# Threat Events ## Filter and list events `client.CloudforceOne.ThreatEvents.List(ctx, params) (*[]ThreatEventListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events` When `datasetId` is unspecified, events will be listed from the `Cloudforce One Threat Events` dataset. To list existing datasets (and their IDs), use the [`List Datasets`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/) endpoint). Also, must provide query parameters. ### Parameters - `params ThreatEventListParams` - `AccountID param.Field[string]` Path param: Account ID. - `Cursor param.Field[string]` Query param: Cursor for pagination. When provided, filters are embedded in the cursor so you only need to pass cursor and pageSize. Returned in the previous response's result_info.cursor field. Use cursor-based pagination for deep pagination (beyond 100,000 records) or for optimal performance. - `DatasetID param.Field[[]string]` Query param - `ForceRefresh param.Field[bool]` Query param - `Format param.Field[ThreatEventListParamsFormat]` Query param - `const ThreatEventListParamsFormatJson ThreatEventListParamsFormat = "json"` - `const ThreatEventListParamsFormatStix2 ThreatEventListParamsFormat = "stix2"` - `Order param.Field[ThreatEventListParamsOrder]` Query param - `const ThreatEventListParamsOrderAsc ThreatEventListParamsOrder = "asc"` - `const ThreatEventListParamsOrderDesc ThreatEventListParamsOrder = "desc"` - `OrderBy param.Field[string]` Query param - `Page param.Field[float64]` Query param: Page number (1-indexed) for offset-based pagination. Limited to offset of 100,000 records. For deep pagination, use cursor-based pagination instead. - `PageSize param.Field[float64]` Query param: Number of results per page. Maximum 25,000. - `Search param.Field[[]ThreatEventListParamsSearch]` Query param - `Field string` Event field to search on. Allowed: attacker, attackerCountry, category, createdAt, date, event, indicator, indicatorType, killChain, mitreAttack, tags, targetCountry, targetIndustry, tlp, uuid. - `Op ThreatEventListParamsSearchOp` Search operator. Use 'in' for bulk lookup of up to 100 values at once, e.g. {field:'tags', op:'in', value:['malware','apt']}. - `const ThreatEventListParamsSearchOpEquals ThreatEventListParamsSearchOp = "equals"` - `const ThreatEventListParamsSearchOpNot ThreatEventListParamsSearchOp = "not"` - `const ThreatEventListParamsSearchOpGt ThreatEventListParamsSearchOp = "gt"` - `const ThreatEventListParamsSearchOpGte ThreatEventListParamsSearchOp = "gte"` - `const ThreatEventListParamsSearchOpLt ThreatEventListParamsSearchOp = "lt"` - `const ThreatEventListParamsSearchOpLte ThreatEventListParamsSearchOp = "lte"` - `const ThreatEventListParamsSearchOpLike ThreatEventListParamsSearchOp = "like"` - `const ThreatEventListParamsSearchOpContains ThreatEventListParamsSearchOp = "contains"` - `const ThreatEventListParamsSearchOpStartsWith ThreatEventListParamsSearchOp = "startsWith"` - `const ThreatEventListParamsSearchOpEndsWith ThreatEventListParamsSearchOp = "endsWith"` - `const ThreatEventListParamsSearchOpIn ThreatEventListParamsSearchOp = "in"` - `const ThreatEventListParamsSearchOpFind ThreatEventListParamsSearchOp = "find"` - `Value ThreatEventListParamsSearchValueUnion` Search value. String or number for most operators. Array for 'in' operator (max 100 items). - `UnionString` - `UnionFloat` - `type ThreatEventListParamsSearchValueArray []ThreatEventListParamsSearchValueArrayUnion` - `UnionString` - `UnionFloat` ### Returns - `type ThreatEventListResponse []ThreatEventListResponse` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvents, err := client.CloudforceOne.ThreatEvents.List(context.TODO(), cloudforce_one.ThreatEventListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvents) } ``` #### Response ```json [ { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ] ``` ## Reads an event `client.CloudforceOne.ThreatEvents.Get(ctx, eventID, query) (*ThreatEventGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/{event_id}` This Method is deprecated. Please use /events/dataset/:dataset_id/events/:event_id instead. ### Parameters - `eventID string` Event UUID. - `query ThreatEventGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventGetResponse struct{…}` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvent, err := client.CloudforceOne.ThreatEvents.Get( context.TODO(), "event_id", cloudforce_one.ThreatEventGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvent.UUID) } ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Creates a new event `client.CloudforceOne.ThreatEvents.New(ctx, params) (*ThreatEventNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/create` To create a dataset, see the [`Create Dataset`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/create/) endpoint. When `datasetId` parameter is unspecified, it will be created in a default dataset named `Cloudforce One Threat Events`. ### Parameters - `params ThreatEventNewParams` - `PathAccountID param.Field[string]` Path param: Account ID. - `Category param.Field[string]` Body param - `Date param.Field[Time]` Body param - `Event param.Field[string]` Body param - `Raw param.Field[ThreatEventNewParamsRaw]` Body param - `Data map[string, unknown]` - `Source string` - `TLP string` - `TLP param.Field[string]` Body param - `BodyAccountID param.Field[float64]` Body param - `Attacker param.Field[string]` Body param - `AttackerCountry param.Field[string]` Body param - `DatasetID param.Field[string]` Body param - `Indicator param.Field[string]` Body param - `Indicators param.Field[[]ThreatEventNewParamsIndicator]` Body param: Array of indicators for this event. Supports multiple indicators per event for complex scenarios. - `IndicatorType string` The type of indicator (e.g., DOMAIN, IP, JA3, HASH) - `Value string` The indicator value (e.g., domain name, IP address, hash) - `IndicatorType param.Field[string]` Body param - `Insight param.Field[string]` Body param - `Tags param.Field[[]string]` Body param - `TargetCountry param.Field[string]` Body param - `TargetIndustry param.Field[string]` Body param ### Returns - `type ThreatEventNewResponse struct{…}` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvent, err := client.CloudforceOne.ThreatEvents.New(context.TODO(), cloudforce_one.ThreatEventNewParams{ PathAccountID: cloudflare.F("account_id"), Category: cloudflare.F("Domain Resolution"), Date: cloudflare.F(time.Now()), Event: cloudflare.F("An attacker registered the domain domain.com"), Raw: cloudflare.F(cloudforce_one.ThreatEventNewParamsRaw{ Data: cloudflare.F(map[string]interface{}{ "foo": "bar", }), }), TLP: cloudflare.F("amber"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvent.UUID) } ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Updates an event `client.CloudforceOne.ThreatEvents.Edit(ctx, eventID, params) (*ThreatEventEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/{event_id}` Updates an event ### Parameters - `eventID string` Event UUID. - `params ThreatEventEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetID param.Field[string]` Body param: Dataset ID containing the event to update. - `Attacker param.Field[string]` Body param - `AttackerCountry param.Field[string]` Body param - `Category param.Field[string]` Body param - `CreatedAt param.Field[Time]` Body param - `Date param.Field[Time]` Body param - `Event param.Field[string]` Body param - `Indicator param.Field[string]` Body param - `IndicatorType param.Field[string]` Body param - `Insight param.Field[string]` Body param - `Raw param.Field[ThreatEventEditParamsRaw]` Body param - `Data map[string, unknown]` - `Source string` - `TLP string` - `TargetCountry param.Field[string]` Body param - `TargetIndustry param.Field[string]` Body param - `TLP param.Field[string]` Body param ### Returns - `type ThreatEventEditResponse struct{…}` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Edit( context.TODO(), "event_id", cloudforce_one.ThreatEventEditParams{ AccountID: cloudflare.F("account_id"), DatasetID: cloudflare.F("9b769969-a211-466c-8ac3-cb91266a066a"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.UUID) } ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Creates bulk events `client.CloudforceOne.ThreatEvents.BulkNew(ctx, params) (*ThreatEventBulkNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/create/bulk` The `datasetId` parameter must be defined. To list existing datasets (and their IDs) in your account, use the [`List Datasets`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/) endpoint. ### Parameters - `params ThreatEventBulkNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `Data param.Field[[]ThreatEventBulkNewParamsData]` Body param - `Category string` - `Date Time` - `Event string` - `Raw ThreatEventBulkNewParamsDataRaw` - `Data map[string, unknown]` - `Source string` - `TLP string` - `TLP string` - `AccountID float64` - `Attacker string` - `AttackerCountry string` - `DatasetID string` - `Indicator string` - `Indicators []ThreatEventBulkNewParamsDataIndicator` Array of indicators for this event. Supports multiple indicators per event for complex scenarios. - `IndicatorType string` The type of indicator (e.g., DOMAIN, IP, JA3, HASH) - `Value string` The indicator value (e.g., domain name, IP address, hash) - `IndicatorType string` - `Insight string` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `DatasetID param.Field[string]` Body param - `IncludeCreatedEvents param.Field[bool]` Body param: When true, response includes array of created event UUIDs and shard IDs. Useful for tracking which events were created and where. ### Returns - `type ThreatEventBulkNewResponse struct{…}` Detailed result of bulk event creation with auto-tag management - `CreatedEventsCount float64` Number of events created - `CreatedTagsCount float64` Number of new tags created in SoT - `ErrorCount float64` Number of errors encountered - `QueuedIndicatorsCount float64` Number of indicators queued for async processing - `CreateBulkEventsRequestID string` Correlation ID for async indicator processing - `CreatedEvents []ThreatEventBulkNewResponseCreatedEvent` Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true - `EventIndex float64` Original index in the input data array - `ShardID string` Dataset ID of the shard where the event was created - `UUID string` UUID of the created event - `Errors []ThreatEventBulkNewResponseError` Array of error details - `Error string` Error message - `EventIndex float64` Index of the event that caused the error ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.BulkNew(context.TODO(), cloudforce_one.ThreatEventBulkNewParams{ AccountID: cloudflare.F("account_id"), Data: cloudflare.F([]cloudforce_one.ThreatEventBulkNewParamsData{cloudforce_one.ThreatEventBulkNewParamsData{ Category: cloudflare.F("Domain Resolution"), Date: cloudflare.F(time.Now()), Event: cloudflare.F("An attacker registered the domain domain.com"), Raw: cloudflare.F(cloudforce_one.ThreatEventBulkNewParamsDataRaw{ Data: cloudflare.F(map[string]interface{}{ "foo": "bar", }), }), TLP: cloudflare.F("amber"), }}), DatasetID: cloudflare.F("durableObjectName"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.CreatedEventsCount) } ``` #### Response ```json { "createdEventsCount": 0, "createdTagsCount": 0, "errorCount": 0, "queuedIndicatorsCount": 0, "createBulkEventsRequestId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "createdEvents": [ { "eventIndex": 0, "shardId": "shardId", "uuid": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } ], "errors": [ { "error": "error", "eventIndex": 0 } ] } ``` # Attackers ## Lists attackers across multiple datasets `client.CloudforceOne.ThreatEvents.Attackers.List(ctx, params) (*ThreatEventAttackerListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/attackers` Lists attackers across multiple datasets ### Parameters - `params ThreatEventAttackerListParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetIDs param.Field[[]string]` Query param: Array of dataset IDs to query attackers from. If not provided, uses the default dataset. ### Returns - `type ThreatEventAttackerListResponse struct{…}` - `Items ThreatEventAttackerListResponseItems` - `Type string` - `Type string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) attackers, err := client.CloudforceOne.ThreatEvents.Attackers.List(context.TODO(), cloudforce_one.ThreatEventAttackerListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", attackers.Items) } ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` # Categories ## Lists categories across multiple datasets `client.CloudforceOne.ThreatEvents.Categories.List(ctx, params) (*[]ThreatEventCategoryListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/categories` Lists categories across multiple datasets ### Parameters - `params ThreatEventCategoryListParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetIDs param.Field[[]string]` Query param: Array of dataset IDs to query categories from. If not provided, uses the default dataset. ### Returns - `type ThreatEventCategoryListResponse []ThreatEventCategoryListResponse` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) categories, err := client.CloudforceOne.ThreatEvents.Categories.List(context.TODO(), cloudforce_one.ThreatEventCategoryListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", categories) } ``` #### Response ```json [ { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ] ``` ## Reads a category `client.CloudforceOne.ThreatEvents.Categories.Get(ctx, categoryID, query) (*ThreatEventCategoryGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Reads a category ### Parameters - `categoryID string` Category UUID. - `query ThreatEventCategoryGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventCategoryGetResponse struct{…}` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) category, err := client.CloudforceOne.ThreatEvents.Categories.Get( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventCategoryGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", category.UUID) } ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Creates a new category `client.CloudforceOne.ThreatEvents.Categories.New(ctx, params) (*ThreatEventCategoryNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/categories/create` Creates a new category ### Parameters - `params ThreatEventCategoryNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `KillChain param.Field[float64]` Body param - `Name param.Field[string]` Body param - `MitreAttack param.Field[[]string]` Body param - `MitreCapec param.Field[[]string]` Body param - `Shortname param.Field[string]` Body param ### Returns - `type ThreatEventCategoryNewResponse struct{…}` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) category, err := client.CloudforceOne.ThreatEvents.Categories.New(context.TODO(), cloudforce_one.ThreatEventCategoryNewParams{ AccountID: cloudflare.F("account_id"), KillChain: cloudflare.F(0.000000), Name: cloudflare.F("name"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", category.UUID) } ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Updates a category `client.CloudforceOne.ThreatEvents.Categories.Edit(ctx, categoryID, params) (*ThreatEventCategoryEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Updates a category ### Parameters - `categoryID string` Category UUID. - `params ThreatEventCategoryEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `KillChain param.Field[float64]` Body param - `MitreAttack param.Field[[]string]` Body param - `MitreCapec param.Field[[]string]` Body param - `Name param.Field[string]` Body param - `Shortname param.Field[string]` Body param ### Returns - `type ThreatEventCategoryEditResponse struct{…}` - `KillChain float64` - `Name string` - `UUID string` - `MitreAttack []string` - `MitreCapec []string` - `Shortname string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Categories.Edit( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventCategoryEditParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.UUID) } ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Deletes a category `client.CloudforceOne.ThreatEvents.Categories.Delete(ctx, categoryID, body) (*ThreatEventCategoryDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Deletes a category ### Parameters - `categoryID string` Category UUID. - `body ThreatEventCategoryDeleteParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventCategoryDeleteResponse struct{…}` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) category, err := client.CloudforceOne.ThreatEvents.Categories.Delete( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventCategoryDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", category.UUID) } ``` #### Response ```json { "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` # Countries ## Retrieves countries information for all countries `client.CloudforceOne.ThreatEvents.Countries.List(ctx, query) (*[]ThreatEventCountryListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/countries` Retrieves countries information for all countries ### Parameters - `query ThreatEventCountryListParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventCountryListResponse []ThreatEventCountryListResponse` - `Result []ThreatEventCountryListResponseResult` - `Alpha3 string` - `Name string` - `Success string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) countries, err := client.CloudforceOne.ThreatEvents.Countries.List(context.TODO(), cloudforce_one.ThreatEventCountryListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", countries) } ``` #### Response ```json [ { "result": [ { "alpha3": "AF", "name": "Afghanistan" } ], "success": "true" } ] ``` # Crons # Datasets ## Lists all datasets in an account `client.CloudforceOne.ThreatEvents.Datasets.List(ctx, query) (*[]ThreatEventDatasetListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/dataset` Lists all datasets in an account ### Parameters - `query ThreatEventDatasetListParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventDatasetListResponse []ThreatEventDatasetListResponse` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) datasets, err := client.CloudforceOne.ThreatEvents.Datasets.List(context.TODO(), cloudforce_one.ThreatEventDatasetListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", datasets) } ``` #### Response ```json [ { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ] ``` ## Reads a dataset `client.CloudforceOne.ThreatEvents.Datasets.Get(ctx, datasetID, query) (*ThreatEventDatasetGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}` Reads a dataset ### Parameters - `datasetID string` Dataset ID. - `query ThreatEventDatasetGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventDatasetGetResponse struct{…}` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) dataset, err := client.CloudforceOne.ThreatEvents.Datasets.Get( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventDatasetGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dataset.UUID) } ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Creates a dataset `client.CloudforceOne.ThreatEvents.Datasets.New(ctx, params) (*ThreatEventDatasetNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/dataset/create` Creates a dataset ### Parameters - `params ThreatEventDatasetNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `IsPublic param.Field[bool]` Body param: If true, then anyone can search the dataset. If false, then its limited to the account. - `Name param.Field[string]` Body param: Used to describe the dataset within the account context. ### Returns - `type ThreatEventDatasetNewResponse struct{…}` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) dataset, err := client.CloudforceOne.ThreatEvents.Datasets.New(context.TODO(), cloudforce_one.ThreatEventDatasetNewParams{ AccountID: cloudflare.F("account_id"), IsPublic: cloudflare.F(true), Name: cloudflare.F("x"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dataset.UUID) } ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Updates an existing dataset `client.CloudforceOne.ThreatEvents.Datasets.Edit(ctx, datasetID, params) (*ThreatEventDatasetEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}` Updates an existing dataset ### Parameters - `datasetID string` Dataset ID. - `params ThreatEventDatasetEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `IsPublic param.Field[bool]` Body param: If true, then anyone can search the dataset. If false, then its limited to the account. - `Name param.Field[string]` Body param: Used to describe the dataset within the account context. ### Returns - `type ThreatEventDatasetEditResponse struct{…}` - `IsPublic bool` - `Name string` - `UUID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Datasets.Edit( context.TODO(), "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", cloudforce_one.ThreatEventDatasetEditParams{ AccountID: cloudflare.F("account_id"), IsPublic: cloudflare.F(true), Name: cloudflare.F("x"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.UUID) } ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Reads raw data for an event by UUID `client.CloudforceOne.ThreatEvents.Datasets.Raw(ctx, datasetID, eventID, query) (*ThreatEventDatasetRawResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/raw/{dataset_id}/{event_id}` Retrieves the raw data associated with an event. Searches across all shards in the dataset. ### Parameters - `datasetID string` Dataset ID. - `eventID string` Event ID. - `query ThreatEventDatasetRawParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventDatasetRawResponse struct{…}` - `ID float64` - `AccountID float64` - `Created string` - `Data string` - `Source string` - `TLP string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Datasets.Raw( context.TODO(), "dataset_id", "event_id", cloudforce_one.ThreatEventDatasetRawParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "id": 1, "accountId": 1234, "created": "1970-01-01T00:00:00.000Z", "data": "{\"foo\": \"bar\"}", "source": "https://example.com", "tlp": "amber" } ``` # Health # Indicator Types ## Lists all indicator types `client.CloudforceOne.ThreatEvents.IndicatorTypes.List(ctx, query) (*ThreatEventIndicatorTypeListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/indicatorTypes` This Method is deprecated. Please use /events/dataset/:dataset_id/indicatorTypes instead. ### Parameters - `query ThreatEventIndicatorTypeListParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventIndicatorTypeListResponse struct{…}` - `Items ThreatEventIndicatorTypeListResponseItems` - `Type string` - `Type string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) indicatorTypes, err := client.CloudforceOne.ThreatEvents.IndicatorTypes.List(context.TODO(), cloudforce_one.ThreatEventIndicatorTypeListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", indicatorTypes.Items) } ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` # Raw ## Reads data for a raw event `client.CloudforceOne.ThreatEvents.Raw.Get(ctx, eventID, rawID, query) (*ThreatEventRawGetResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}` Reads data for a raw event ### Parameters - `eventID string` Event UUID. - `rawID string` Raw Event UUID. - `query ThreatEventRawGetParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventRawGetResponse struct{…}` - `ID string` - `AccountID float64` - `Created string` - `Data unknown` - `Source string` - `TLP string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) raw, err := client.CloudforceOne.ThreatEvents.Raw.Get( context.TODO(), "event_id", "raw_id", cloudforce_one.ThreatEventRawGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", raw.ID) } ``` #### Response ```json { "id": "1234", "accountId": 1234, "created": "1970-01-01", "data": {}, "source": "https://example.com", "tlp": "amber" } ``` ## Updates a raw event `client.CloudforceOne.ThreatEvents.Raw.Edit(ctx, eventID, rawID, params) (*ThreatEventRawEditResponse, error)` **patch** `/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}` Updates a raw event ### Parameters - `eventID string` Event UUID. - `rawID string` Raw Event UUID. - `params ThreatEventRawEditParams` - `AccountID param.Field[string]` Path param: Account ID. - `Data param.Field[unknown]` Body param - `Source param.Field[string]` Body param - `TLP param.Field[string]` Body param ### Returns - `type ThreatEventRawEditResponse struct{…}` - `ID string` - `Data unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.CloudforceOne.ThreatEvents.Raw.Edit( context.TODO(), "event_id", "raw_id", cloudforce_one.ThreatEventRawEditParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "id": "1234", "data": {} } ``` # Relate ## Removes an event reference `client.CloudforceOne.ThreatEvents.Relate.Delete(ctx, eventID, body) (*ThreatEventRelateDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/events/relate/{event_id}` Removes an event reference ### Parameters - `eventID string` Event UUID. - `body ThreatEventRelateDeleteParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventRelateDeleteResponse struct{…}` - `Success bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) relate, err := client.CloudforceOne.ThreatEvents.Relate.Delete( context.TODO(), "event_id", cloudforce_one.ThreatEventRelateDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", relate.Success) } ``` #### Response ```json { "result": { "success": true }, "success": true } ``` # Tags ## Creates a new tag `client.CloudforceOne.ThreatEvents.Tags.New(ctx, params) (*ThreatEventTagNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/tags/create` Creates a new tag to be used accross threat events. ### Parameters - `params ThreatEventTagNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `Value param.Field[string]` Body param - `ActiveDuration param.Field[string]` Body param - `ActorCategory param.Field[string]` Body param - `AliasGroupNames param.Field[[]string]` Body param - `AliasGroupNamesInternal param.Field[[]string]` Body param - `AnalyticPriority param.Field[float64]` Body param - `AttributionConfidence param.Field[string]` Body param - `AttributionOrganization param.Field[string]` Body param - `CategoryUUID param.Field[string]` Body param - `ExternalReferenceLinks param.Field[[]string]` Body param - `InternalDescription param.Field[string]` Body param - `Motive param.Field[string]` Body param - `OpsecLevel param.Field[string]` Body param - `OriginCountryISO param.Field[string]` Body param - `Priority param.Field[float64]` Body param - `SophisticationLevel param.Field[string]` Body param ### Returns - `type ThreatEventTagNewResponse struct{…}` - `UUID string` - `Value string` - `ActiveDuration string` - `ActorCategory string` - `AliasGroupNames []string` - `AliasGroupNamesInternal []string` - `AnalyticPriority float64` - `AttributionConfidence string` - `AttributionOrganization string` - `CategoryName string` - `CategoryUUID string` - `ExternalReferenceLinks []string` - `InternalDescription string` - `Motive string` - `OpsecLevel string` - `OriginCountryISO string` - `Priority float64` - `SophisticationLevel string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) tag, err := client.CloudforceOne.ThreatEvents.Tags.New(context.TODO(), cloudforce_one.ThreatEventTagNewParams{ AccountID: cloudflare.F("account_id"), Value: cloudflare.F("APT28"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", tag.UUID) } ``` #### Response ```json { "uuid": "12345678-1234-1234-1234-1234567890ab", "value": "APT28", "activeDuration": "activeDuration", "actorCategory": "actorCategory", "aliasGroupNames": [ "string" ], "aliasGroupNamesInternal": [ "string" ], "analyticPriority": 0, "attributionConfidence": "attributionConfidence", "attributionOrganization": "attributionOrganization", "categoryName": "Nation State", "categoryUuid": "12345678-1234-1234-1234-1234567890ab", "externalReferenceLinks": [ "string" ], "internalDescription": "internalDescription", "motive": "motive", "opsecLevel": "opsecLevel", "originCountryISO": "originCountryISO", "priority": 0, "sophisticationLevel": "sophisticationLevel" } ``` # Event Tags ## Adds a tag to an event `client.CloudforceOne.ThreatEvents.EventTags.New(ctx, eventID, params) (*ThreatEventEventTagNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}/create` Adds a tag to an event ### Parameters - `eventID string` Event UUID. - `params ThreatEventEventTagNewParams` - `AccountID param.Field[string]` Path param: Account ID. - `Tags param.Field[[]string]` Body param ### Returns - `type ThreatEventEventTagNewResponse struct{…}` - `Success bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) eventTag, err := client.CloudforceOne.ThreatEvents.EventTags.New( context.TODO(), "event_id", cloudforce_one.ThreatEventEventTagNewParams{ AccountID: cloudflare.F("account_id"), Tags: cloudflare.F([]string{"botnet"}), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", eventTag.Success) } ``` #### Response ```json { "result": { "success": true }, "success": true } ``` ## Removes a tag from an event `client.CloudforceOne.ThreatEvents.EventTags.Delete(ctx, eventID, body) (*ThreatEventEventTagDeleteResponse, error)` **delete** `/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}` Removes a tag from an event ### Parameters - `eventID string` Event UUID. - `body ThreatEventEventTagDeleteParams` - `AccountID param.Field[string]` Account ID. ### Returns - `type ThreatEventEventTagDeleteResponse struct{…}` - `Success bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) eventTag, err := client.CloudforceOne.ThreatEvents.EventTags.Delete( context.TODO(), "event_id", cloudforce_one.ThreatEventEventTagDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", eventTag.Success) } ``` #### Response ```json { "result": { "success": true }, "success": true } ``` # Target Industries ## Lists target industries across multiple datasets `client.CloudforceOne.ThreatEvents.TargetIndustries.List(ctx, params) (*ThreatEventTargetIndustryListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events/targetIndustries` Lists target industries across multiple datasets ### Parameters - `params ThreatEventTargetIndustryListParams` - `AccountID param.Field[string]` Path param: Account ID. - `DatasetIDs param.Field[[]string]` Query param: Array of dataset IDs to query target industries from. If not provided, uses the default dataset. ### Returns - `type ThreatEventTargetIndustryListResponse struct{…}` - `Items ThreatEventTargetIndustryListResponseItems` - `Type string` - `Type string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) targetIndustries, err := client.CloudforceOne.ThreatEvents.TargetIndustries.List(context.TODO(), cloudforce_one.ThreatEventTargetIndustryListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", targetIndustries.Items) } ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` # Insights