## Creates a new event `client.CloudforceOne.ThreatEvents.New(ctx, params) (*ThreatEventNewResponse, error)` **post** `/accounts/{account_id}/cloudforce-one/events/create` To create a dataset, see the [`Create Dataset`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/create/) endpoint. When `datasetId` parameter is unspecified, it will be created in a default dataset named `Cloudforce One Threat Events`. ### Parameters - `params ThreatEventNewParams` - `PathAccountID param.Field[string]` Path param: Account ID. - `Category param.Field[string]` Body param - `Date param.Field[Time]` Body param - `Event param.Field[string]` Body param - `Raw param.Field[ThreatEventNewParamsRaw]` Body param - `Data map[string, unknown]` - `Source string` - `TLP string` - `TLP param.Field[string]` Body param - `BodyAccountID param.Field[float64]` Body param - `Attacker param.Field[string]` Body param - `AttackerCountry param.Field[string]` Body param - `DatasetID param.Field[string]` Body param - `Indicator param.Field[string]` Body param - `Indicators param.Field[[]ThreatEventNewParamsIndicator]` Body param: Array of indicators for this event. Supports multiple indicators per event for complex scenarios. - `IndicatorType string` The type of indicator (e.g., DOMAIN, IP, JA3, HASH) - `Value string` The indicator value (e.g., domain name, IP address, hash) - `IndicatorType param.Field[string]` Body param - `Insight param.Field[string]` Body param - `Tags param.Field[[]string]` Body param - `TargetCountry param.Field[string]` Body param - `TargetIndustry param.Field[string]` Body param ### Returns - `type ThreatEventNewResponse struct{…}` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvent, err := client.CloudforceOne.ThreatEvents.New(context.TODO(), cloudforce_one.ThreatEventNewParams{ PathAccountID: cloudflare.F("account_id"), Category: cloudflare.F("Domain Resolution"), Date: cloudflare.F(time.Now()), Event: cloudflare.F("An attacker registered the domain domain.com"), Raw: cloudflare.F(cloudforce_one.ThreatEventNewParamsRaw{ Data: cloudflare.F(map[string]interface{}{ "foo": "bar", }), }), TLP: cloudflare.F("amber"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvent.UUID) } ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ```