API Reference

Cloudforce One

Threat Events

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Reads an event

Deprecated

client.cloudforceOne.threatEvents.get(stringeventId, ThreatEventGetParams { account_id } params, RequestOptionsoptions?): ThreatEventGetResponse { attacker, attackerCountry, category, 24 more }

GET/accounts/{account_id}/cloudforce-one/events/{event_id}

This Method is deprecated. Please use /events/dataset/:dataset_id/events/:event_id instead.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Cloudforce One WriteCloudforce One Read

ParametersExpand Collapse

eventId: string

Event UUID.

params: ThreatEventGetParams { account_id }

account_id: string

Account ID.

ReturnsExpand Collapse

ThreatEventGetResponse { attacker, attackerCountry, category, 24 more }

attacker: string

attackerCountry: string

category: string

datasetId: string

date: string

event: string

hasChildren: boolean

indicator: string

indicatorType: string

indicatorTypeId: number

killChain: number

mitreAttack: Array<string>

mitreCapec: Array<string>

numReferenced: number

numReferences: number

rawId: string

referenced: Array<string>

referencedIds: Array<number>

references: Array<string>

referencesIds: Array<number>

tags: Array<string>

targetCountry: string

targetIndustry: string

tlp: string

uuid: string

insight?: string

releasabilityId?: string

Reads an event

TypeScript

HTTP

TypeScript

Python

Go

Terraform

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const threatEvent = await client.cloudforceOne.threatEvents.get('event_id', {
  account_id: 'account_id',
});

console.log(threatEvent.uuid);

200 example

{
  "attacker": "Flying Yeti",
  "attackerCountry": "CN",
  "category": "Domain Resolution",
  "datasetId": "dataset-example-id",
  "date": "2022-04-01T00:00:00Z",
  "event": "An attacker registered the domain domain.com",
  "hasChildren": true,
  "indicator": "domain.com",
  "indicatorType": "domain",
  "indicatorTypeId": 5,
  "killChain": 0,
  "mitreAttack": [
    " "
  ],
  "mitreCapec": [
    " "
  ],
  "numReferenced": 0,
  "numReferences": 0,
  "rawId": "453gw34w3",
  "referenced": [
    " "
  ],
  "referencedIds": [
    0
  ],
  "references": [
    " "
  ],
  "referencesIds": [
    0
  ],
  "tags": [
    "malware"
  ],
  "targetCountry": "US",
  "targetIndustry": "Agriculture",
  "tlp": "amber",
  "uuid": "12345678-1234-1234-1234-1234567890ab",
  "insight": "insight",
  "releasabilityId": "releasabilityId"
}

Returns Examples

200 example

{
  "attacker": "Flying Yeti",
  "attackerCountry": "CN",
  "category": "Domain Resolution",
  "datasetId": "dataset-example-id",
  "date": "2022-04-01T00:00:00Z",
  "event": "An attacker registered the domain domain.com",
  "hasChildren": true,
  "indicator": "domain.com",
  "indicatorType": "domain",
  "indicatorTypeId": 5,
  "killChain": 0,
  "mitreAttack": [
    " "
  ],
  "mitreCapec": [
    " "
  ],
  "numReferenced": 0,
  "numReferences": 0,
  "rawId": "453gw34w3",
  "referenced": [
    " "
  ],
  "referencedIds": [
    0
  ],
  "references": [
    " "
  ],
  "referencesIds": [
    0
  ],
  "tags": [
    "malware"
  ],
  "targetCountry": "US",
  "targetIndustry": "Agriculture",
  "tlp": "amber",
  "uuid": "12345678-1234-1234-1234-1234567890ab",
  "insight": "insight",
  "releasabilityId": "releasabilityId"
}