Intel

IntelASN

Get ASN Overview.

client.intel.asn.get(, , ?): ASN

GET/accounts/{account_id}/intel/asn/{asn}

IntelASNSubnets

Get ASN Subnets

client.intel.asn.subnets.get(, , ?): SubnetGetResponse { asn, count, ip_count_total, 3 more }

GET/accounts/{account_id}/intel/asn/{asn}/subnets

ModelsExpand Collapse

SubnetGetResponse { asn, count, ip_count_total, 3 more }

asn?: ASN

count?: number

Total results returned based on your search parameters.

ip_count_total?: number

page?: number

Current page within paginated list of results.

per_page?: number

Number of results per page of results.

subnets?: Array<string>

IntelDNS

Get Passive DNS by IP

client.intel.dns.list(, ?): V4PagePagination<DNS { count, page, per_page, reverse_records } >

GET/accounts/{account_id}/intel/dns

ModelsExpand Collapse

DNS { count, page, per_page, reverse_records }

count?: number

Total results returned based on your search parameters.

page?: number

Current page within paginated list of results.

per_page?: number

Number of results per page of results.

reverse_records?: Array<ReverseRecord>

Reverse DNS look-ups observed during the time period.

first_seen?: string

First seen date of the DNS record during the time period.

formatdate

hostname?: string

Hostname that the IP was observed resolving to.

last_seen?: string

Last seen date of the DNS record during the time period.

formatdate

IntelDomains

Get Domain Details

client.intel.domains.get(, ?): Domain { additional_information, application, content_categories, 8 more }

GET/accounts/{account_id}/intel/domain

ModelsExpand Collapse

Domain { additional_information, application, content_categories, 8 more }

additional_information?: AdditionalInformation { suspected_malware_family }

Additional information related to the host name.

suspected_malware_family?: string

Suspected DGA malware family.

application?: Application { id, name }

Application that the hostname belongs to.

id?: number

name?: string

content_categories?: Array<ContentCategory>

id?: number

name?: string

super_category_id?: number

domain?: string

inherited_content_categories?: Array<InheritedContentCategory>

id?: number

name?: string

super_category_id?: number

inherited_from?: string

Domain from which inherited_content_categories and inherited_risk_types are inherited, if applicable.

inherited_risk_types?: Array<InheritedRiskType>

id?: number

name?: string

super_category_id?: number

popularity_rank?: number

Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000.

resolves_to_refs?: Array<ResolvesToRef>

Specifies a list of references to one or more IP addresses or domain names that the domain name currently resolves to.

id?: string

STIX 2.1 identifier: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html#_64yvzeku5a5c.

value?: string

IP address or domain name.

risk_score?: number

Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk).

risk_types?: Array<RiskType>

id?: number

name?: string

super_category_id?: number

IntelDomainsBulks

Get Multiple Domain Details

client.intel.domains.bulks.get(, ?): BulkGetResponse | null

GET/accounts/{account_id}/intel/domain/bulk

ModelsExpand Collapse

BulkGetResponse = Array<BulkGetResponseItem> | null

additional_information?: AdditionalInformation { suspected_malware_family }

Additional information related to the host name.

suspected_malware_family?: string

Suspected DGA malware family.

application?: Application { id, name }

Application that the hostname belongs to.

id?: number

name?: string

content_categories?: Array<ContentCategory>

id?: number

name?: string

super_category_id?: number

domain?: string

inherited_content_categories?: Array<InheritedContentCategory>

id?: number

name?: string

super_category_id?: number

inherited_from?: string

Domain from which inherited_content_categories and inherited_risk_types are inherited, if applicable.

inherited_risk_types?: Array<InheritedRiskType>

id?: number

name?: string

super_category_id?: number

popularity_rank?: number

Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000.

risk_score?: number

Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk).

risk_types?: Array<RiskType>

id?: number

name?: string

super_category_id?: number

IntelDomain History

Get Domain History

client.intel.domainHistory.get(, ?): DomainHistoryGetResponse | null

GET/accounts/{account_id}/intel/domain-history

ModelsExpand Collapse

DomainHistory { categorizations, domain }

categorizations?: Array<Categorization>

categories?: Array<Category>

id?: number

name?: string

end?: string

formatdate

start?: string

formatdate

domain?: string

DomainHistoryGetResponse = Array<DomainHistory { categorizations, domain } > | null

categorizations?: Array<Categorization>

categories?: Array<Category>

id?: number

name?: string

end?: string

formatdate

start?: string

formatdate

domain?: string

IntelIPs

Get IP Overview

client.intel.ips.get(, ?): IPGetResponse | null

GET/accounts/{account_id}/intel/ip

ModelsExpand Collapse

IP { belongs_to_ref, ip, risk_types }

belongs_to_ref?: BelongsToRef { id, country, description, 2 more }

Specifies a reference to the autonomous systems (AS) that the IP address belongs to.

id?: string

country?: string

description?: string

type?: "hosting_provider" | "isp" | "organization"

Infrastructure type of this ASN.

One of the following:

"hosting_provider"

"isp"

"organization"

value?: string

ip?: string

formatipv4

risk_types?: Array<RiskType>

id?: number

name?: string

super_category_id?: number

IPGetResponse = Array<IP { belongs_to_ref, ip, risk_types } > | null

belongs_to_ref?: BelongsToRef { id, country, description, 2 more }

Specifies a reference to the autonomous systems (AS) that the IP address belongs to.

id?: string

country?: string

description?: string

type?: "hosting_provider" | "isp" | "organization"

Infrastructure type of this ASN.

One of the following:

"hosting_provider"

"isp"

"organization"

value?: string

ip?: string

formatipv4

risk_types?: Array<RiskType>

id?: number

name?: string

super_category_id?: number

IntelIP Lists

ModelsExpand Collapse

IPList { id, description, name }

id?: number

description?: string

name?: string

IntelMiscategorizations

Create Miscategorization

client.intel.miscategorizations.create(, ?): MiscategorizationCreateResponse { errors, messages, success }

POST/accounts/{account_id}/intel/miscategorization

ModelsExpand Collapse

MiscategorizationCreateResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.

IntelWhois

Get WHOIS Record

client.intel.whois.get(, ?): WhoisGetResponse { dnssec, domain, extension, 84 more }

GET/accounts/{account_id}/intel/whois

ModelsExpand Collapse

Whois { created_date, domain, nameservers, 6 more }

created_date?: string

formatdate

domain?: string

nameservers?: Array<string>

registrant?: string

registrant_country?: string

registrant_email?: string

registrant_org?: string

registrar?: string

updated_date?: string

formatdate

WhoisGetResponse { dnssec, domain, extension, 84 more }

dnssec: boolean

domain: string

extension: string

found: boolean

nameservers: Array<string>

punycode: string

registrant: string

registrar: string

id?: string

administrative_city?: string

administrative_country?: string

administrative_email?: string

administrative_fax?: string

administrative_fax_ext?: string

administrative_id?: string

administrative_name?: string

administrative_org?: string

administrative_phone?: string

administrative_phone_ext?: string

administrative_postal_code?: string

administrative_province?: string

administrative_referral_url?: string

administrative_street?: string

billing_city?: string

billing_country?: string

billing_email?: string

billing_fax?: string

billing_fax_ext?: string

billing_id?: string

billing_name?: string

billing_org?: string

billing_phone?: string

billing_phone_ext?: string

billing_postal_code?: string

billing_province?: string

billing_referral_url?: string

billing_street?: string

created_date?: string

formatdate-time

created_date_raw?: string

expiration_date?: string

formatdate-time

expiration_date_raw?: string

registrant_city?: string

registrant_country?: string

registrant_email?: string

registrant_fax?: string

registrant_fax_ext?: string

registrant_id?: string

registrant_name?: string

registrant_org?: string

registrant_phone?: string

registrant_phone_ext?: string

registrant_postal_code?: string

registrant_province?: string

registrant_referral_url?: string

registrant_street?: string

registrar_city?: string

registrar_country?: string

registrar_email?: string

registrar_fax?: string

registrar_fax_ext?: string

registrar_id?: string

registrar_name?: string

registrar_org?: string

registrar_phone?: string

registrar_phone_ext?: string

registrar_postal_code?: string

registrar_province?: string

registrar_referral_url?: string

registrar_street?: string

status?: Array<string>

technical_city?: string

technical_country?: string

technical_email?: string

technical_fax?: string

technical_fax_ext?: string

technical_id?: string

technical_name?: string

technical_org?: string

technical_phone?: string

technical_phone_ext?: string

technical_postal_code?: string

technical_province?: string

technical_referral_url?: string

technical_street?: string

updated_date?: string

formatdate-time

updated_date_raw?: string

whois_server?: string

IntelIndicator Feeds

Get indicator feeds owned by this account

client.intel.indicatorFeeds.list(, ?): SinglePage<IndicatorFeedListResponse { id, created_on, description, 5 more } >

GET/accounts/{account_id}/intel/indicator-feeds

Get indicator feed metadata

client.intel.indicatorFeeds.get(, , ?): IndicatorFeedGetResponse { id, created_on, description, 8 more }

GET/accounts/{account_id}/intel/indicator-feeds/{feed_id}

Create new indicator feed

client.intel.indicatorFeeds.create(, ?): IndicatorFeedCreateResponse { id, created_on, description, 5 more }

POST/accounts/{account_id}/intel/indicator-feeds

Update indicator feed metadata

client.intel.indicatorFeeds.update(, , ?): IndicatorFeedUpdateResponse { id, created_on, description, 5 more }

PUT/accounts/{account_id}/intel/indicator-feeds/{feed_id}

Get indicator feed data

client.intel.indicatorFeeds.data(, , ?): IndicatorFeedDataResponse

GET/accounts/{account_id}/intel/indicator-feeds/{feed_id}/data

ModelsExpand Collapse

IndicatorFeedListResponse { id, created_on, description, 5 more }

id?: number

The unique identifier for the indicator feed

created_on?: string

The date and time when the data entry was created

formatdate-time

description?: string

The description of the example test

is_attributable?: boolean

Whether the indicator feed can be attributed to a provider

is_downloadable?: boolean

Whether the indicator feed can be downloaded

is_public?: boolean

Whether the indicator feed is exposed to customers

modified_on?: string

The date and time when the data entry was last modified

formatdate-time

name?: string

The name of the indicator feed

IndicatorFeedGetResponse { id, created_on, description, 8 more }

id?: number

The unique identifier for the indicator feed

created_on?: string

The date and time when the data entry was created

formatdate-time

description?: string

The description of the example test

is_attributable?: boolean

Whether the indicator feed can be attributed to a provider

is_downloadable?: boolean

Whether the indicator feed can be downloaded

is_public?: boolean

Whether the indicator feed is exposed to customers

latest_upload_status?: "Mirroring" | "Unifying" | "Loading" | 3 more

Status of the latest snapshot uploaded

One of the following:

"Mirroring"

"Unifying"

"Loading"

"Provisioning"

"Complete"

"Error"

modified_on?: string

The date and time when the data entry was last modified

formatdate-time

name?: string

The name of the indicator feed

provider_id?: string

The unique identifier for the provider

provider_name?: string

The provider of the indicator feed

IndicatorFeedCreateResponse { id, created_on, description, 5 more }

id?: number

The unique identifier for the indicator feed

created_on?: string

The date and time when the data entry was created

formatdate-time

description?: string

The description of the example test

is_attributable?: boolean

Whether the indicator feed can be attributed to a provider

is_downloadable?: boolean

Whether the indicator feed can be downloaded

is_public?: boolean

Whether the indicator feed is exposed to customers

modified_on?: string

The date and time when the data entry was last modified

formatdate-time

name?: string

The name of the indicator feed

IndicatorFeedUpdateResponse { id, created_on, description, 5 more }

id?: number

The unique identifier for the indicator feed

created_on?: string

The date and time when the data entry was created

formatdate-time

description?: string

The description of the example test

is_attributable?: boolean

Whether the indicator feed can be attributed to a provider

is_downloadable?: boolean

Whether the indicator feed can be downloaded

is_public?: boolean

Whether the indicator feed is exposed to customers

modified_on?: string

The date and time when the data entry was last modified

formatdate-time

name?: string

The name of the indicator feed

IndicatorFeedDataResponse = string

IntelIndicator FeedsSnapshots

Update indicator feed data

client.intel.indicatorFeeds.snapshots.update(, , ?): SnapshotUpdateResponse { file_id, filename, status }

PUT/accounts/{account_id}/intel/indicator-feeds/{feed_id}/snapshot

ModelsExpand Collapse

SnapshotUpdateResponse { file_id, filename, status }

file_id?: number

Feed id

filename?: string

Name of the file unified in our system

status?: string

Current status of upload, should be unified

IntelIndicator FeedsPermissions

List indicator feed permissions

client.intel.indicatorFeeds.permissions.list(, ?): PermissionListResponse { id, description, is_attributable, 3 more }

GET/accounts/{account_id}/intel/indicator-feeds/permissions/view

Grant permission to indicator feed

client.intel.indicatorFeeds.permissions.create(, ?): PermissionCreateResponse { success }

PUT/accounts/{account_id}/intel/indicator-feeds/permissions/add

Revoke permission to indicator feed

client.intel.indicatorFeeds.permissions.delete(, ?): PermissionDeleteResponse { success }

PUT/accounts/{account_id}/intel/indicator-feeds/permissions/remove

ModelsExpand Collapse

PermissionListResponse = Array<PermissionListResponseItem>

id?: number

The unique identifier for the indicator feed

description?: string

The description of the example test

is_attributable?: boolean

Whether the indicator feed can be attributed to a provider

is_downloadable?: boolean

Whether the indicator feed can be downloaded

is_public?: boolean

Whether the indicator feed is exposed to customers

name?: string

The name of the indicator feed

PermissionCreateResponse { success }

success?: boolean

Whether the update succeeded or not

PermissionDeleteResponse { success }

success?: boolean

Whether the update succeeded or not

IntelIndicator FeedsDownloads

IntelSinkholes

List sinkholes owned by this account

client.intel.sinkholes.list(, ?): SinglePage<Sinkhole { id, account_tag, created_on, 4 more } >

GET/accounts/{account_id}/intel/sinkholes

ModelsExpand Collapse

Sinkhole { id, account_tag, created_on, 4 more }

id?: number

The unique identifier for the sinkhole

account_tag?: string

The account tag that owns this sinkhole

created_on?: string

The date and time when the sinkhole was created

formatdate-time

modified_on?: string

The date and time when the sinkhole was last modified

formatdate-time

name?: string

The name of the sinkhole

r2_bucket?: string

The name of the R2 bucket to store results

r2_id?: string

The id of the R2 instance

IntelAttack Surface Report

IntelAttack Surface ReportIssue Types

Retrieves Security Center Issues Types

client.intel.attackSurfaceReport.issueTypes.get(, ?): SinglePage<IssueTypeGetResponse>

GET/accounts/{account_id}/intel/attack-surface-report/issue-types

ModelsExpand Collapse

IssueTypeGetResponse = string

IntelAttack Surface ReportIssues

Retrieves Security Center Issues

Deprecated

client.intel.attackSurfaceReport.issues.list(, ?): V4PagePagination<IssueListResponse { count, issues, page, per_page } >

GET/accounts/{account_id}/intel/attack-surface-report/issues

Retrieves Security Center Issue Counts by Class

Deprecated

client.intel.attackSurfaceReport.issues.class(, ?): IssueClassResponse { count, value }

GET/accounts/{account_id}/intel/attack-surface-report/issues/class

Retrieves Security Center Issue Counts by Severity

Deprecated

client.intel.attackSurfaceReport.issues.severity(, ?): IssueSeverityResponse { count, value }

GET/accounts/{account_id}/intel/attack-surface-report/issues/severity

Retrieves Security Center Issue Counts by Type

Deprecated

client.intel.attackSurfaceReport.issues.type(, ?): IssueTypeResponse { count, value }

GET/accounts/{account_id}/intel/attack-surface-report/issues/type

Archives Security Center Insight

Deprecated

client.intel.attackSurfaceReport.issues.dismiss(, , ?): IssueDismissResponse { errors, messages, success }

PUT/accounts/{account_id}/intel/attack-surface-report/{issue_id}/dismiss

ModelsExpand Collapse

IssueType = "compliance_violation" | "email_security" | "exposed_infrastructure" | 3 more

One of the following:

"compliance_violation"

"email_security"

"exposed_infrastructure"

"insecure_configuration"

"weak_authentication"

"configuration_suggestion"

SeverityQueryParam = "low" | "moderate" | "critical"

One of the following:

"low"

"moderate"

"critical"

IssueListResponse { count, issues, page, per_page }

count?: number

Indicates the total number of results.

issues?: Array<Issue>

id?: string

dismissed?: boolean

issue_class?: string

issue_type?: IssueType

payload?: Payload { detection_method, zone_tag }

detection_method?: string

Describes the method used to detect insight.

zone_tag?: string

resolve_link?: string

resolve_text?: string

severity?: "Low" | "Moderate" | "Critical"

One of the following:

"Low"

"Moderate"

"Critical"

since?: string

formatdate-time

subject?: string

timestamp?: string

formatdate-time

page?: number

Specifies the current page within paginated list of results.

per_page?: number

Sets the number of results per page of results.

maximum1000

minimum1

IssueClassResponse = Array<IssueClassResponseItem>

count?: number

value?: string

IssueSeverityResponse = Array<IssueSeverityResponseItem>

count?: number

value?: string

IssueTypeResponse = Array<IssueTypeResponseItem>

count?: number

value?: string

IssueDismissResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.