API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Cloudforce One

Cloudforce OneScans

Cloudforce OneScansResults

Get the Latest Scan Result

client.cloudforceOne.scans.results.get(stringconfigId, ResultGetParams { account_id } params, RequestOptionsoptions?): ResultGetResponse { 1.1.1.1 }

GET/accounts/{account_id}/cloudforce-one/scans/results/{config_id}

ModelsExpand Collapse

ScanResult { number, proto, status }

number?: number

proto?: string

status?: string

ResultGetResponse { 1.1.1.1 }

"1.1.1.1": Array<ScanResult { number, proto, status } >

number?: number

proto?: string

status?: string

Cloudforce OneScansConfig

List Scan Configs

client.cloudforceOne.scans.config.list(ConfigListParams { account_id } params, RequestOptionsoptions?): SinglePage<ConfigListResponse { id, account_id, frequency, 2 more } >

GET/accounts/{account_id}/cloudforce-one/scans/config

Create a new Scan Config

client.cloudforceOne.scans.config.create(ConfigCreateParams { account_id, ips, frequency, ports } params, RequestOptionsoptions?): ConfigCreateResponse { id, account_id, frequency, 2 more }

POST/accounts/{account_id}/cloudforce-one/scans/config

Update an existing Scan Config

client.cloudforceOne.scans.config.edit(stringconfigId, ConfigEditParams { account_id, frequency, ips, ports } params, RequestOptionsoptions?): ConfigEditResponse { id, account_id, frequency, 2 more }

PATCH/accounts/{account_id}/cloudforce-one/scans/config/{config_id}

Delete a Scan Config

client.cloudforceOne.scans.config.delete(stringconfigId, ConfigDeleteParams { account_id } params, RequestOptionsoptions?): ConfigDeleteResponse

DELETE/accounts/{account_id}/cloudforce-one/scans/config/{config_id}

ModelsExpand Collapse

ConfigListResponse { id, account_id, frequency, 2 more }

id: string

Defines the Config ID.

account_id: string

frequency: number

Defines the number of days between each scan (0 = One-off scan).

ips: Array<string>

Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000.

ports: Array<string>

Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports.

ConfigCreateResponse { id, account_id, frequency, 2 more }

id: string

Defines the Config ID.

account_id: string

frequency: number

Defines the number of days between each scan (0 = One-off scan).

ips: Array<string>

Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000.

ports: Array<string>

Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports.

ConfigEditResponse { id, account_id, frequency, 2 more }

id: string

Defines the Config ID.

account_id: string

frequency: number

Defines the number of days between each scan (0 = One-off scan).

ips: Array<string>

Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000.

ports: Array<string>

Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports.

ConfigDeleteResponse = unknown

Cloudforce OneBinary Storage

Retrieves a file from Binary Storage

client.cloudforceOne.binaryStorage.get(stringhash, BinaryStorageGetParams { account_id } params, RequestOptionsoptions?): void

GET/accounts/{account_id}/cloudforce-one/binary/{hash}

Posts a file to Binary Storage

client.cloudforceOne.binaryStorage.create(BinaryStorageCreateParams { account_id, file } params, RequestOptionsoptions?): BinaryStorageCreateResponse { content_type, md5, sha1, sha256 }

POST/accounts/{account_id}/cloudforce-one/binary

ModelsExpand Collapse

BinaryStorageCreateResponse { content_type, md5, sha1, sha256 }

content_type: string

md5: string

sha1: string

sha256: string

Cloudforce OneRequests

List Requests

client.cloudforceOne.requests.list(RequestListParams { account_id, page, per_page, 8 more } params, RequestOptionsoptions?): SinglePage<ListItem { id, created, priority, 9 more } >

POST/accounts/{account_id}/cloudforce-one/requests

Get a Request

client.cloudforceOne.requests.get(stringrequestId, RequestGetParams { account_id } params, RequestOptionsoptions?): Item { id, content, created, 10 more }

GET/accounts/{account_id}/cloudforce-one/requests/{request_id}

Create a New Request.

client.cloudforceOne.requests.create(RequestCreateParams { account_id, content, priority, 3 more } params, RequestOptionsoptions?): Item { id, content, created, 10 more }

POST/accounts/{account_id}/cloudforce-one/requests/new

Update a Request

client.cloudforceOne.requests.update(stringrequestId, RequestUpdateParams { account_id, content, priority, 3 more } params, RequestOptionsoptions?): Item { id, content, created, 10 more }

PUT/accounts/{account_id}/cloudforce-one/requests/{request_id}

Delete a Request

client.cloudforceOne.requests.delete(stringrequestId, RequestDeleteParams { account_id } params, RequestOptionsoptions?): RequestDeleteResponse { errors, messages, success }

DELETE/accounts/{account_id}/cloudforce-one/requests/{request_id}

Get Request Quota

client.cloudforceOne.requests.quota(RequestQuotaParams { account_id } params, RequestOptionsoptions?): Quota { anniversary_date, quarter_anniversary_date, quota, remaining }

GET/accounts/{account_id}/cloudforce-one/requests/quota

Get Request Types

client.cloudforceOne.requests.types(RequestTypesParams { account_id } params, RequestOptionsoptions?): SinglePage<RequestTypesResponse>

GET/accounts/{account_id}/cloudforce-one/requests/types

Get Request Priority, Status, and TLP constants

client.cloudforceOne.requests.constants(RequestConstantsParams { account_id } params, RequestOptionsoptions?): RequestConstants { priority, status, tlp }

GET/accounts/{account_id}/cloudforce-one/requests/constants

ModelsExpand Collapse

Item { id, content, created, 10 more }

id: string

UUID.

maxLength36

content: string

Request content.

created: string

formatdate-time

priority: string

formatdate-time

request: string

Requested information from request.

summary: string

Brief description of the request.

tlp: "clear" | "amber" | "amber-strict" | 2 more

The CISA defined Traffic Light Protocol (TLP).

One of the following:

"clear"

"amber"

"amber-strict"

"green"

"red"

updated: string

formatdate-time

completed?: string

formatdate-time

message_tokens?: number

Tokens for the request messages.

readable_id?: string

Readable Request ID.

status?: "open" | "accepted" | "reported" | 3 more

Request Status.

One of the following:

"open"

"accepted"

"reported"

"approved"

"completed"

"declined"

tokens?: number

Tokens for the request.

ListItem { id, created, priority, 9 more }

id: string

UUID.

maxLength36

created: string

Request creation time.

formatdate-time

priority: "routine" | "high" | "urgent"

One of the following:

"routine"

"high"

"urgent"

request: string

Requested information from request.

summary: string

Brief description of the request.

tlp: "clear" | "amber" | "amber-strict" | 2 more

The CISA defined Traffic Light Protocol (TLP).

One of the following:

"clear"

"amber"

"amber-strict"

"green"

"red"

updated: string

Request last updated time.

formatdate-time

completed?: string

Request completion time.

formatdate-time

message_tokens?: number

Tokens for the request messages.

readable_id?: string

Readable Request ID.

status?: "open" | "accepted" | "reported" | 3 more

Request Status.

One of the following:

"open"

"accepted"

"reported"

"approved"

"completed"

"declined"

tokens?: number

Tokens for the request.

Quota { anniversary_date, quarter_anniversary_date, quota, remaining }

anniversary_date?: string

Anniversary date is when annual quota limit is refreshed.

formatdate-time

quarter_anniversary_date?: string

Quarter anniversary date is when quota limit is refreshed each quarter.

formatdate-time

quota?: number

Tokens for the quarter.

remaining?: number

Tokens remaining for the quarter.

RequestConstants { priority, status, tlp }

priority?: Array<"routine" | "high" | "urgent">

One of the following:

"routine"

"high"

"urgent"

status?: Array<"open" | "accepted" | "reported" | 3 more>

One of the following:

"open"

"accepted"

"reported"

"approved"

"completed"

"declined"

tlp?: Array<"clear" | "amber" | "amber-strict" | 2 more>

One of the following:

"clear"

"amber"

"amber-strict"

"green"

"red"

RequestTypes = Array<RequestTypesResponse>

RequestDeleteResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.

RequestTypesResponse = string

Request Types.

Cloudforce OneRequestsMessage

List Request Messages

client.cloudforceOne.requests.message.get(stringrequestId, MessageGetParams { account_id, page, per_page, 4 more } params, RequestOptionsoptions?): SinglePage<Message { id, author, content, 3 more } >

POST/accounts/{account_id}/cloudforce-one/requests/{request_id}/message

Create a New Request Message

client.cloudforceOne.requests.message.create(stringrequestId, MessageCreateParams { account_id, content } params, RequestOptionsoptions?): Message { id, author, content, 3 more }

POST/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/new

Update a Request Message

client.cloudforceOne.requests.message.update(stringrequestId, numbermessageId, MessageUpdateParams { account_id, content } params, RequestOptionsoptions?): Message { id, author, content, 3 more }

PUT/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/{message_id}

Delete a Request Message

client.cloudforceOne.requests.message.delete(stringrequestId, numbermessageId, MessageDeleteParams { account_id } params, RequestOptionsoptions?): MessageDeleteResponse { errors, messages, success }

DELETE/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/{message_id}

ModelsExpand Collapse

Message { id, author, content, 3 more }

id: number

Message ID.

author: string

Author of message.

content: string

Content of message.

is_follow_on_request: boolean

Whether the message is a follow-on request.

updated: string

Defines the message last updated time.

formatdate-time

created?: string

Defines the message creation time.

formatdate-time

MessageDeleteResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.

Cloudforce OneRequestsPriority

Get a Priority Intelligence Requirement

client.cloudforceOne.requests.priority.get(stringpriorityId, PriorityGetParams { account_id } params, RequestOptionsoptions?): Item { id, content, created, 10 more }

GET/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}

Create a New Priority Intelligence Requirement

client.cloudforceOne.requests.priority.create(PriorityCreateParams { account_id, labels, priority, 2 more } params, RequestOptionsoptions?): Priority { id, created, labels, 4 more }

POST/accounts/{account_id}/cloudforce-one/requests/priority/new

Update a Priority Intelligence Requirement

client.cloudforceOne.requests.priority.update(stringpriorityId, PriorityUpdateParams { account_id, labels, priority, 2 more } params, RequestOptionsoptions?): Item { id, content, created, 10 more }

PUT/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}

Delete a Priority Intelligence Requirement

client.cloudforceOne.requests.priority.delete(stringpriorityId, PriorityDeleteParams { account_id } params, RequestOptionsoptions?): PriorityDeleteResponse { errors, messages, success }

DELETE/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}

Get Priority Intelligence Requirement Quota

client.cloudforceOne.requests.priority.quota(PriorityQuotaParams { account_id } params, RequestOptionsoptions?): Quota { anniversary_date, quarter_anniversary_date, quota, remaining }

GET/accounts/{account_id}/cloudforce-one/requests/priority/quota

ModelsExpand Collapse

Label = string

Priority { id, created, labels, 4 more }

id: string

UUID.

maxLength36

created: string

Priority creation time.

formatdate-time

labels: Array<Label>

List of labels.

priority: number

Priority.

requirement: string

Requirement.

tlp: "clear" | "amber" | "amber-strict" | 2 more

The CISA defined Traffic Light Protocol (TLP).

One of the following:

"clear"

"amber"

"amber-strict"

"green"

"red"

updated: string

Priority last updated time.

formatdate-time

PriorityEdit { labels, priority, requirement, tlp }

labels: Array<Label>

List of labels.

priority: number

Priority.

requirement: string

Requirement.

tlp: "clear" | "amber" | "amber-strict" | 2 more

The CISA defined Traffic Light Protocol (TLP).

One of the following:

"clear"

"amber"

"amber-strict"

"green"

"red"

PriorityDeleteResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.

Cloudforce OneRequestsAssets

Get a Request Asset

client.cloudforceOne.requests.assets.get(stringrequestId, stringassetId, AssetGetParams { account_id } params, RequestOptionsoptions?): SinglePage<AssetGetResponse { id, name, created, 2 more } >

GET/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}

List Request Assets

client.cloudforceOne.requests.assets.create(stringrequestId, AssetCreateParams { account_id, page, per_page } params, RequestOptionsoptions?): SinglePage<AssetCreateResponse { id, name, created, 2 more } >

POST/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset

Update a Request Asset

client.cloudforceOne.requests.assets.update(stringrequestId, stringassetId, AssetUpdateParams { account_id, source } params, RequestOptionsoptions?): AssetUpdateResponse { id, name, created, 2 more }

PUT/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}

Delete a Request Asset

client.cloudforceOne.requests.assets.delete(stringrequestId, stringassetId, AssetDeleteParams { account_id } params, RequestOptionsoptions?): AssetDeleteResponse { errors, messages, success }

DELETE/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}

ModelsExpand Collapse

AssetGetResponse { id, name, created, 2 more }

id: number

Asset ID.

name: string

Asset name.

created?: string

Defines the asset creation time.

formatdate-time

description?: string

Asset description.

file_type?: string

Asset file type.

AssetCreateResponse { id, name, created, 2 more }

id: number

Asset ID.

name: string

Asset name.

created?: string

Defines the asset creation time.

formatdate-time

description?: string

Asset description.

file_type?: string

Asset file type.

AssetUpdateResponse { id, name, created, 2 more }

id: number

Asset ID.

name: string

Asset name.

created?: string

Defines the asset creation time.

formatdate-time

description?: string

Asset description.

file_type?: string

Asset file type.

AssetDeleteResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.

Cloudforce OneThreat Events

Filter and list events

client.cloudforceOne.threatEvents.list(ThreatEventListParams { account_id, cursor, datasetId, 7 more } params, RequestOptionsoptions?): ThreatEventListResponse { attacker, attackerCountry, category, 24 more }

GET/accounts/{account_id}/cloudforce-one/events

Reads an event

Deprecated

client.cloudforceOne.threatEvents.get(stringeventId, ThreatEventGetParams { account_id } params, RequestOptionsoptions?): ThreatEventGetResponse { attacker, attackerCountry, category, 24 more }

GET/accounts/{account_id}/cloudforce-one/events/{event_id}

Creates a new event

client.cloudforceOne.threatEvents.create(ThreatEventCreateParams { account_id, category, date, 14 more } params, RequestOptionsoptions?): ThreatEventCreateResponse { attacker, attackerCountry, category, 24 more }

POST/accounts/{account_id}/cloudforce-one/events/create

Updates an event

client.cloudforceOne.threatEvents.edit(stringeventId, ThreatEventEditParams { account_id, datasetId, attacker, 12 more } params, RequestOptionsoptions?): ThreatEventEditResponse { attacker, attackerCountry, category, 24 more }

PATCH/accounts/{account_id}/cloudforce-one/events/{event_id}

Creates bulk events

client.cloudforceOne.threatEvents.bulkCreate(ThreatEventBulkCreateParams { account_id, data, datasetId, includeCreatedEvents } params, RequestOptionsoptions?): ThreatEventBulkCreateResponse { createdEventsCount, createdTagsCount, errorCount, 4 more }

POST/accounts/{account_id}/cloudforce-one/events/create/bulk

ModelsExpand Collapse

ThreatEventListResponse = Array<ThreatEventListResponseItem>

attacker: string

attackerCountry: string

category: string

datasetId: string

date: string

event: string

hasChildren: boolean

indicator: string

indicatorType: string

indicatorTypeId: number

killChain: number

mitreAttack: Array<string>

mitreCapec: Array<string>

numReferenced: number

numReferences: number

rawId: string

referenced: Array<string>

referencedIds: Array<number>

references: Array<string>

referencesIds: Array<number>

tags: Array<string>

targetCountry: string

targetIndustry: string

tlp: string

uuid: string

insight?: string

releasabilityId?: string

ThreatEventGetResponse { attacker, attackerCountry, category, 24 more }

attacker: string

attackerCountry: string

category: string

datasetId: string

date: string

event: string

hasChildren: boolean

indicator: string

indicatorType: string

indicatorTypeId: number

killChain: number

mitreAttack: Array<string>

mitreCapec: Array<string>

numReferenced: number

numReferences: number

rawId: string

referenced: Array<string>

referencedIds: Array<number>

references: Array<string>

referencesIds: Array<number>

tags: Array<string>

targetCountry: string

targetIndustry: string

tlp: string

uuid: string

insight?: string

releasabilityId?: string

ThreatEventCreateResponse { attacker, attackerCountry, category, 24 more }

attacker: string

attackerCountry: string

category: string

datasetId: string

date: string

event: string

hasChildren: boolean

indicator: string

indicatorType: string

indicatorTypeId: number

killChain: number

mitreAttack: Array<string>

mitreCapec: Array<string>

numReferenced: number

numReferences: number

rawId: string

referenced: Array<string>

referencedIds: Array<number>

references: Array<string>

referencesIds: Array<number>

tags: Array<string>

targetCountry: string

targetIndustry: string

tlp: string

uuid: string

insight?: string

releasabilityId?: string

ThreatEventEditResponse { attacker, attackerCountry, category, 24 more }

attacker: string

attackerCountry: string

category: string

datasetId: string

date: string

event: string

hasChildren: boolean

indicator: string

indicatorType: string

indicatorTypeId: number

killChain: number

mitreAttack: Array<string>

mitreCapec: Array<string>

numReferenced: number

numReferences: number

rawId: string

referenced: Array<string>

referencedIds: Array<number>

references: Array<string>

referencesIds: Array<number>

tags: Array<string>

targetCountry: string

targetIndustry: string

tlp: string

uuid: string

insight?: string

releasabilityId?: string

ThreatEventBulkCreateResponse { createdEventsCount, createdTagsCount, errorCount, 4 more }

Detailed result of bulk event creation with auto-tag management

createdEventsCount: number

Number of events created

createdTagsCount: number

Number of new tags created in SoT

errorCount: number

Number of errors encountered

queuedIndicatorsCount: number

Number of indicators queued for async processing

createBulkEventsRequestId?: string

Correlation ID for async indicator processing

formatuuid

createdEvents?: Array<CreatedEvent>

Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true

eventIndex: number

Original index in the input data array

shardId: string

Dataset ID of the shard where the event was created

uuid: string

UUID of the created event

formatuuid

errors?: Array<Error>

Array of error details

error: string

Error message

eventIndex: number

Index of the event that caused the error

Cloudforce OneThreat EventsAttackers

Lists attackers across multiple datasets

client.cloudforceOne.threatEvents.attackers.list(AttackerListParams { account_id, datasetIds } params, RequestOptionsoptions?): AttackerListResponse { items, type }

GET/accounts/{account_id}/cloudforce-one/events/attackers

ModelsExpand Collapse

AttackerListResponse { items, type }

items: Items { type }

type: string

type: string

Cloudforce OneThreat EventsCategories

Lists categories across multiple datasets

client.cloudforceOne.threatEvents.categories.list(CategoryListParams { account_id, datasetIds } params, RequestOptionsoptions?): CategoryListResponse { killChain, name, uuid, 3 more }

GET/accounts/{account_id}/cloudforce-one/events/categories

Reads a category

client.cloudforceOne.threatEvents.categories.get(stringcategoryId, CategoryGetParams { account_id } params, RequestOptionsoptions?): CategoryGetResponse { killChain, name, uuid, 3 more }

GET/accounts/{account_id}/cloudforce-one/events/categories/{category_id}

Creates a new category

client.cloudforceOne.threatEvents.categories.create(CategoryCreateParams { account_id, killChain, name, 3 more } params, RequestOptionsoptions?): CategoryCreateResponse { killChain, name, uuid, 3 more }

POST/accounts/{account_id}/cloudforce-one/events/categories/create

Updates a category

client.cloudforceOne.threatEvents.categories.edit(stringcategoryId, CategoryEditParams { account_id, killChain, mitreAttack, 3 more } params, RequestOptionsoptions?): CategoryEditResponse { killChain, name, uuid, 3 more }

PATCH/accounts/{account_id}/cloudforce-one/events/categories/{category_id}

Deletes a category

client.cloudforceOne.threatEvents.categories.delete(stringcategoryId, CategoryDeleteParams { account_id } params, RequestOptionsoptions?): CategoryDeleteResponse { uuid }

DELETE/accounts/{account_id}/cloudforce-one/events/categories/{category_id}

ModelsExpand Collapse

CategoryListResponse = Array<CategoryListResponseItem>

killChain: number

name: string

uuid: string

mitreAttack?: Array<string>

mitreCapec?: Array<string>

shortname?: string

CategoryGetResponse { killChain, name, uuid, 3 more }

killChain: number

name: string

uuid: string

mitreAttack?: Array<string>

mitreCapec?: Array<string>

shortname?: string

CategoryCreateResponse { killChain, name, uuid, 3 more }

killChain: number

name: string

uuid: string

mitreAttack?: Array<string>

mitreCapec?: Array<string>

shortname?: string

CategoryEditResponse { killChain, name, uuid, 3 more }

killChain: number

name: string

uuid: string

mitreAttack?: Array<string>

mitreCapec?: Array<string>

shortname?: string

CategoryDeleteResponse { uuid }

uuid: string

Cloudforce OneThreat EventsCountries

Retrieves countries information for all countries

client.cloudforceOne.threatEvents.countries.list(CountryListParams { account_id } params, RequestOptionsoptions?): CountryListResponse { result, success }

GET/accounts/{account_id}/cloudforce-one/events/countries

ModelsExpand Collapse

CountryListResponse = Array<CountryListResponseItem>

result: Array<Result>

alpha3: string

name: string

success: string

Cloudforce OneThreat EventsCrons

Cloudforce OneThreat EventsDatasets

Lists all datasets in an account

client.cloudforceOne.threatEvents.datasets.list(DatasetListParams { account_id } params, RequestOptionsoptions?): DatasetListResponse { isPublic, name, uuid }

GET/accounts/{account_id}/cloudforce-one/events/dataset

Reads a dataset

client.cloudforceOne.threatEvents.datasets.get(stringdatasetId, DatasetGetParams { account_id } params, RequestOptionsoptions?): DatasetGetResponse { isPublic, name, uuid }

GET/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}

Creates a dataset

client.cloudforceOne.threatEvents.datasets.create(DatasetCreateParams { account_id, isPublic, name } params, RequestOptionsoptions?): DatasetCreateResponse { isPublic, name, uuid }

POST/accounts/{account_id}/cloudforce-one/events/dataset/create

Updates an existing dataset

client.cloudforceOne.threatEvents.datasets.edit(stringdatasetId, DatasetEditParams { account_id, isPublic, name } params, RequestOptionsoptions?): DatasetEditResponse { isPublic, name, uuid }

PATCH/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}

Reads raw data for an event by UUID

client.cloudforceOne.threatEvents.datasets.raw(stringdatasetId, stringeventId, DatasetRawParams { account_id } params, RequestOptionsoptions?): DatasetRawResponse { id, accountId, created, 3 more }

GET/accounts/{account_id}/cloudforce-one/events/raw/{dataset_id}/{event_id}

ModelsExpand Collapse

DatasetListResponse = Array<DatasetListResponseItem>

isPublic: boolean

name: string

uuid: string

DatasetGetResponse { isPublic, name, uuid }

isPublic: boolean

name: string

uuid: string

DatasetCreateResponse { isPublic, name, uuid }

isPublic: boolean

name: string

uuid: string

DatasetEditResponse { isPublic, name, uuid }

isPublic: boolean

name: string

uuid: string

DatasetRawResponse { id, accountId, created, 3 more }

id: number

accountId: number

created: string

data: string

source: string

tlp: string

Cloudforce OneThreat EventsDatasetsHealth

Cloudforce OneThreat EventsIndicator Types

Lists all indicator types

Deprecated

client.cloudforceOne.threatEvents.indicatorTypes.list(IndicatorTypeListParams { account_id } params, RequestOptionsoptions?): IndicatorTypeListResponse { items, type }

GET/accounts/{account_id}/cloudforce-one/events/indicatorTypes

ModelsExpand Collapse

IndicatorTypeListResponse { items, type }

items: Items { type }

type: string

type: string

Cloudforce OneThreat EventsRaw

Reads data for a raw event

client.cloudforceOne.threatEvents.raw.get(stringeventId, stringrawId, RawGetParams { account_id } params, RequestOptionsoptions?): RawGetResponse { id, accountId, created, 3 more }

GET/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}

Updates a raw event

client.cloudforceOne.threatEvents.raw.edit(stringeventId, stringrawId, RawEditParams { account_id, data, source, tlp } params, RequestOptionsoptions?): RawEditResponse { id, data }

PATCH/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}

ModelsExpand Collapse

RawGetResponse { id, accountId, created, 3 more }

id: string

accountId: number

created: string

data: unknown

source: string

tlp: string

RawEditResponse { id, data }

id: string

data: unknown

Cloudforce OneThreat EventsRelate

Removes an event reference

client.cloudforceOne.threatEvents.relate.delete(stringeventId, RelateDeleteParams { account_id } params, RequestOptionsoptions?): RelateDeleteResponse { success }

DELETE/accounts/{account_id}/cloudforce-one/events/relate/{event_id}

ModelsExpand Collapse

RelateDeleteResponse { success }

success: boolean

Cloudforce OneThreat EventsTags

Creates a new tag

client.cloudforceOne.threatEvents.tags.create(TagCreateParams { account_id, value, activeDuration, 14 more } params, RequestOptionsoptions?): TagCreateResponse { uuid, value, activeDuration, 15 more }

POST/accounts/{account_id}/cloudforce-one/events/tags/create

ModelsExpand Collapse

TagCreateResponse { uuid, value, activeDuration, 15 more }

uuid: string

value: string

activeDuration?: string

actorCategory?: string

aliasGroupNames?: Array<string>

aliasGroupNamesInternal?: Array<string>

analyticPriority?: number

attributionConfidence?: string

attributionOrganization?: string

categoryName?: string

categoryUuid?: string

externalReferenceLinks?: Array<string>

internalDescription?: string

motive?: string

opsecLevel?: string

originCountryISO?: string

priority?: number

sophisticationLevel?: string

Cloudforce OneThreat EventsEvent Tags

Adds a tag to an event

client.cloudforceOne.threatEvents.eventTags.create(stringeventId, EventTagCreateParams { account_id, tags } params, RequestOptionsoptions?): EventTagCreateResponse { success }

POST/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}/create

Removes a tag from an event

client.cloudforceOne.threatEvents.eventTags.delete(stringeventId, EventTagDeleteParams { account_id } params, RequestOptionsoptions?): EventTagDeleteResponse { success }

DELETE/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}

ModelsExpand Collapse

EventTagCreateResponse { success }

success: boolean

EventTagDeleteResponse { success }

success: boolean

Cloudforce OneThreat EventsTarget Industries

Lists target industries across multiple datasets

client.cloudforceOne.threatEvents.targetIndustries.list(TargetIndustryListParams { account_id, datasetIds } params, RequestOptionsoptions?): TargetIndustryListResponse { items, type }

GET/accounts/{account_id}/cloudforce-one/events/targetIndustries

ModelsExpand Collapse

TargetIndustryListResponse { items, type }

items: Items { type }

type: string

type: string

Cloudforce OneThreat EventsInsights