloudforceOne.ThreatEvents.Relate.Delete( context.TODO(), "event_id", cloudforce_one.ThreatEventRelateDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", relate.Success) } ``` #### Response ```json { "result": { "success": true }, "success": true } ``` # Tags ## Creates a new tag `client.CloudforceOne.ThreatEvents.Tags.New(ctx, params) (*ThreatEventTagNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/tags/create` Creates a new tag to be used accross threat events. ### Parameters - `params ThreatEventTagNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `Value param.Field[string]` Body param - `ActiveDuration param.Field[string]` Body param - `ActorCategory param.Field[string]` Body param - `AliasGroupNames param.Field[[]string]` Body param - `AliasGroupNamesInternal param.Field[[]string]` Body param - `AnalyticPriority param.Field[float64]` Body param - `AttributionConfidence param.Field[string]` Body param - `AttributionOrganization param.Field[string]` Body param - `CategoryUUID param.Field[string]` Body param - `ExternalReferenceLinks param.Field[[]string]` Body param - `InternalDescription param.Field[string]` Body param - `Motive param.Field[string]` Body param - `OpsecLevel param.Field[string]` Body param - `OriginCountryISO param.Field[string]` Body param - `Priority param.Field[float64]` Body param - `SophisticationLevel param.Field[string]` Body param ### Returns - `type ThreatEventTagNewResponse struct{…}` - `UUID string` - `Value string` - `ActiveDuration string` - `ActorCategory string` - `AliasGroupNames []string` - `AliasGroupNamesInternal []string` - `AnalyticPriority float64` - `AttributionConfidence string` - `AttributionOrganization string` - `CategoryName string` - `CategoryUUID string` - `ExternalReferenceLinks []string` - `InternalDescription string` - `Motive string` - `OpsecLevel string` - `OriginCountryISO string` - `Priority float64` - `SophisticationLevel string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) tag, err := client.CloudforceOne.ThreatEvents.Tags.New(context.TODO(), cloudforce_one.ThreatEventTagNewParams{ AccountID: cloudflare.F("account_id"), Value: cloudflare.F("APT28"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", tag.UUID) } ``` #### Response ```json { "uuid": "12345678-1234-1234-1234-1234567890ab", "value": "APT28", "activeDuration": "activeDuration", "actorCategory": "actorCategory", "aliasGroupNames": [ "string" ], "aliasGroupNamesInternal": [ "string" ], "analyticPriority": 0, "attributionConfidence": "attributionConfidence", "attributionOrganization": "attributionOrganization", "categoryName": "Nation State", "categoryUuid": "12345678-1234-1234-1234-1234567890ab", "externalReferenceLinks": [ "string" ], "internalDescription": "internalDescription", "motive": "motive", "opsecLevel": "opsecLevel", "originCountryISO": "originCountryISO", "priority": 0, "sophisticationLevel": "sophisticationLevel" } ``` # Event Tags ## Adds a tag to an event `client.CloudforceOne.ThreatEvents.EventTags.New(ctx, eventID, params) (*ThreatEventEventTagNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}/create` Adds a tag to an event ### Parameters - `eventID string` Event UUID. - `params ThreatEventEventTagNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `Tags param.Field[[]string]` Body param ### Returns - `type ThreatEventEventTagNewResponse struct{…}` - `Success bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) eventTag, err := client.CloudforceOne.ThreatEvents.EventTags.New( context.TODO(), "event_id", cloudforce_one.ThreatEventEventTagNewParams{ AccountID: cloudflare.F("account_id"), Tags: cloudflare.F([]string{"botnet"}), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", eventTag.Success) } ``` #### Response ```json { "result": { "success": true }, "success": true } ``` ## Removes a tag from an event `client.CloudforceOne.ThreatEvents.EventTags.Delete(ctx, eventID, body) (*ThreatEventEventTagDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}` Removes a tag from an event ### Parameters - `eventID string` Event UUID. - `body ThreatEventEventTagDeleteParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventEventTagDeleteResponse struct{…}` - `Success bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) eventTag, err := client.CloudforceOne.ThreatEvents.EventTags.Delete( context.TODO(), "event_id", cloudforce_one.ThreatEventEventTagDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", eventTag.Success) } ``` #### Response ```json { "result": { "success": true }, "success": true } ``` # Target Industries ## Lists target industries across multiple datasets `client.CloudforceOne.ThreatEvents.TargetIndustries.List(ctx, params) (*ThreatEventTargetIndustryListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/targetIndustries` Lists target industries across multiple datasets ### Parameters - `params ThreatEventTargetIndustryListParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetIDs param.Field[[]string]` Query param: Array of dataset IDs to query target industries from. If not provided, uses the default dataset. ### Returns - `type ThreatEventTargetIndustryListResponse struct{…}` - `Items ThreatEventTargetIndustryListResponseItems` - `Type string` - `Type string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) targetIndustries, err := client.CloudforceOne.ThreatEvents.TargetIndustries.List(context.TODO(), cloudforce_one.ThreatEventTargetIndustryListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", targetIndustries.Items) } ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` # Insights