Skip to content
Cloudflare API
Start here
API Reference
Cloudforce One
Threat Events

Creates a new event

client.cloudforceOne.threatEvents.create(ThreatEventCreateParams { account_id, category, date, 14 more } params, RequestOptionsoptions?): ThreatEventCreateResponse { attacker, attackerCountry, category, 24 more }
POST/accounts/{account_id}/cloudforce-one/events/create

To create a dataset, see the Create Dataset endpoint. When datasetId parameter is unspecified, it will be created in a default dataset named Cloudforce One Threat Events.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
Accepted Permissions (at least one required)
Cloudforce One WriteCloudforce One Read
ParametersExpand Collapse
params: ThreatEventCreateParams { account_id, category, date, 14 more }
account_id: string

Path param: Account ID.

category: string

Body param

date: string

Body param

formatdate-time
event: string

Body param

raw: Raw

Body param

data: Record<string, unknown> | null
source?: string
tlp?: string
tlp: string

Body param

accountId?: number

Body param

attacker?: string | null

Body param

attackerCountry?: string

Body param

datasetId?: string

Body param

indicator?: string

Body param

indicators?: Array<Indicator>

Body param: Array of indicators for this event. Supports multiple indicators per event for complex scenarios.

indicatorType: string

The type of indicator (e.g., DOMAIN, IP, JA3, HASH)

value: string

The indicator value (e.g., domain name, IP address, hash)

indicatorType?: string

Body param

insight?: string

Body param

tags?: Array<string>

Body param

targetCountry?: string

Body param

targetIndustry?: string

Body param

ReturnsExpand Collapse
ThreatEventCreateResponse { attacker, attackerCountry, category, 24 more }
attacker: string
attackerCountry: string
category: string
datasetId: string
date: string
event: string
hasChildren: boolean
indicator: string
indicatorType: string
indicatorTypeId: number
killChain: number
mitreAttack: Array<string>
mitreCapec: Array<string>
numReferenced: number
numReferences: number
rawId: string
referenced: Array<string>
referencedIds: Array<number>
references: Array<string>
referencesIds: Array<number>
tags: Array<string>
targetCountry: string
targetIndustry: string
tlp: string
uuid: string
insight?: string
releasabilityId?: string

Creates a new event

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const threatEvent = await client.cloudforceOne.threatEvents.create({
  account_id: 'account_id',
  category: 'Domain Resolution',
  date: '2022-04-01T00:00:00Z',
  event: 'An attacker registered the domain domain.com',
  raw: { data: { foo: 'bar' } },
  tlp: 'amber',
});

console.log(threatEvent.uuid);
{
  "attacker": "Flying Yeti",
  "attackerCountry": "CN",
  "category": "Domain Resolution",
  "datasetId": "dataset-example-id",
  "date": "2022-04-01T00:00:00Z",
  "event": "An attacker registered the domain domain.com",
  "hasChildren": true,
  "indicator": "domain.com",
  "indicatorType": "domain",
  "indicatorTypeId": 5,
  "killChain": 0,
  "mitreAttack": [
    " "
  ],
  "mitreCapec": [
    " "
  ],
  "numReferenced": 0,
  "numReferences": 0,
  "rawId": "453gw34w3",
  "referenced": [
    " "
  ],
  "referencedIds": [
    0
  ],
  "references": [
    " "
  ],
  "referencesIds": [
    0
  ],
  "tags": [
    "malware"
  ],
  "targetCountry": "US",
  "targetIndustry": "Agriculture",
  "tlp": "amber",
  "uuid": "12345678-1234-1234-1234-1234567890ab",
  "insight": "insight",
  "releasabilityId": "releasabilityId"
}
Returns Examples
{
  "attacker": "Flying Yeti",
  "attackerCountry": "CN",
  "category": "Domain Resolution",
  "datasetId": "dataset-example-id",
  "date": "2022-04-01T00:00:00Z",
  "event": "An attacker registered the domain domain.com",
  "hasChildren": true,
  "indicator": "domain.com",
  "indicatorType": "domain",
  "indicatorTypeId": 5,
  "killChain": 0,
  "mitreAttack": [
    " "
  ],
  "mitreCapec": [
    " "
  ],
  "numReferenced": 0,
  "numReferences": 0,
  "rawId": "453gw34w3",
  "referenced": [
    " "
  ],
  "referencedIds": [
    0
  ],
  "references": [
    " "
  ],
  "referencesIds": [
    0
  ],
  "tags": [
    "malware"
  ],
  "targetCountry": "US",
  "targetIndustry": "Agriculture",
  "tlp": "amber",
  "uuid": "12345678-1234-1234-1234-1234567890ab",
  "insight": "insight",
  "releasabilityId": "releasabilityId"
}