API Reference

Cloudforce One

Threat Events

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Creates a new event

client.CloudforceOne.ThreatEvents.New(ctx, params) (*ThreatEventNewResponse, error)

POST/accounts/{account_id}/cloudforce-one/events/create

To create a dataset, see the Create Dataset endpoint. When datasetId parameter is unspecified, it will be created in a default dataset named Cloudforce One Threat Events.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Cloudforce One WriteCloudforce One Read

ParametersExpand Collapse

params ThreatEventNewParams

PathAccountID param.Field[string]

Path param: Account ID.

Category param.Field[string]

Body param

Date param.Field[Time]

Body param

formatdate-time

Event param.Field[string]

Body param

Raw param.Field[ThreatEventNewParamsRaw]

Body param

Data map[string, unknown]

Source stringoptional

TLP stringoptional

TLP param.Field[string]

Body param

BodyAccountID param.Field[float64]optional

Body param

Attacker param.Field[string]optional

Body param

AttackerCountry param.Field[string]optional

Body param

DatasetID param.Field[string]optional

Body param

Indicator param.Field[string]optional

Body param

Indicators param.Field[[]ThreatEventNewParamsIndicator]optional

Body param: Array of indicators for this event. Supports multiple indicators per event for complex scenarios.

IndicatorType string

The type of indicator (e.g., DOMAIN, IP, JA3, HASH)

Value string

The indicator value (e.g., domain name, IP address, hash)

IndicatorType param.Field[string]optional

Body param

Insight param.Field[string]optional

Body param

Tags param.Field[[]string]optional

Body param

TargetCountry param.Field[string]optional

Body param

TargetIndustry param.Field[string]optional

Body param

ReturnsExpand Collapse

type ThreatEventNewResponse struct{…}

Attacker string

AttackerCountry string

Category string

DatasetID string

Date string

Event string

HasChildren bool

Indicator string

IndicatorType string

IndicatorTypeID float64

KillChain float64

MitreAttack []string

MitreCapec []string

NumReferenced float64

NumReferences float64

RawID string

Referenced []string

ReferencedIDs []float64

References []string

ReferencesIDs []float64

Tags []string

TargetCountry string

TargetIndustry string

TLP string

UUID string

Insight stringoptional

ReleasabilityID stringoptional

Creates a new event

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"
  "time"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/cloudforce_one"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  threatEvent, err := client.CloudforceOne.ThreatEvents.New(context.TODO(), cloudforce_one.ThreatEventNewParams{
    PathAccountID: cloudflare.F("account_id"),
    Category: cloudflare.F("Domain Resolution"),
    Date: cloudflare.F(time.Now()),
    Event: cloudflare.F("An attacker registered the domain domain.com"),
    Raw: cloudflare.F(cloudforce_one.ThreatEventNewParamsRaw{
      Data: cloudflare.F(map[string]interface{}{
      "foo": "bar",
      }),
    }),
    TLP: cloudflare.F("amber"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", threatEvent.UUID)
}

200 example

{
  "attacker": "Flying Yeti",
  "attackerCountry": "CN",
  "category": "Domain Resolution",
  "datasetId": "dataset-example-id",
  "date": "2022-04-01T00:00:00Z",
  "event": "An attacker registered the domain domain.com",
  "hasChildren": true,
  "indicator": "domain.com",
  "indicatorType": "domain",
  "indicatorTypeId": 5,
  "killChain": 0,
  "mitreAttack": [
    " "
  ],
  "mitreCapec": [
    " "
  ],
  "numReferenced": 0,
  "numReferences": 0,
  "rawId": "453gw34w3",
  "referenced": [
    " "
  ],
  "referencedIds": [
    0
  ],
  "references": [
    " "
  ],
  "referencesIds": [
    0
  ],
  "tags": [
    "malware"
  ],
  "targetCountry": "US",
  "targetIndustry": "Agriculture",
  "tlp": "amber",
  "uuid": "12345678-1234-1234-1234-1234567890ab",
  "insight": "insight",
  "releasabilityId": "releasabilityId"
}

Returns Examples

200 example

{
  "attacker": "Flying Yeti",
  "attackerCountry": "CN",
  "category": "Domain Resolution",
  "datasetId": "dataset-example-id",
  "date": "2022-04-01T00:00:00Z",
  "event": "An attacker registered the domain domain.com",
  "hasChildren": true,
  "indicator": "domain.com",
  "indicatorType": "domain",
  "indicatorTypeId": 5,
  "killChain": 0,
  "mitreAttack": [
    " "
  ],
  "mitreCapec": [
    " "
  ],
  "numReferenced": 0,
  "numReferences": 0,
  "rawId": "453gw34w3",
  "referenced": [
    " "
  ],
  "referencedIds": [
    0
  ],
  "references": [
    " "
  ],
  "referencesIds": [
    0
  ],
  "tags": [
    "malware"
  ],
  "targetCountry": "US",
  "targetIndustry": "Agriculture",
  "tlp": "amber",
  "uuid": "12345678-1234-1234-1234-1234567890ab",
  "insight": "insight",
  "releasabilityId": "releasabilityId"
}