Skip to content
Cloudflare API
Start here
API Reference
Cloudforce One

Threat Events

Filter and list events
client.cloudforceOne.threatEvents.list(ThreatEventListParams { account_id, cursor, datasetId, 7 more } params, RequestOptionsoptions?): ThreatEventListResponse { attacker, attackerCountry, category, 24 more }
GET/accounts/{account_id}/cloudforce-one/events
Reads an event
Deprecated
client.cloudforceOne.threatEvents.get(stringeventId, ThreatEventGetParams { account_id } params, RequestOptionsoptions?): ThreatEventGetResponse { attacker, attackerCountry, category, 24 more }
GET/accounts/{account_id}/cloudforce-one/events/{event_id}
Creates a new event
client.cloudforceOne.threatEvents.create(ThreatEventCreateParams { account_id, category, date, 14 more } params, RequestOptionsoptions?): ThreatEventCreateResponse { attacker, attackerCountry, category, 24 more }
POST/accounts/{account_id}/cloudforce-one/events/create
Updates an event
client.cloudforceOne.threatEvents.edit(stringeventId, ThreatEventEditParams { account_id, datasetId, attacker, 12 more } params, RequestOptionsoptions?): ThreatEventEditResponse { attacker, attackerCountry, category, 24 more }
PATCH/accounts/{account_id}/cloudforce-one/events/{event_id}
Creates bulk events
client.cloudforceOne.threatEvents.bulkCreate(ThreatEventBulkCreateParams { account_id, data, datasetId, includeCreatedEvents } params, RequestOptionsoptions?): ThreatEventBulkCreateResponse { createdEventsCount, createdTagsCount, errorCount, 4 more }
POST/accounts/{account_id}/cloudforce-one/events/create/bulk
ModelsExpand Collapse
ThreatEventListResponse = Array<ThreatEventListResponseItem>
attacker: string
attackerCountry: string
category: string
datasetId: string
date: string
event: string
hasChildren: boolean
indicator: string
indicatorType: string
indicatorTypeId: number
killChain: number
mitreAttack: Array<string>
mitreCapec: Array<string>
numReferenced: number
numReferences: number
rawId: string
referenced: Array<string>
referencedIds: Array<number>
references: Array<string>
referencesIds: Array<number>
tags: Array<string>
targetCountry: string
targetIndustry: string
tlp: string
uuid: string
insight?: string
releasabilityId?: string
ThreatEventGetResponse { attacker, attackerCountry, category, 24 more }
attacker: string
attackerCountry: string
category: string
datasetId: string
date: string
event: string
hasChildren: boolean
indicator: string
indicatorType: string
indicatorTypeId: number
killChain: number
mitreAttack: Array<string>
mitreCapec: Array<string>
numReferenced: number
numReferences: number
rawId: string
referenced: Array<string>
referencedIds: Array<number>
references: Array<string>
referencesIds: Array<number>
tags: Array<string>
targetCountry: string
targetIndustry: string
tlp: string
uuid: string
insight?: string
releasabilityId?: string
ThreatEventCreateResponse { attacker, attackerCountry, category, 24 more }
attacker: string
attackerCountry: string
category: string
datasetId: string
date: string
event: string
hasChildren: boolean
indicator: string
indicatorType: string
indicatorTypeId: number
killChain: number
mitreAttack: Array<string>
mitreCapec: Array<string>
numReferenced: number
numReferences: number
rawId: string
referenced: Array<string>
referencedIds: Array<number>
references: Array<string>
referencesIds: Array<number>
tags: Array<string>
targetCountry: string
targetIndustry: string
tlp: string
uuid: string
insight?: string
releasabilityId?: string
ThreatEventEditResponse { attacker, attackerCountry, category, 24 more }
attacker: string
attackerCountry: string
category: string
datasetId: string
date: string
event: string
hasChildren: boolean
indicator: string
indicatorType: string
indicatorTypeId: number
killChain: number
mitreAttack: Array<string>
mitreCapec: Array<string>
numReferenced: number
numReferences: number
rawId: string
referenced: Array<string>
referencedIds: Array<number>
references: Array<string>
referencesIds: Array<number>
tags: Array<string>
targetCountry: string
targetIndustry: string
tlp: string
uuid: string
insight?: string
releasabilityId?: string
ThreatEventBulkCreateResponse { createdEventsCount, createdTagsCount, errorCount, 4 more }

Detailed result of bulk event creation with auto-tag management

createdEventsCount: number

Number of events created

createdTagsCount: number

Number of new tags created in SoT

errorCount: number

Number of errors encountered

queuedIndicatorsCount: number

Number of indicators queued for async processing

createBulkEventsRequestId?: string

Correlation ID for async indicator processing

formatuuid
createdEvents?: Array<CreatedEvent>

Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true

eventIndex: number

Original index in the input data array

shardId: string

Dataset ID of the shard where the event was created

uuid: string

UUID of the created event

formatuuid
errors?: Array<Error>

Array of error details

error: string

Error message

eventIndex: number

Index of the event that caused the error

Threat EventsAttackers

Lists attackers across multiple datasets
client.cloudforceOne.threatEvents.attackers.list(AttackerListParams { account_id, datasetIds } params, RequestOptionsoptions?): AttackerListResponse { items, type }
GET/accounts/{account_id}/cloudforce-one/events/attackers
ModelsExpand Collapse
AttackerListResponse { items, type }
items: Items { type }
type: string
type: string

Threat EventsCategories

Lists categories across multiple datasets
client.cloudforceOne.threatEvents.categories.list(CategoryListParams { account_id, datasetIds } params, RequestOptionsoptions?): CategoryListResponse { killChain, name, uuid, 3 more }
GET/accounts/{account_id}/cloudforce-one/events/categories
Reads a category
client.cloudforceOne.threatEvents.categories.get(stringcategoryId, CategoryGetParams { account_id } params, RequestOptionsoptions?): CategoryGetResponse { killChain, name, uuid, 3 more }
GET/accounts/{account_id}/cloudforce-one/events/categories/{category_id}
Creates a new category
client.cloudforceOne.threatEvents.categories.create(CategoryCreateParams { account_id, killChain, name, 3 more } params, RequestOptionsoptions?): CategoryCreateResponse { killChain, name, uuid, 3 more }
POST/accounts/{account_id}/cloudforce-one/events/categories/create
Updates a category
client.cloudforceOne.threatEvents.categories.edit(stringcategoryId, CategoryEditParams { account_id, killChain, mitreAttack, 3 more } params, RequestOptionsoptions?): CategoryEditResponse { killChain, name, uuid, 3 more }
PATCH/accounts/{account_id}/cloudforce-one/events/categories/{category_id}
Deletes a category
client.cloudforceOne.threatEvents.categories.delete(stringcategoryId, CategoryDeleteParams { account_id } params, RequestOptionsoptions?): CategoryDeleteResponse { uuid }
DELETE/accounts/{account_id}/cloudforce-one/events/categories/{category_id}
ModelsExpand Collapse
CategoryListResponse = Array<CategoryListResponseItem>
killChain: number
name: string
uuid: string
mitreAttack?: Array<string>
mitreCapec?: Array<string>
shortname?: string
CategoryGetResponse { killChain, name, uuid, 3 more }
killChain: number
name: string
uuid: string
mitreAttack?: Array<string>
mitreCapec?: Array<string>
shortname?: string
CategoryCreateResponse { killChain, name, uuid, 3 more }
killChain: number
name: string
uuid: string
mitreAttack?: Array<string>
mitreCapec?: Array<string>
shortname?: string
CategoryEditResponse { killChain, name, uuid, 3 more }
killChain: number
name: string
uuid: string
mitreAttack?: Array<string>
mitreCapec?: Array<string>
shortname?: string
CategoryDeleteResponse { uuid }
uuid: string

Threat EventsCountries

Retrieves countries information for all countries
client.cloudforceOne.threatEvents.countries.list(CountryListParams { account_id } params, RequestOptionsoptions?): CountryListResponse { result, success }
GET/accounts/{account_id}/cloudforce-one/events/countries
ModelsExpand Collapse
CountryListResponse = Array<CountryListResponseItem>
result: Array<Result>
alpha3: string
name: string
success: string

Threat EventsCrons

Threat EventsDatasets

Lists all datasets in an account
client.cloudforceOne.threatEvents.datasets.list(DatasetListParams { account_id } params, RequestOptionsoptions?): DatasetListResponse { isPublic, name, uuid }
GET/accounts/{account_id}/cloudforce-one/events/dataset
Reads a dataset
client.cloudforceOne.threatEvents.datasets.get(stringdatasetId, DatasetGetParams { account_id } params, RequestOptionsoptions?): DatasetGetResponse { isPublic, name, uuid }
GET/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}
Creates a dataset
client.cloudforceOne.threatEvents.datasets.create(DatasetCreateParams { account_id, isPublic, name } params, RequestOptionsoptions?): DatasetCreateResponse { isPublic, name, uuid }
POST/accounts/{account_id}/cloudforce-one/events/dataset/create
Updates an existing dataset
client.cloudforceOne.threatEvents.datasets.edit(stringdatasetId, DatasetEditParams { account_id, isPublic, name } params, RequestOptionsoptions?): DatasetEditResponse { isPublic, name, uuid }
PATCH/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}
Reads raw data for an event by UUID
client.cloudforceOne.threatEvents.datasets.raw(stringdatasetId, stringeventId, DatasetRawParams { account_id } params, RequestOptionsoptions?): DatasetRawResponse { id, accountId, created, 3 more }
GET/accounts/{account_id}/cloudforce-one/events/raw/{dataset_id}/{event_id}
ModelsExpand Collapse
DatasetListResponse = Array<DatasetListResponseItem>
isPublic: boolean
name: string
uuid: string
DatasetGetResponse { isPublic, name, uuid }
isPublic: boolean
name: string
uuid: string
DatasetCreateResponse { isPublic, name, uuid }
isPublic: boolean
name: string
uuid: string
DatasetEditResponse { isPublic, name, uuid }
isPublic: boolean
name: string
uuid: string
DatasetRawResponse { id, accountId, created, 3 more }
id: number
accountId: number
created: string
data: string
source: string
tlp: string

Threat EventsDatasetsHealth

Threat EventsIndicator Types

Lists all indicator types
Deprecated
client.cloudforceOne.threatEvents.indicatorTypes.list(IndicatorTypeListParams { account_id } params, RequestOptionsoptions?): IndicatorTypeListResponse { items, type }
GET/accounts/{account_id}/cloudforce-one/events/indicatorTypes
ModelsExpand Collapse
IndicatorTypeListResponse { items, type }
items: Items { type }
type: string
type: string

Threat EventsRaw

Reads data for a raw event
client.cloudforceOne.threatEvents.raw.get(stringeventId, stringrawId, RawGetParams { account_id } params, RequestOptionsoptions?): RawGetResponse { id, accountId, created, 3 more }
GET/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}
Updates a raw event
client.cloudforceOne.threatEvents.raw.edit(stringeventId, stringrawId, RawEditParams { account_id, data, source, tlp } params, RequestOptionsoptions?): RawEditResponse { id, data }
PATCH/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}
ModelsExpand Collapse
RawGetResponse { id, accountId, created, 3 more }
id: string
accountId: number
created: string
data: unknown
source: string
tlp: string
RawEditResponse { id, data }
id: string
data: unknown

Threat EventsRelate

Removes an event reference
client.cloudforceOne.threatEvents.relate.delete(stringeventId, RelateDeleteParams { account_id } params, RequestOptionsoptions?): RelateDeleteResponse { success }
DELETE/accounts/{account_id}/cloudforce-one/events/relate/{event_id}
ModelsExpand Collapse
RelateDeleteResponse { success }
success: boolean

Threat EventsTags

Creates a new tag
client.cloudforceOne.threatEvents.tags.create(TagCreateParams { account_id, value, activeDuration, 14 more } params, RequestOptionsoptions?): TagCreateResponse { uuid, value, activeDuration, 15 more }
POST/accounts/{account_id}/cloudforce-one/events/tags/create
ModelsExpand Collapse
TagCreateResponse { uuid, value, activeDuration, 15 more }
uuid: string
value: string
activeDuration?: string
actorCategory?: string
aliasGroupNames?: Array<string>
aliasGroupNamesInternal?: Array<string>
analyticPriority?: number
attributionConfidence?: string
attributionOrganization?: string
categoryName?: string
categoryUuid?: string
internalDescription?: string
motive?: string
opsecLevel?: string
originCountryISO?: string
priority?: number
sophisticationLevel?: string

Threat EventsEvent Tags

Adds a tag to an event
client.cloudforceOne.threatEvents.eventTags.create(stringeventId, EventTagCreateParams { account_id, tags } params, RequestOptionsoptions?): EventTagCreateResponse { success }
POST/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}/create
Removes a tag from an event
client.cloudforceOne.threatEvents.eventTags.delete(stringeventId, EventTagDeleteParams { account_id } params, RequestOptionsoptions?): EventTagDeleteResponse { success }
DELETE/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}
ModelsExpand Collapse
EventTagCreateResponse { success }
success: boolean
EventTagDeleteResponse { success }
success: boolean

Threat EventsTarget Industries

Lists target industries across multiple datasets
client.cloudforceOne.threatEvents.targetIndustries.list(TargetIndustryListParams { account_id, datasetIds } params, RequestOptionsoptions?): TargetIndustryListResponse { items, type }
GET/accounts/{account_id}/cloudforce-one/events/targetIndustries
ModelsExpand Collapse
TargetIndustryListResponse { items, type }
items: Items { type }
type: string
type: string

Threat EventsInsights