## Filter and list events `client.CloudforceOne.ThreatEvents.List(ctx, params) (*[]ThreatEventListResponse, error)` **get** `/accounts/{account_id}/cloudforce-one/events` When `datasetId` is unspecified, events will be listed from the `Cloudforce One Threat Events` dataset. To list existing datasets (and their IDs), use the [`List Datasets`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/) endpoint). Also, must provide query parameters. ### Parameters - `params ThreatEventListParams` - `AccountID param.Field[string]` Path param: Account ID. - `Cursor param.Field[string]` Query param: Cursor for pagination. When provided, filters are embedded in the cursor so you only need to pass cursor and pageSize. Returned in the previous response's result_info.cursor field. Use cursor-based pagination for deep pagination (beyond 100,000 records) or for optimal performance. - `DatasetID param.Field[[]string]` Query param - `ForceRefresh param.Field[bool]` Query param - `Format param.Field[ThreatEventListParamsFormat]` Query param - `const ThreatEventListParamsFormatJson ThreatEventListParamsFormat = "json"` - `const ThreatEventListParamsFormatStix2 ThreatEventListParamsFormat = "stix2"` - `Order param.Field[ThreatEventListParamsOrder]` Query param - `const ThreatEventListParamsOrderAsc ThreatEventListParamsOrder = "asc"` - `const ThreatEventListParamsOrderDesc ThreatEventListParamsOrder = "desc"` - `OrderBy param.Field[string]` Query param - `Page param.Field[float64]` Query param: Page number (1-indexed) for offset-based pagination. Limited to offset of 100,000 records. For deep pagination, use cursor-based pagination instead. - `PageSize param.Field[float64]` Query param: Number of results per page. Maximum 25,000. - `Search param.Field[[]ThreatEventListParamsSearch]` Query param - `Field string` Event field to search on. Allowed: attacker, attackerCountry, category, createdAt, date, event, indicator, indicatorType, killChain, mitreAttack, tags, targetCountry, targetIndustry, tlp, uuid. - `Op ThreatEventListParamsSearchOp` Search operator. Use 'in' for bulk lookup of up to 100 values at once, e.g. {field:'tags', op:'in', value:['malware','apt']}. - `const ThreatEventListParamsSearchOpEquals ThreatEventListParamsSearchOp = "equals"` - `const ThreatEventListParamsSearchOpNot ThreatEventListParamsSearchOp = "not"` - `const ThreatEventListParamsSearchOpGt ThreatEventListParamsSearchOp = "gt"` - `const ThreatEventListParamsSearchOpGte ThreatEventListParamsSearchOp = "gte"` - `const ThreatEventListParamsSearchOpLt ThreatEventListParamsSearchOp = "lt"` - `const ThreatEventListParamsSearchOpLte ThreatEventListParamsSearchOp = "lte"` - `const ThreatEventListParamsSearchOpLike ThreatEventListParamsSearchOp = "like"` - `const ThreatEventListParamsSearchOpContains ThreatEventListParamsSearchOp = "contains"` - `const ThreatEventListParamsSearchOpStartsWith ThreatEventListParamsSearchOp = "startsWith"` - `const ThreatEventListParamsSearchOpEndsWith ThreatEventListParamsSearchOp = "endsWith"` - `const ThreatEventListParamsSearchOpIn ThreatEventListParamsSearchOp = "in"` - `const ThreatEventListParamsSearchOpFind ThreatEventListParamsSearchOp = "find"` - `Value ThreatEventListParamsSearchValueUnion` Search value. String or number for most operators. Array for 'in' operator (max 100 items). - `UnionString` - `UnionFloat` - `type ThreatEventListParamsSearchValueArray []ThreatEventListParamsSearchValueArrayUnion` - `UnionString` - `UnionFloat` ### Returns - `type ThreatEventListResponse []ThreatEventListResponse` - `Attacker string` - `AttackerCountry string` - `Category string` - `DatasetID string` - `Date string` - `Event string` - `HasChildren bool` - `Indicator string` - `IndicatorType string` - `IndicatorTypeID float64` - `KillChain float64` - `MitreAttack []string` - `MitreCapec []string` - `NumReferenced float64` - `NumReferences float64` - `RawID string` - `Referenced []string` - `ReferencedIDs []float64` - `References []string` - `ReferencesIDs []float64` - `Tags []string` - `TargetCountry string` - `TargetIndustry string` - `TLP string` - `UUID string` - `Insight string` - `ReleasabilityID string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/cloudforce_one" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) threatEvents, err := client.CloudforceOne.ThreatEvents.List(context.TODO(), cloudforce_one.ThreatEventListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", threatEvents) } ``` #### Response ```json [ { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ] ```