# Intel # ASN ## Get ASN Overview. `client.Intel.ASN.Get(ctx, asn, query) (*ASN, error)` **get** `/accounts/{account_id}/intel/asn/{asn}` Gets an overview of the Autonomous System Number (ASN) and a list of subnets for it. ### Parameters - `ASN ASN` - `query ASNGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type ASN int64` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) asn, err := client.Intel.ASN.Get( context.TODO(), int64(0), intel.ASNGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", asn) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": 0 } ``` # Subnets ## Get ASN Subnets `client.Intel.ASN.Subnets.Get(ctx, asn, query) (*ASNSubnetGetResponse, error)` **get** `/accounts/{account_id}/intel/asn/{asn}/subnets` Get ASN Subnets. ### Parameters - `ASN ASN` - `query ASNSubnetGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type ASNSubnetGetResponse struct{…}` - `ASN ASN` - `Count float64` Total results returned based on your search parameters. - `IPCountTotal int64` - `Page float64` Current page within paginated list of results. - `PerPage float64` Number of results per page of results. - `Subnets []string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) subnet, err := client.Intel.ASN.Subnets.Get( context.TODO(), int64(0), intel.ASNSubnetGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", subnet.ASN) } ``` #### Response ```json { "asn": 0, "count": 1, "ip_count_total": 0, "page": 1, "per_page": 20, "subnets": [ "192.0.2.0/24", "2001:DB8::/32" ] } ``` # DNS ## Get Passive DNS by IP `client.Intel.DNS.List(ctx, params) (*V4PagePagination[DNS], error)` **get** `/accounts/{account_id}/intel/dns` Gets a list of all the domains that have resolved to a specific IP address. ### Parameters - `params DNSListParams` - `AccountID param.Field[string]` Path param: Identifier. - `IPV4 param.Field[string]` Query param - `Page param.Field[float64]` Query param: Requested page within paginated list of results. - `PerPage param.Field[float64]` Query param: Maximum number of results requested. - `StartEndParams param.Field[DNSListParamsStartEndParams]` Query param - `End Time` Defaults to the current date. - `Start Time` Defaults to 30 days before the end parameter value. ### Returns - `type DNS struct{…}` - `Count float64` Total results returned based on your search parameters. - `Page float64` Current page within paginated list of results. - `PerPage float64` Number of results per page of results. - `ReverseRecords []DNSReverseRecord` Reverse DNS look-ups observed during the time period. - `FirstSeen Time` First seen date of the DNS record during the time period. - `Hostname string` Hostname that the IP was observed resolving to. - `LastSeen Time` Last seen date of the DNS record during the time period. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Intel.DNS.List(context.TODO(), intel.DNSListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "count": 1, "page": 1, "per_page": 20, "reverse_records": [ { "first_seen": "2021-04-01", "hostname": "hostname", "last_seen": "2021-04-30" } ] }, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### DNS - `type DNS struct{…}` - `Count float64` Total results returned based on your search parameters. - `Page float64` Current page within paginated list of results. - `PerPage float64` Number of results per page of results. - `ReverseRecords []DNSReverseRecord` Reverse DNS look-ups observed during the time period. - `FirstSeen Time` First seen date of the DNS record during the time period. - `Hostname string` Hostname that the IP was observed resolving to. - `LastSeen Time` Last seen date of the DNS record during the time period. # Domains ## Get Domain Details `client.Intel.Domains.Get(ctx, params) (*Domain, error)` **get** `/accounts/{account_id}/intel/domain` Gets security details and statistics about a domain. ### Parameters - `params DomainGetParams` - `AccountID param.Field[string]` Path param: Identifier. - `Domain param.Field[string]` Query param ### Returns - `type Domain struct{…}` - `AdditionalInformation DomainAdditionalInformation` Additional information related to the host name. - `SuspectedMalwareFamily string` Suspected DGA malware family. - `Application DomainApplication` Application that the hostname belongs to. - `ID int64` - `Name string` - `ContentCategories []DomainContentCategory` - `ID int64` - `Name string` - `SuperCategoryID int64` - `Domain string` - `InheritedContentCategories []DomainInheritedContentCategory` - `ID int64` - `Name string` - `SuperCategoryID int64` - `InheritedFrom string` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `InheritedRiskTypes []DomainInheritedRiskType` - `ID int64` - `Name string` - `SuperCategoryID int64` - `PopularityRank int64` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `ResolvesToRefs []DomainResolvesToRef` Specifies a list of references to one or more IP addresses or domain names that the domain name currently resolves to. - `ID string` STIX 2.1 identifier: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html#_64yvzeku5a5c. - `Value string` IP address or domain name. - `RiskScore float64` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `RiskTypes []DomainRiskType` - `ID int64` - `Name string` - `SuperCategoryID int64` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) domain, err := client.Intel.Domains.Get(context.TODO(), intel.DomainGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", domain.AdditionalInformation) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "additional_information": { "suspected_malware_family": "" }, "application": { "id": 0, "name": "CLOUDFLARE" }, "content_categories": [ { "id": 155, "name": "Technology", "super_category_id": 26 } ], "domain": "cloudflare.com", "inherited_content_categories": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "inherited_from": "inherited_from", "inherited_risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "popularity_rank": 0, "resolves_to_refs": [ { "id": "ipv4-addr--baa568ec-6efe-5902-be55-0663833db537", "value": "192.0.2.0" } ], "risk_score": 0, "risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ] } } ``` ## Domain Types ### Domain - `type Domain struct{…}` - `AdditionalInformation DomainAdditionalInformation` Additional information related to the host name. - `SuspectedMalwareFamily string` Suspected DGA malware family. - `Application DomainApplication` Application that the hostname belongs to. - `ID int64` - `Name string` - `ContentCategories []DomainContentCategory` - `ID int64` - `Name string` - `SuperCategoryID int64` - `Domain string` - `InheritedContentCategories []DomainInheritedContentCategory` - `ID int64` - `Name string` - `SuperCategoryID int64` - `InheritedFrom string` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `InheritedRiskTypes []DomainInheritedRiskType` - `ID int64` - `Name string` - `SuperCategoryID int64` - `PopularityRank int64` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `ResolvesToRefs []DomainResolvesToRef` Specifies a list of references to one or more IP addresses or domain names that the domain name currently resolves to. - `ID string` STIX 2.1 identifier: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html#_64yvzeku5a5c. - `Value string` IP address or domain name. - `RiskScore float64` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `RiskTypes []DomainRiskType` - `ID int64` - `Name string` - `SuperCategoryID int64` # Bulks ## Get Multiple Domain Details `client.Intel.Domains.Bulks.Get(ctx, params) (*[]DomainBulkGetResponse, error)` **get** `/accounts/{account_id}/intel/domain/bulk` Same as summary. ### Parameters - `params DomainBulkGetParams` - `AccountID param.Field[string]` Path param: Identifier. - `Domain param.Field[[]string]` Query param: Accepts multiple values like `?domain=cloudflare.com&domain=example.com`. ### Returns - `type DomainBulkGetResponseEnvelopeResult []DomainBulkGetResponse` - `AdditionalInformation DomainBulkGetResponseAdditionalInformation` Additional information related to the host name. - `SuspectedMalwareFamily string` Suspected DGA malware family. - `Application DomainBulkGetResponseApplication` Application that the hostname belongs to. - `ID int64` - `Name string` - `ContentCategories []DomainBulkGetResponseContentCategory` - `ID int64` - `Name string` - `SuperCategoryID int64` - `Domain string` - `InheritedContentCategories []DomainBulkGetResponseInheritedContentCategory` - `ID int64` - `Name string` - `SuperCategoryID int64` - `InheritedFrom string` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `InheritedRiskTypes []DomainBulkGetResponseInheritedRiskType` - `ID int64` - `Name string` - `SuperCategoryID int64` - `PopularityRank int64` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `RiskScore float64` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `RiskTypes []DomainBulkGetResponseRiskType` - `ID int64` - `Name string` - `SuperCategoryID int64` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) bulks, err := client.Intel.Domains.Bulks.Get(context.TODO(), intel.DomainBulkGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", bulks) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "additional_information": { "suspected_malware_family": "" }, "application": { "id": 0, "name": "CLOUDFLARE" }, "content_categories": [ { "id": 155, "name": "Technology", "super_category_id": 26 } ], "domain": "cloudflare.com", "inherited_content_categories": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "inherited_from": "inherited_from", "inherited_risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "popularity_rank": 0, "risk_score": 0, "risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Domain History ## Get Domain History `client.Intel.DomainHistory.Get(ctx, params) (*[]DomainHistory, error)` **get** `/accounts/{account_id}/intel/domain-history` Gets historical security threat and content categories currently and previously assigned to a domain. ### Parameters - `params DomainHistoryGetParams` - `AccountID param.Field[string]` Path param: Identifier. - `Domain param.Field[string]` Query param ### Returns - `type DomainHistoryGetResponseEnvelopeResult []DomainHistory` - `Categorizations []DomainHistoryCategorization` - `Categories []DomainHistoryCategorizationsCategory` - `ID int64` - `Name string` - `End Time` - `Start Time` - `Domain string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) domainHistories, err := client.Intel.DomainHistory.Get(context.TODO(), intel.DomainHistoryGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", domainHistories) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "categorizations": [ { "categories": [ { "id": 155, "name": "Technology" } ], "end": "2021-04-30", "start": "2021-04-01" } ], "domain": "cloudflare.com" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Domain History - `type DomainHistory struct{…}` - `Categorizations []DomainHistoryCategorization` - `Categories []DomainHistoryCategorizationsCategory` - `ID int64` - `Name string` - `End Time` - `Start Time` - `Domain string` # IPs ## Get IP Overview `client.Intel.IPs.Get(ctx, params) (*[]IP, error)` **get** `/accounts/{account_id}/intel/ip` Gets the geolocation, ASN, infrastructure type of the ASN, and any security threat categories of an IP address. **Must provide ip query parameters.** For example, `/intel/ip?ipv4=1.1.1.1` or `/intel/ip?ipv6=2001:db8::1`. ### Parameters - `params IPGetParams` - `AccountID param.Field[string]` Path param: Identifier. - `IPV4 param.Field[string]` Query param - `IPV6 param.Field[string]` Query param ### Returns - `type IPGetResponseEnvelopeResult []IP` - `BelongsToRef IPBelongsToRef` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `ID string` - `Country string` - `Description string` - `Type IPBelongsToRefType` Infrastructure type of this ASN. - `const IPBelongsToRefTypeHostingProvider IPBelongsToRefType = "hosting_provider"` - `const IPBelongsToRefTypeISP IPBelongsToRefType = "isp"` - `const IPBelongsToRefTypeOrganization IPBelongsToRefType = "organization"` - `Value string` - `IP string` - `RiskTypes []IPRiskType` - `ID float64` - `Name string` - `SuperCategoryID float64` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) ips, err := client.Intel.IPs.Get(context.TODO(), intel.IPGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", ips) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "belongs_to_ref": { "id": "autonomous-system--2fa28d71-3549-5a38-af05-770b79ad6ea8", "country": "US", "description": "CLOUDFLARENET", "type": "hosting_provider", "value": "value" }, "ip": "192.0.2.0", "risk_types": [ { "id": 131, "name": "Phishing", "super_category_id": 21 } ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### IP - `type IP struct{…}` - `BelongsToRef IPBelongsToRef` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `ID string` - `Country string` - `Description string` - `Type IPBelongsToRefType` Infrastructure type of this ASN. - `const IPBelongsToRefTypeHostingProvider IPBelongsToRefType = "hosting_provider"` - `const IPBelongsToRefTypeISP IPBelongsToRefType = "isp"` - `const IPBelongsToRefTypeOrganization IPBelongsToRefType = "organization"` - `Value string` - `IP string` - `RiskTypes []IPRiskType` - `ID float64` - `Name string` - `SuperCategoryID float64` # IP Lists ## Domain Types ### IP List - `type IPList struct{…}` - `ID int64` - `Description string` - `Name string` # Miscategorizations ## Create Miscategorization `client.Intel.Miscategorizations.New(ctx, params) (*MiscategorizationNewResponse, error)` **post** `/accounts/{account_id}/intel/miscategorization` Allows you to submit requests to change a domain’s category. ### Parameters - `params MiscategorizationNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `ContentAdds param.Field[[]int64]` Body param: Content category IDs to add. - `ContentRemoves param.Field[[]int64]` Body param: Content category IDs to remove. - `IndicatorType param.Field[MiscategorizationNewParamsIndicatorType]` Body param - `const MiscategorizationNewParamsIndicatorTypeDomain MiscategorizationNewParamsIndicatorType = "domain"` - `const MiscategorizationNewParamsIndicatorTypeIPV4 MiscategorizationNewParamsIndicatorType = "ipv4"` - `const MiscategorizationNewParamsIndicatorTypeIPV6 MiscategorizationNewParamsIndicatorType = "ipv6"` - `const MiscategorizationNewParamsIndicatorTypeURL MiscategorizationNewParamsIndicatorType = "url"` - `IP param.Field[string]` Body param: Provide only if indicator_type is `ipv4` or `ipv6`. - `SecurityAdds param.Field[[]int64]` Body param: Security category IDs to add. - `SecurityRemoves param.Field[[]int64]` Body param: Security category IDs to remove. - `URL param.Field[string]` Body param: Provide only if indicator_type is `domain` or `url`. Example if indicator_type is `domain`: `example.com`. Example if indicator_type is `url`: `https://example.com/news/`. ### Returns - `type MiscategorizationNewResponse struct{…}` - `Errors []MiscategorizationNewResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source MiscategorizationNewResponseErrorsSource` - `Pointer string` - `Messages []MiscategorizationNewResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source MiscategorizationNewResponseMessagesSource` - `Pointer string` - `Success MiscategorizationNewResponseSuccess` Whether the API call was successful. - `const MiscategorizationNewResponseSuccessTrue MiscategorizationNewResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) miscategorization, err := client.Intel.Miscategorizations.New(context.TODO(), intel.MiscategorizationNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", miscategorization.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` # Whois ## Get WHOIS Record `client.Intel.Whois.Get(ctx, params) (*WhoisGetResponse, error)` **get** `/accounts/{account_id}/intel/whois` Retrieves WHOIS registration data for a domain, including registrant and nameserver information. ### Parameters - `params WhoisGetParams` - `AccountID param.Field[string]` Path param: Use to uniquely identify or reference the resource. - `Domain param.Field[string]` Query param ### Returns - `type WhoisGetResponse struct{…}` - `DNSSEC bool` - `Domain string` - `Extension string` - `Found bool` - `Nameservers []string` - `Punycode string` - `Registrant string` - `Registrar string` - `ID string` - `AdministrativeCity string` - `AdministrativeCountry string` - `AdministrativeEmail string` - `AdministrativeFax string` - `AdministrativeFaxExt string` - `AdministrativeID string` - `AdministrativeName string` - `AdministrativeOrg string` - `AdministrativePhone string` - `AdministrativePhoneExt string` - `AdministrativePostalCode string` - `AdministrativeProvince string` - `AdministrativeReferralURL string` - `AdministrativeStreet string` - `BillingCity string` - `BillingCountry string` - `BillingEmail string` - `BillingFax string` - `BillingFaxExt string` - `BillingID string` - `BillingName string` - `BillingOrg string` - `BillingPhone string` - `BillingPhoneExt string` - `BillingPostalCode string` - `BillingProvince string` - `BillingReferralURL string` - `BillingStreet string` - `CreatedDate Time` - `CreatedDateRaw string` - `ExpirationDate Time` - `ExpirationDateRaw string` - `RegistrantCity string` - `RegistrantCountry string` - `RegistrantEmail string` - `RegistrantFax string` - `RegistrantFaxExt string` - `RegistrantID string` - `RegistrantName string` - `RegistrantOrg string` - `RegistrantPhone string` - `RegistrantPhoneExt string` - `RegistrantPostalCode string` - `RegistrantProvince string` - `RegistrantReferralURL string` - `RegistrantStreet string` - `RegistrarCity string` - `RegistrarCountry string` - `RegistrarEmail string` - `RegistrarFax string` - `RegistrarFaxExt string` - `RegistrarID string` - `RegistrarName string` - `RegistrarOrg string` - `RegistrarPhone string` - `RegistrarPhoneExt string` - `RegistrarPostalCode string` - `RegistrarProvince string` - `RegistrarReferralURL string` - `RegistrarStreet string` - `Status []string` - `TechnicalCity string` - `TechnicalCountry string` - `TechnicalEmail string` - `TechnicalFax string` - `TechnicalFaxExt string` - `TechnicalID string` - `TechnicalName string` - `TechnicalOrg string` - `TechnicalPhone string` - `TechnicalPhoneExt string` - `TechnicalPostalCode string` - `TechnicalProvince string` - `TechnicalReferralURL string` - `TechnicalStreet string` - `UpdatedDate Time` - `UpdatedDateRaw string` - `WhoisServer string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) whois, err := client.Intel.Whois.Get(context.TODO(), intel.WhoisGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", whois.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "dnssec": true, "domain": "cloudflare.com", "extension": "com", "found": true, "nameservers": [ "ns3.cloudflare.com", "ns4.cloudflare.com", "ns5.cloudflare.com", "ns6.cloudflare.com", "ns7.cloudflare.com" ], "punycode": "cloudflare.com", "registrant": "registrant", "registrar": "Cloudflare, Inc.", "id": "1542998887_DOMAIN_COM-VRSN", "administrative_city": "administrative_city", "administrative_country": "administrative_country", "administrative_email": "administrative_email", "administrative_fax": "administrative_fax", "administrative_fax_ext": "administrative_fax_ext", "administrative_id": "administrative_id", "administrative_name": "administrative_name", "administrative_org": "administrative_org", "administrative_phone": "administrative_phone", "administrative_phone_ext": "administrative_phone_ext", "administrative_postal_code": "administrative_postal_code", "administrative_province": "administrative_province", "administrative_referral_url": "administrative_referral_url", "administrative_street": "administrative_street", "billing_city": "billing_city", "billing_country": "billing_country", "billing_email": "billing_email", "billing_fax": "billing_fax", "billing_fax_ext": "billing_fax_ext", "billing_id": "billing_id", "billing_name": "billing_name", "billing_org": "billing_org", "billing_phone": "billing_phone", "billing_phone_ext": "billing_phone_ext", "billing_postal_code": "billing_postal_code", "billing_province": "billing_province", "billing_referral_url": "billing_referral_url", "billing_street": "billing_street", "created_date": "2009-02-17T22:07:54.000Z", "created_date_raw": "2009-02-17T22:07:54Z", "expiration_date": "2033-02-17T22:07:54.000Z", "expiration_date_raw": "2033-02-17T22:07:54Z", "registrant_city": "registrant_city", "registrant_country": "registrant_country", "registrant_email": "registrant_email", "registrant_fax": "registrant_fax", "registrant_fax_ext": "registrant_fax_ext", "registrant_id": "registrant_id", "registrant_name": "registrant_name", "registrant_org": "registrant_org", "registrant_phone": "registrant_phone", "registrant_phone_ext": "registrant_phone_ext", "registrant_postal_code": "registrant_postal_code", "registrant_province": "registrant_province", "registrant_referral_url": "registrant_referral_url", "registrant_street": "registrant_street", "registrar_city": "registrar_city", "registrar_country": "registrar_country", "registrar_email": "registrar_email", "registrar_fax": "registrar_fax", "registrar_fax_ext": "registrar_fax_ext", "registrar_id": "registrar_id", "registrar_name": "registrar_name", "registrar_org": "registrar_org", "registrar_phone": "registrar_phone", "registrar_phone_ext": "registrar_phone_ext", "registrar_postal_code": "registrar_postal_code", "registrar_province": "registrar_province", "registrar_referral_url": "registrar_referral_url", "registrar_street": "registrar_street", "status": [ "clientdeleteprohibited", "clienttransferprohibited", "clientupdateprohibited", "serverdeleteprohibited", "servertransferprohibited", "serverupdateprohibited" ], "technical_city": "technical_city", "technical_country": "technical_country", "technical_email": "technical_email", "technical_fax": "technical_fax", "technical_fax_ext": "technical_fax_ext", "technical_id": "technical_id", "technical_name": "technical_name", "technical_org": "technical_org", "technical_phone": "technical_phone", "technical_phone_ext": "technical_phone_ext", "technical_postal_code": "technical_postal_code", "technical_province": "technical_province", "technical_referral_url": "technical_referral_url", "technical_street": "technical_street", "updated_date": "2024-01-09T16:45:28.000Z", "updated_date_raw": "2024-01-09T16:45:28Z", "whois_server": "whois.cloudflare.com" } } ``` ## Domain Types ### Whois - `type Whois struct{…}` - `CreatedDate Time` - `Domain string` - `Nameservers []string` - `Registrant string` - `RegistrantCountry string` - `RegistrantEmail string` - `RegistrantOrg string` - `Registrar string` - `UpdatedDate Time` # Indicator Feeds ## Get indicator feeds owned by this account `client.Intel.IndicatorFeeds.List(ctx, query) (*SinglePage[IndicatorFeedListResponse], error)` **get** `/accounts/{account_id}/intel/indicator-feeds` Retrieves details for all accessible custom threat indicator feeds. ### Parameters - `query IndicatorFeedListParams` - `AccountID param.Field[string]` Identifier ### Returns - `type IndicatorFeedListResponse struct{…}` - `ID int64` The unique identifier for the indicator feed - `CreatedOn Time` The date and time when the data entry was created - `Description string` The description of the example test - `IsAttributable bool` Whether the indicator feed can be attributed to a provider - `IsDownloadable bool` Whether the indicator feed can be downloaded - `IsPublic bool` Whether the indicator feed is exposed to customers - `ModifiedOn Time` The date and time when the data entry was last modified - `Name string` The name of the indicator feed ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.Intel.IndicatorFeeds.List(context.TODO(), intel.IndicatorFeedListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "user specified description 1", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "user_specified_name_1" }, { "id": 2, "created_on": "2023-05-21T21:43:52.867525Z", "description": "User specified description 2", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-28T18:46:18.764425Z", "name": "user_specified_name_2" } ] } ``` ## Get indicator feed metadata `client.Intel.IndicatorFeeds.Get(ctx, feedID, query) (*IndicatorFeedGetResponse, error)` **get** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}` Retrieves details for a specific custom threat indicator feed. ### Parameters - `feedID int64` Indicator feed ID - `query IndicatorFeedGetParams` - `AccountID param.Field[string]` Identifier ### Returns - `type IndicatorFeedGetResponse struct{…}` - `ID int64` The unique identifier for the indicator feed - `CreatedOn Time` The date and time when the data entry was created - `Description string` The description of the example test - `IsAttributable bool` Whether the indicator feed can be attributed to a provider - `IsDownloadable bool` Whether the indicator feed can be downloaded - `IsPublic bool` Whether the indicator feed is exposed to customers - `LatestUploadStatus IndicatorFeedGetResponseLatestUploadStatus` Status of the latest snapshot uploaded - `const IndicatorFeedGetResponseLatestUploadStatusMirroring IndicatorFeedGetResponseLatestUploadStatus = "Mirroring"` - `const IndicatorFeedGetResponseLatestUploadStatusUnifying IndicatorFeedGetResponseLatestUploadStatus = "Unifying"` - `const IndicatorFeedGetResponseLatestUploadStatusLoading IndicatorFeedGetResponseLatestUploadStatus = "Loading"` - `const IndicatorFeedGetResponseLatestUploadStatusProvisioning IndicatorFeedGetResponseLatestUploadStatus = "Provisioning"` - `const IndicatorFeedGetResponseLatestUploadStatusComplete IndicatorFeedGetResponseLatestUploadStatus = "Complete"` - `const IndicatorFeedGetResponseLatestUploadStatusError IndicatorFeedGetResponseLatestUploadStatus = "Error"` - `ModifiedOn Time` The date and time when the data entry was last modified - `Name string` The name of the indicator feed - `ProviderID string` The unique identifier for the provider - `ProviderName string` The provider of the indicator feed ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) indicatorFeed, err := client.Intel.IndicatorFeeds.Get( context.TODO(), int64(12), intel.IndicatorFeedGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", indicatorFeed.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "latest_upload_status": "Complete", "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1", "provider_id": "provider_id", "provider_name": "provider_name" } } ``` ## Create new indicator feed `client.Intel.IndicatorFeeds.New(ctx, params) (*IndicatorFeedNewResponse, error)` **post** `/accounts/{account_id}/intel/indicator-feeds` Creates a new custom threat indicator feed for sharing threat intelligence data. ### Parameters - `params IndicatorFeedNewParams` - `AccountID param.Field[string]` Path param: Identifier - `Description param.Field[string]` Body param: The description of the example test - `Name param.Field[string]` Body param: The name of the indicator feed ### Returns - `type IndicatorFeedNewResponse struct{…}` - `ID int64` The unique identifier for the indicator feed - `CreatedOn Time` The date and time when the data entry was created - `Description string` The description of the example test - `IsAttributable bool` Whether the indicator feed can be attributed to a provider - `IsDownloadable bool` Whether the indicator feed can be downloaded - `IsPublic bool` Whether the indicator feed is exposed to customers - `ModifiedOn Time` The date and time when the data entry was last modified - `Name string` The name of the indicator feed ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) indicatorFeed, err := client.Intel.IndicatorFeeds.New(context.TODO(), intel.IndicatorFeedNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", indicatorFeed.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1" } } ``` ## Update indicator feed metadata `client.Intel.IndicatorFeeds.Update(ctx, feedID, params) (*IndicatorFeedUpdateResponse, error)` **put** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}` Revises details for a specific custom threat indicator feed. ### Parameters - `feedID int64` Indicator feed ID - `params IndicatorFeedUpdateParams` - `AccountID param.Field[string]` Path param: Identifier - `Description param.Field[string]` Body param: The new description of the feed - `IsAttributable param.Field[bool]` Body param: The new is_attributable value of the feed - `IsDownloadable param.Field[bool]` Body param: The new is_downloadable value of the feed - `IsPublic param.Field[bool]` Body param: The new is_public value of the feed - `Name param.Field[string]` Body param: The new name of the feed ### Returns - `type IndicatorFeedUpdateResponse struct{…}` - `ID int64` The unique identifier for the indicator feed - `CreatedOn Time` The date and time when the data entry was created - `Description string` The description of the example test - `IsAttributable bool` Whether the indicator feed can be attributed to a provider - `IsDownloadable bool` Whether the indicator feed can be downloaded - `IsPublic bool` Whether the indicator feed is exposed to customers - `ModifiedOn Time` The date and time when the data entry was last modified - `Name string` The name of the indicator feed ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) indicatorFeed, err := client.Intel.IndicatorFeeds.Update( context.TODO(), int64(12), intel.IndicatorFeedUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", indicatorFeed.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1" } } ``` ## Get indicator feed data `client.Intel.IndicatorFeeds.Data(ctx, feedID, query) (*string, error)` **get** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}/data` Retrieves the raw data entries in a custom threat indicator feed. ### Parameters - `feedID int64` Indicator feed ID - `query IndicatorFeedDataParams` - `AccountID param.Field[string]` Identifier ### Returns - `type IndicatorFeedDataResponse string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) response, err := client.Intel.IndicatorFeeds.Data( context.TODO(), int64(12), intel.IndicatorFeedDataParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` # Snapshots ## Update indicator feed data `client.Intel.IndicatorFeeds.Snapshots.Update(ctx, feedID, params) (*IndicatorFeedSnapshotUpdateResponse, error)` **put** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}/snapshot` Revises the raw data entries in a custom threat indicator feed. ### Parameters - `feedID int64` Indicator feed ID - `params IndicatorFeedSnapshotUpdateParams` - `AccountID param.Field[string]` Path param: Identifier - `Source param.Field[string]` Body param: The file to upload ### Returns - `type IndicatorFeedSnapshotUpdateResponse struct{…}` - `FileID int64` Feed id - `Filename string` Name of the file unified in our system - `Status string` Current status of upload, should be unified ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) snapshot, err := client.Intel.IndicatorFeeds.Snapshots.Update( context.TODO(), int64(12), intel.IndicatorFeedSnapshotUpdateParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", snapshot.FileID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "file_id": 1, "filename": "snapshot_file.unified", "status": "unified" } } ``` # Permissions ## List indicator feed permissions `client.Intel.IndicatorFeeds.Permissions.List(ctx, query) (*[]IndicatorFeedPermissionListResponse, error)` **get** `/accounts/{account_id}/intel/indicator-feeds/permissions/view` Lists current access permissions for custom threat indicator feeds. ### Parameters - `query IndicatorFeedPermissionListParams` - `AccountID param.Field[string]` Identifier ### Returns - `type IndicatorFeedPermissionListResponseEnvelopeResult []IndicatorFeedPermissionListResponse` - `ID int64` The unique identifier for the indicator feed - `Description string` The description of the example test - `IsAttributable bool` Whether the indicator feed can be attributed to a provider - `IsDownloadable bool` Whether the indicator feed can be downloaded - `IsPublic bool` Whether the indicator feed is exposed to customers - `Name string` The name of the indicator feed ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) permissions, err := client.Intel.IndicatorFeeds.Permissions.List(context.TODO(), intel.IndicatorFeedPermissionListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", permissions) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "description": "An important indicator list", "is_attributable": false, "is_downloadable": false, "is_public": false, "name": "indicator_list_1" }, { "id": 2, "description": "An even more important indicator list", "is_attributable": true, "is_downloadable": false, "is_public": true, "name": "indicator_list_2" } ] } ``` ## Grant permission to indicator feed `client.Intel.IndicatorFeeds.Permissions.New(ctx, params) (*IndicatorFeedPermissionNewResponse, error)` **put** `/accounts/{account_id}/intel/indicator-feeds/permissions/add` Grants access permissions for a custom threat indicator feed to other accounts. ### Parameters - `params IndicatorFeedPermissionNewParams` - `AccountID param.Field[string]` Path param: Identifier - `AccountTag param.Field[string]` Body param: The Cloudflare account tag of the account to change permissions on - `FeedID param.Field[int64]` Body param: The ID of the feed to add/remove permissions on ### Returns - `type IndicatorFeedPermissionNewResponse struct{…}` - `Success bool` Whether the update succeeded or not ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) permission, err := client.Intel.IndicatorFeeds.Permissions.New(context.TODO(), intel.IndicatorFeedPermissionNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", permission.Success) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "success": true } } ``` ## Revoke permission to indicator feed `client.Intel.IndicatorFeeds.Permissions.Delete(ctx, params) (*IndicatorFeedPermissionDeleteResponse, error)` **put** `/accounts/{account_id}/intel/indicator-feeds/permissions/remove` Revokes access permissions for a custom threat indicator feed. ### Parameters - `params IndicatorFeedPermissionDeleteParams` - `AccountID param.Field[string]` Path param: Identifier - `AccountTag param.Field[string]` Body param: The Cloudflare account tag of the account to change permissions on - `FeedID param.Field[int64]` Body param: The ID of the feed to add/remove permissions on ### Returns - `type IndicatorFeedPermissionDeleteResponse struct{…}` - `Success bool` Whether the update succeeded or not ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) permission, err := client.Intel.IndicatorFeeds.Permissions.Delete(context.TODO(), intel.IndicatorFeedPermissionDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", permission.Success) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "success": true } } ``` # Downloads # Sinkholes ## List sinkholes owned by this account `client.Intel.Sinkholes.List(ctx, query) (*SinglePage[Sinkhole], error)` **get** `/accounts/{account_id}/intel/sinkholes` List sinkholes owned by this account ### Parameters - `query SinkholeListParams` - `AccountID param.Field[string]` Identifier ### Returns - `type Sinkhole struct{…}` - `ID int64` The unique identifier for the sinkhole - `AccountTag string` The account tag that owns this sinkhole - `CreatedOn Time` The date and time when the sinkhole was created - `ModifiedOn Time` The date and time when the sinkhole was last modified - `Name string` The name of the sinkhole - `R2Bucket string` The name of the R2 bucket to store results - `R2ID string` The id of the R2 instance ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.Intel.Sinkholes.List(context.TODO(), intel.SinkholeListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "account_tag": "233f45e61fd1f7e21e1e154ede4q2859", "created_on": "2023-05-12T12:21:56.777653Z", "modified_on": "2023-06-18T03:13:34.123321Z", "name": "sinkhole_1", "r2_bucket": "my_bucket", "r2_id": "" }, { "id": 2, "account_tag": "233f45e61fd1f7e21e1e154ede4q2859", "created_on": "2023-05-21T21:43:52.867525Z", "modified_on": "2023-06-28T18:46:18.764425Z", "name": "sinkhole_1", "r2_bucket": "my_bucket", "r2_id": "" } ] } ``` ## Domain Types ### Sinkhole - `type Sinkhole struct{…}` - `ID int64` The unique identifier for the sinkhole - `AccountTag string` The account tag that owns this sinkhole - `CreatedOn Time` The date and time when the sinkhole was created - `ModifiedOn Time` The date and time when the sinkhole was last modified - `Name string` The name of the sinkhole - `R2Bucket string` The name of the R2 bucket to store results - `R2ID string` The id of the R2 instance # Attack Surface Report # Issue Types ## Retrieves Security Center Issues Types `client.Intel.AttackSurfaceReport.IssueTypes.Get(ctx, query) (*SinglePage[string], error)` **get** `/accounts/{account_id}/intel/attack-surface-report/issue-types` Lists all available issue types in Security Center, describing categories of security issues. ### Parameters - `query AttackSurfaceReportIssueTypeGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type AttackSurfaceReportIssueTypeGetResponseEnvelopeResult string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Intel.AttackSurfaceReport.IssueTypes.Get(context.TODO(), intel.AttackSurfaceReportIssueTypeGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ "string" ] } ``` # Issues ## Retrieves Security Center Issues `client.Intel.AttackSurfaceReport.Issues.List(ctx, params) (*V4PagePagination[AttackSurfaceReportIssueListResponse], error)` **get** `/accounts/{account_id}/intel/attack-surface-report/issues` Lists all Security Center issues for the account, showing active security problems requiring attention. ### Parameters - `params AttackSurfaceReportIssueListParams` - `AccountID param.Field[string]` Path param: Identifier. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Page param.Field[int64]` Query param: Specifies the current page within paginated list of results. - `PerPage param.Field[int64]` Query param: Sets the number of results per page of results. - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type AttackSurfaceReportIssueListResponse struct{…}` - `Count int64` Indicates the total number of results. - `Issues []AttackSurfaceReportIssueListResponseIssue` - `ID string` - `Dismissed bool` - `IssueClass string` - `IssueType IssueType` - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Payload AttackSurfaceReportIssueListResponseIssuesPayload` - `DetectionMethod string` Describes the method used to detect insight. - `ZoneTag string` - `ResolveLink string` - `ResolveText string` - `Severity AttackSurfaceReportIssueListResponseIssuesSeverity` - `const AttackSurfaceReportIssueListResponseIssuesSeverityLow AttackSurfaceReportIssueListResponseIssuesSeverity = "Low"` - `const AttackSurfaceReportIssueListResponseIssuesSeverityModerate AttackSurfaceReportIssueListResponseIssuesSeverity = "Moderate"` - `const AttackSurfaceReportIssueListResponseIssuesSeverityCritical AttackSurfaceReportIssueListResponseIssuesSeverity = "Critical"` - `Since Time` - `Subject string` - `Timestamp Time` - `Page int64` Specifies the current page within paginated list of results. - `PerPage int64` Sets the number of results per page of results. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Intel.AttackSurfaceReport.Issues.List(context.TODO(), intel.AttackSurfaceReportIssueListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "count": 1, "issues": [ { "id": "id", "dismissed": false, "issue_class": "always_use_https_not_enabled", "issue_type": "compliance_violation", "payload": { "detection_method": "We detected security rules referencing multiple IP addresses directly in the rules.", "zone_tag": "zone_tag" }, "resolve_link": "resolve_link", "resolve_text": "resolve_text", "severity": "Low", "since": "2019-12-27T18:11:19.117Z", "subject": "example.com", "timestamp": "2019-12-27T18:11:19.117Z" } ], "page": 1, "per_page": 25 } } ``` ## Retrieves Security Center Issue Counts by Class `client.Intel.AttackSurfaceReport.Issues.Class(ctx, params) (*[]AttackSurfaceReportIssueClassResponse, error)` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/class` Retrieves Security Center issue counts aggregated by classification class. ### Parameters - `params AttackSurfaceReportIssueClassParams` - `AccountID param.Field[string]` Path param: Identifier. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type AttackSurfaceReportIssueClassResponseEnvelopeResult []AttackSurfaceReportIssueClassResponse` - `Count int64` - `Value string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Intel.AttackSurfaceReport.Issues.Class(context.TODO(), intel.AttackSurfaceReportIssueClassParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Retrieves Security Center Issue Counts by Severity `client.Intel.AttackSurfaceReport.Issues.Severity(ctx, params) (*[]AttackSurfaceReportIssueSeverityResponse, error)` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/severity` Retrieves Security Center issue counts aggregated by severity level. ### Parameters - `params AttackSurfaceReportIssueSeverityParams` - `AccountID param.Field[string]` Path param: Identifier. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type AttackSurfaceReportIssueSeverityResponseEnvelopeResult []AttackSurfaceReportIssueSeverityResponse` - `Count int64` - `Value string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Intel.AttackSurfaceReport.Issues.Severity(context.TODO(), intel.AttackSurfaceReportIssueSeverityParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Retrieves Security Center Issue Counts by Type `client.Intel.AttackSurfaceReport.Issues.Type(ctx, params) (*[]AttackSurfaceReportIssueTypeResponse, error)` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/type` Retrieves Security Center issue counts aggregated by issue type. ### Parameters - `params AttackSurfaceReportIssueTypeParams` - `AccountID param.Field[string]` Path param: Identifier. - `Dismissed param.Field[bool]` Query param - `IssueClass param.Field[[]string]` Query param - `IssueClassNeq param.Field[[]string]` Query param - `IssueType param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `IssueTypeNeq param.Field[[]IssueType]` Query param - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` - `Product param.Field[[]string]` Query param - `ProductNeq param.Field[[]string]` Query param - `Severity param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `SeverityNeq param.Field[[]SeverityQueryParam]` Query param - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"` - `Subject param.Field[[]string]` Query param - `SubjectNeq param.Field[[]string]` Query param ### Returns - `type AttackSurfaceReportIssueTypeResponseEnvelopeResult []AttackSurfaceReportIssueTypeResponse` - `Count int64` - `Value string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Intel.AttackSurfaceReport.Issues.Type(context.TODO(), intel.AttackSurfaceReportIssueTypeParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Archives Security Center Insight `client.Intel.AttackSurfaceReport.Issues.Dismiss(ctx, issueID, params) (*AttackSurfaceReportIssueDismissResponse, error)` **put** `/accounts/{account_id}/intel/attack-surface-report/{issue_id}/dismiss` Deprecated endpoint for archiving Security Center insights. Use the newer archive-security-center-insight endpoint instead. ### Parameters - `issueID string` - `params AttackSurfaceReportIssueDismissParams` - `AccountID param.Field[string]` Path param: Identifier. - `Dismiss param.Field[bool]` Body param ### Returns - `type AttackSurfaceReportIssueDismissResponse struct{…}` - `Errors []AttackSurfaceReportIssueDismissResponseError` - `Code int64` - `Message string` - `DocumentationURL string` - `Source AttackSurfaceReportIssueDismissResponseErrorsSource` - `Pointer string` - `Messages []AttackSurfaceReportIssueDismissResponseMessage` - `Code int64` - `Message string` - `DocumentationURL string` - `Source AttackSurfaceReportIssueDismissResponseMessagesSource` - `Pointer string` - `Success AttackSurfaceReportIssueDismissResponseSuccess` Whether the API call was successful. - `const AttackSurfaceReportIssueDismissResponseSuccessTrue AttackSurfaceReportIssueDismissResponseSuccess = true` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/intel" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Intel.AttackSurfaceReport.Issues.Dismiss( context.TODO(), "issue_id", intel.AttackSurfaceReportIssueDismissParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.Errors) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Issue Type - `type IssueType string` - `const IssueTypeComplianceViolation IssueType = "compliance_violation"` - `const IssueTypeEmailSecurity IssueType = "email_security"` - `const IssueTypeExposedInfrastructure IssueType = "exposed_infrastructure"` - `const IssueTypeInsecureConfiguration IssueType = "insecure_configuration"` - `const IssueTypeWeakAuthentication IssueType = "weak_authentication"` - `const IssueTypeConfigurationSuggestion IssueType = "configuration_suggestion"` ### Severity Query Param - `type SeverityQueryParam string` - `const SeverityQueryParamLow SeverityQueryParam = "low"` - `const SeverityQueryParamModerate SeverityQueryParam = "moderate"` - `const SeverityQueryParamCritical SeverityQueryParam = "critical"`