# Intel # ASN ## Get ASN Overview. `client.intel.asn.get(ASNasn, ASNGetParamsparams, RequestOptionsoptions?): ASN` **get** `/accounts/{account_id}/intel/asn/{asn}` Gets an overview of the Autonomous System Number (ASN) and a list of subnets for it. ### Parameters - `asn: ASN` - `params: ASNGetParams` - `account_id: string` Identifier. ### Returns - `ASN = number` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const asn = await client.intel.asn.get(0, { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }); console.log(asn); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": 0 } ``` # Subnets ## Get ASN Subnets `client.intel.asn.subnets.get(ASNasn, SubnetGetParamsparams, RequestOptionsoptions?): SubnetGetResponse` **get** `/accounts/{account_id}/intel/asn/{asn}/subnets` Get ASN Subnets. ### Parameters - `asn: ASN` - `params: SubnetGetParams` - `account_id: string` Identifier. ### Returns - `SubnetGetResponse` - `asn?: ASN` - `count?: number` Total results returned based on your search parameters. - `ip_count_total?: number` - `page?: number` Current page within paginated list of results. - `per_page?: number` Number of results per page of results. - `subnets?: Array` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const subnet = await client.intel.asn.subnets.get(0, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(subnet.asn); ``` #### Response ```json { "asn": 0, "count": 1, "ip_count_total": 0, "page": 1, "per_page": 20, "subnets": [ "192.0.2.0/24", "2001:DB8::/32" ] } ``` ## Domain Types ### Subnet Get Response - `SubnetGetResponse` - `asn?: ASN` - `count?: number` Total results returned based on your search parameters. - `ip_count_total?: number` - `page?: number` Current page within paginated list of results. - `per_page?: number` Number of results per page of results. - `subnets?: Array` # DNS ## Get Passive DNS by IP `client.intel.dns.list(DNSListParamsparams, RequestOptionsoptions?): V4PagePagination` **get** `/accounts/{account_id}/intel/dns` Gets a list of all the domains that have resolved to a specific IP address. ### Parameters - `params: DNSListParams` - `account_id: string` Path param: Identifier. - `ipv4?: string` Query param - `page?: number` Query param: Requested page within paginated list of results. - `per_page?: number` Query param: Maximum number of results requested. - `start_end_params?: StartEndParams` Query param - `end?: string` Defaults to the current date. - `start?: string` Defaults to 30 days before the end parameter value. ### Returns - `DNS` - `count?: number` Total results returned based on your search parameters. - `page?: number` Current page within paginated list of results. - `per_page?: number` Number of results per page of results. - `reverse_records?: Array` Reverse DNS look-ups observed during the time period. - `first_seen?: string` First seen date of the DNS record during the time period. - `hostname?: string` Hostname that the IP was observed resolving to. - `last_seen?: string` Last seen date of the DNS record during the time period. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const dns of client.intel.dns.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353' })) { console.log(dns.count); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "count": 1, "page": 1, "per_page": 20, "reverse_records": [ { "first_seen": "2021-04-01", "hostname": "hostname", "last_seen": "2021-04-30" } ] }, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### DNS - `DNS` - `count?: number` Total results returned based on your search parameters. - `page?: number` Current page within paginated list of results. - `per_page?: number` Number of results per page of results. - `reverse_records?: Array` Reverse DNS look-ups observed during the time period. - `first_seen?: string` First seen date of the DNS record during the time period. - `hostname?: string` Hostname that the IP was observed resolving to. - `last_seen?: string` Last seen date of the DNS record during the time period. # Domains ## Get Domain Details `client.intel.domains.get(DomainGetParamsparams, RequestOptionsoptions?): Domain` **get** `/accounts/{account_id}/intel/domain` Gets security details and statistics about a domain. ### Parameters - `params: DomainGetParams` - `account_id: string` Path param: Identifier. - `domain?: string` Query param ### Returns - `Domain` - `additional_information?: AdditionalInformation` Additional information related to the host name. - `suspected_malware_family?: string` Suspected DGA malware family. - `application?: Application` Application that the hostname belongs to. - `id?: number` - `name?: string` - `content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `domain?: string` - `inherited_content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `inherited_from?: string` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `popularity_rank?: number` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `resolves_to_refs?: Array` Specifies a list of references to one or more IP addresses or domain names that the domain name currently resolves to. - `id?: string` STIX 2.1 identifier: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html#_64yvzeku5a5c. - `value?: string` IP address or domain name. - `risk_score?: number` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const domain = await client.intel.domains.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353' }); console.log(domain.additional_information); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "additional_information": { "suspected_malware_family": "" }, "application": { "id": 0, "name": "CLOUDFLARE" }, "content_categories": [ { "id": 155, "name": "Technology", "super_category_id": 26 } ], "domain": "cloudflare.com", "inherited_content_categories": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "inherited_from": "inherited_from", "inherited_risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "popularity_rank": 0, "resolves_to_refs": [ { "id": "ipv4-addr--baa568ec-6efe-5902-be55-0663833db537", "value": "192.0.2.0" } ], "risk_score": 0, "risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ] } } ``` ## Domain Types ### Domain - `Domain` - `additional_information?: AdditionalInformation` Additional information related to the host name. - `suspected_malware_family?: string` Suspected DGA malware family. - `application?: Application` Application that the hostname belongs to. - `id?: number` - `name?: string` - `content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `domain?: string` - `inherited_content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `inherited_from?: string` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `popularity_rank?: number` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `resolves_to_refs?: Array` Specifies a list of references to one or more IP addresses or domain names that the domain name currently resolves to. - `id?: string` STIX 2.1 identifier: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html#_64yvzeku5a5c. - `value?: string` IP address or domain name. - `risk_score?: number` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` # Bulks ## Get Multiple Domain Details `client.intel.domains.bulks.get(BulkGetParamsparams, RequestOptionsoptions?): BulkGetResponse | null` **get** `/accounts/{account_id}/intel/domain/bulk` Same as summary. ### Parameters - `params: BulkGetParams` - `account_id: string` Path param: Identifier. - `domain?: Array` Query param: Accepts multiple values like `?domain=cloudflare.com&domain=example.com`. ### Returns - `BulkGetResponse = Array | null` - `additional_information?: AdditionalInformation` Additional information related to the host name. - `suspected_malware_family?: string` Suspected DGA malware family. - `application?: Application` Application that the hostname belongs to. - `id?: number` - `name?: string` - `content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `domain?: string` - `inherited_content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `inherited_from?: string` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `popularity_rank?: number` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `risk_score?: number` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const bulks = await client.intel.domains.bulks.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(bulks); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "additional_information": { "suspected_malware_family": "" }, "application": { "id": 0, "name": "CLOUDFLARE" }, "content_categories": [ { "id": 155, "name": "Technology", "super_category_id": 26 } ], "domain": "cloudflare.com", "inherited_content_categories": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "inherited_from": "inherited_from", "inherited_risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "popularity_rank": 0, "risk_score": 0, "risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Bulk Get Response - `BulkGetResponse = Array | null` - `additional_information?: AdditionalInformation` Additional information related to the host name. - `suspected_malware_family?: string` Suspected DGA malware family. - `application?: Application` Application that the hostname belongs to. - `id?: number` - `name?: string` - `content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `domain?: string` - `inherited_content_categories?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `inherited_from?: string` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` - `popularity_rank?: number` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `risk_score?: number` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` # Domain History ## Get Domain History `client.intel.domainHistory.get(DomainHistoryGetParamsparams, RequestOptionsoptions?): DomainHistoryGetResponse | null` **get** `/accounts/{account_id}/intel/domain-history` Gets historical security threat and content categories currently and previously assigned to a domain. ### Parameters - `params: DomainHistoryGetParams` - `account_id: string` Path param: Identifier. - `domain?: string` Query param ### Returns - `DomainHistoryGetResponse = Array | null` - `categorizations?: Array` - `categories?: Array` - `id?: number` - `name?: string` - `end?: string` - `start?: string` - `domain?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const domainHistories = await client.intel.domainHistory.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(domainHistories); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "categorizations": [ { "categories": [ { "id": 155, "name": "Technology" } ], "end": "2021-04-30", "start": "2021-04-01" } ], "domain": "cloudflare.com" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Domain History - `DomainHistory` - `categorizations?: Array` - `categories?: Array` - `id?: number` - `name?: string` - `end?: string` - `start?: string` - `domain?: string` ### Domain History Get Response - `DomainHistoryGetResponse = Array | null` - `categorizations?: Array` - `categories?: Array` - `id?: number` - `name?: string` - `end?: string` - `start?: string` - `domain?: string` # IPs ## Get IP Overview `client.intel.ips.get(IPGetParamsparams, RequestOptionsoptions?): IPGetResponse | null` **get** `/accounts/{account_id}/intel/ip` Gets the geolocation, ASN, infrastructure type of the ASN, and any security threat categories of an IP address. **Must provide ip query parameters.** For example, `/intel/ip?ipv4=1.1.1.1` or `/intel/ip?ipv6=2001:db8::1`. ### Parameters - `params: IPGetParams` - `account_id: string` Path param: Identifier. - `ipv4?: string` Query param - `ipv6?: string` Query param ### Returns - `IPGetResponse = Array | null` - `belongs_to_ref?: BelongsToRef` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `id?: string` - `country?: string` - `description?: string` - `type?: "hosting_provider" | "isp" | "organization"` Infrastructure type of this ASN. - `"hosting_provider"` - `"isp"` - `"organization"` - `value?: string` - `ip?: string` - `risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ips = await client.intel.ips.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353' }); console.log(ips); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "belongs_to_ref": { "id": "autonomous-system--2fa28d71-3549-5a38-af05-770b79ad6ea8", "country": "US", "description": "CLOUDFLARENET", "type": "hosting_provider", "value": "value" }, "ip": "192.0.2.0", "risk_types": [ { "id": 131, "name": "Phishing", "super_category_id": 21 } ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### IP - `IP` - `belongs_to_ref?: BelongsToRef` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `id?: string` - `country?: string` - `description?: string` - `type?: "hosting_provider" | "isp" | "organization"` Infrastructure type of this ASN. - `"hosting_provider"` - `"isp"` - `"organization"` - `value?: string` - `ip?: string` - `risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` ### IP Get Response - `IPGetResponse = Array | null` - `belongs_to_ref?: BelongsToRef` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `id?: string` - `country?: string` - `description?: string` - `type?: "hosting_provider" | "isp" | "organization"` Infrastructure type of this ASN. - `"hosting_provider"` - `"isp"` - `"organization"` - `value?: string` - `ip?: string` - `risk_types?: Array` - `id?: number` - `name?: string` - `super_category_id?: number` # IP Lists ## Domain Types ### IP List - `IPList` - `id?: number` - `description?: string` - `name?: string` # Miscategorizations ## Create Miscategorization `client.intel.miscategorizations.create(MiscategorizationCreateParamsparams, RequestOptionsoptions?): MiscategorizationCreateResponse` **post** `/accounts/{account_id}/intel/miscategorization` Allows you to submit requests to change a domain’s category. ### Parameters - `params: MiscategorizationCreateParams` - `account_id: string` Path param: Identifier. - `content_adds?: Array` Body param: Content category IDs to add. - `content_removes?: Array` Body param: Content category IDs to remove. - `indicator_type?: "domain" | "ipv4" | "ipv6" | "url"` Body param - `"domain"` - `"ipv4"` - `"ipv6"` - `"url"` - `ip?: string | null` Body param: Provide only if indicator_type is `ipv4` or `ipv6`. - `security_adds?: Array` Body param: Security category IDs to add. - `security_removes?: Array` Body param: Security category IDs to remove. - `url?: string` Body param: Provide only if indicator_type is `domain` or `url`. Example if indicator_type is `domain`: `example.com`. Example if indicator_type is `url`: `https://example.com/news/`. ### Returns - `MiscategorizationCreateResponse` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `success: true` Whether the API call was successful. - `true` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const miscategorization = await client.intel.miscategorizations.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(miscategorization.errors); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Miscategorization Create Response - `MiscategorizationCreateResponse` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `success: true` Whether the API call was successful. - `true` # Whois ## Get WHOIS Record `client.intel.whois.get(WhoisGetParamsparams, RequestOptionsoptions?): WhoisGetResponse` **get** `/accounts/{account_id}/intel/whois` Retrieves WHOIS registration data for a domain, including registrant and nameserver information. ### Parameters - `params: WhoisGetParams` - `account_id: string` Path param: Use to uniquely identify or reference the resource. - `domain?: string` Query param ### Returns - `WhoisGetResponse` - `dnssec: boolean` - `domain: string` - `extension: string` - `found: boolean` - `nameservers: Array` - `punycode: string` - `registrant: string` - `registrar: string` - `id?: string` - `administrative_city?: string` - `administrative_country?: string` - `administrative_email?: string` - `administrative_fax?: string` - `administrative_fax_ext?: string` - `administrative_id?: string` - `administrative_name?: string` - `administrative_org?: string` - `administrative_phone?: string` - `administrative_phone_ext?: string` - `administrative_postal_code?: string` - `administrative_province?: string` - `administrative_referral_url?: string` - `administrative_street?: string` - `billing_city?: string` - `billing_country?: string` - `billing_email?: string` - `billing_fax?: string` - `billing_fax_ext?: string` - `billing_id?: string` - `billing_name?: string` - `billing_org?: string` - `billing_phone?: string` - `billing_phone_ext?: string` - `billing_postal_code?: string` - `billing_province?: string` - `billing_referral_url?: string` - `billing_street?: string` - `created_date?: string` - `created_date_raw?: string` - `expiration_date?: string` - `expiration_date_raw?: string` - `registrant_city?: string` - `registrant_country?: string` - `registrant_email?: string` - `registrant_fax?: string` - `registrant_fax_ext?: string` - `registrant_id?: string` - `registrant_name?: string` - `registrant_org?: string` - `registrant_phone?: string` - `registrant_phone_ext?: string` - `registrant_postal_code?: string` - `registrant_province?: string` - `registrant_referral_url?: string` - `registrant_street?: string` - `registrar_city?: string` - `registrar_country?: string` - `registrar_email?: string` - `registrar_fax?: string` - `registrar_fax_ext?: string` - `registrar_id?: string` - `registrar_name?: string` - `registrar_org?: string` - `registrar_phone?: string` - `registrar_phone_ext?: string` - `registrar_postal_code?: string` - `registrar_province?: string` - `registrar_referral_url?: string` - `registrar_street?: string` - `status?: Array` - `technical_city?: string` - `technical_country?: string` - `technical_email?: string` - `technical_fax?: string` - `technical_fax_ext?: string` - `technical_id?: string` - `technical_name?: string` - `technical_org?: string` - `technical_phone?: string` - `technical_phone_ext?: string` - `technical_postal_code?: string` - `technical_province?: string` - `technical_referral_url?: string` - `technical_street?: string` - `updated_date?: string` - `updated_date_raw?: string` - `whois_server?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const whois = await client.intel.whois.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353' }); console.log(whois.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "dnssec": true, "domain": "cloudflare.com", "extension": "com", "found": true, "nameservers": [ "ns3.cloudflare.com", "ns4.cloudflare.com", "ns5.cloudflare.com", "ns6.cloudflare.com", "ns7.cloudflare.com" ], "punycode": "cloudflare.com", "registrant": "registrant", "registrar": "Cloudflare, Inc.", "id": "1542998887_DOMAIN_COM-VRSN", "administrative_city": "administrative_city", "administrative_country": "administrative_country", "administrative_email": "administrative_email", "administrative_fax": "administrative_fax", "administrative_fax_ext": "administrative_fax_ext", "administrative_id": "administrative_id", "administrative_name": "administrative_name", "administrative_org": "administrative_org", "administrative_phone": "administrative_phone", "administrative_phone_ext": "administrative_phone_ext", "administrative_postal_code": "administrative_postal_code", "administrative_province": "administrative_province", "administrative_referral_url": "administrative_referral_url", "administrative_street": "administrative_street", "billing_city": "billing_city", "billing_country": "billing_country", "billing_email": "billing_email", "billing_fax": "billing_fax", "billing_fax_ext": "billing_fax_ext", "billing_id": "billing_id", "billing_name": "billing_name", "billing_org": "billing_org", "billing_phone": "billing_phone", "billing_phone_ext": "billing_phone_ext", "billing_postal_code": "billing_postal_code", "billing_province": "billing_province", "billing_referral_url": "billing_referral_url", "billing_street": "billing_street", "created_date": "2009-02-17T22:07:54.000Z", "created_date_raw": "2009-02-17T22:07:54Z", "expiration_date": "2033-02-17T22:07:54.000Z", "expiration_date_raw": "2033-02-17T22:07:54Z", "registrant_city": "registrant_city", "registrant_country": "registrant_country", "registrant_email": "registrant_email", "registrant_fax": "registrant_fax", "registrant_fax_ext": "registrant_fax_ext", "registrant_id": "registrant_id", "registrant_name": "registrant_name", "registrant_org": "registrant_org", "registrant_phone": "registrant_phone", "registrant_phone_ext": "registrant_phone_ext", "registrant_postal_code": "registrant_postal_code", "registrant_province": "registrant_province", "registrant_referral_url": "registrant_referral_url", "registrant_street": "registrant_street", "registrar_city": "registrar_city", "registrar_country": "registrar_country", "registrar_email": "registrar_email", "registrar_fax": "registrar_fax", "registrar_fax_ext": "registrar_fax_ext", "registrar_id": "registrar_id", "registrar_name": "registrar_name", "registrar_org": "registrar_org", "registrar_phone": "registrar_phone", "registrar_phone_ext": "registrar_phone_ext", "registrar_postal_code": "registrar_postal_code", "registrar_province": "registrar_province", "registrar_referral_url": "registrar_referral_url", "registrar_street": "registrar_street", "status": [ "clientdeleteprohibited", "clienttransferprohibited", "clientupdateprohibited", "serverdeleteprohibited", "servertransferprohibited", "serverupdateprohibited" ], "technical_city": "technical_city", "technical_country": "technical_country", "technical_email": "technical_email", "technical_fax": "technical_fax", "technical_fax_ext": "technical_fax_ext", "technical_id": "technical_id", "technical_name": "technical_name", "technical_org": "technical_org", "technical_phone": "technical_phone", "technical_phone_ext": "technical_phone_ext", "technical_postal_code": "technical_postal_code", "technical_province": "technical_province", "technical_referral_url": "technical_referral_url", "technical_street": "technical_street", "updated_date": "2024-01-09T16:45:28.000Z", "updated_date_raw": "2024-01-09T16:45:28Z", "whois_server": "whois.cloudflare.com" } } ``` ## Domain Types ### Whois - `Whois` - `created_date?: string` - `domain?: string` - `nameservers?: Array` - `registrant?: string` - `registrant_country?: string` - `registrant_email?: string` - `registrant_org?: string` - `registrar?: string` - `updated_date?: string` ### Whois Get Response - `WhoisGetResponse` - `dnssec: boolean` - `domain: string` - `extension: string` - `found: boolean` - `nameservers: Array` - `punycode: string` - `registrant: string` - `registrar: string` - `id?: string` - `administrative_city?: string` - `administrative_country?: string` - `administrative_email?: string` - `administrative_fax?: string` - `administrative_fax_ext?: string` - `administrative_id?: string` - `administrative_name?: string` - `administrative_org?: string` - `administrative_phone?: string` - `administrative_phone_ext?: string` - `administrative_postal_code?: string` - `administrative_province?: string` - `administrative_referral_url?: string` - `administrative_street?: string` - `billing_city?: string` - `billing_country?: string` - `billing_email?: string` - `billing_fax?: string` - `billing_fax_ext?: string` - `billing_id?: string` - `billing_name?: string` - `billing_org?: string` - `billing_phone?: string` - `billing_phone_ext?: string` - `billing_postal_code?: string` - `billing_province?: string` - `billing_referral_url?: string` - `billing_street?: string` - `created_date?: string` - `created_date_raw?: string` - `expiration_date?: string` - `expiration_date_raw?: string` - `registrant_city?: string` - `registrant_country?: string` - `registrant_email?: string` - `registrant_fax?: string` - `registrant_fax_ext?: string` - `registrant_id?: string` - `registrant_name?: string` - `registrant_org?: string` - `registrant_phone?: string` - `registrant_phone_ext?: string` - `registrant_postal_code?: string` - `registrant_province?: string` - `registrant_referral_url?: string` - `registrant_street?: string` - `registrar_city?: string` - `registrar_country?: string` - `registrar_email?: string` - `registrar_fax?: string` - `registrar_fax_ext?: string` - `registrar_id?: string` - `registrar_name?: string` - `registrar_org?: string` - `registrar_phone?: string` - `registrar_phone_ext?: string` - `registrar_postal_code?: string` - `registrar_province?: string` - `registrar_referral_url?: string` - `registrar_street?: string` - `status?: Array` - `technical_city?: string` - `technical_country?: string` - `technical_email?: string` - `technical_fax?: string` - `technical_fax_ext?: string` - `technical_id?: string` - `technical_name?: string` - `technical_org?: string` - `technical_phone?: string` - `technical_phone_ext?: string` - `technical_postal_code?: string` - `technical_province?: string` - `technical_referral_url?: string` - `technical_street?: string` - `updated_date?: string` - `updated_date_raw?: string` - `whois_server?: string` # Indicator Feeds ## Get indicator feeds owned by this account `client.intel.indicatorFeeds.list(IndicatorFeedListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/intel/indicator-feeds` Retrieves details for all accessible custom threat indicator feeds. ### Parameters - `params: IndicatorFeedListParams` - `account_id: string` Identifier ### Returns - `IndicatorFeedListResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const indicatorFeedListResponse of client.intel.indicatorFeeds.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(indicatorFeedListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "user specified description 1", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "user_specified_name_1" }, { "id": 2, "created_on": "2023-05-21T21:43:52.867525Z", "description": "User specified description 2", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-28T18:46:18.764425Z", "name": "user_specified_name_2" } ] } ``` ## Get indicator feed metadata `client.intel.indicatorFeeds.get(numberfeedId, IndicatorFeedGetParamsparams, RequestOptionsoptions?): IndicatorFeedGetResponse` **get** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}` Retrieves details for a specific custom threat indicator feed. ### Parameters - `feedId: number` Indicator feed ID - `params: IndicatorFeedGetParams` - `account_id: string` Identifier ### Returns - `IndicatorFeedGetResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `latest_upload_status?: "Mirroring" | "Unifying" | "Loading" | 3 more` Status of the latest snapshot uploaded - `"Mirroring"` - `"Unifying"` - `"Loading"` - `"Provisioning"` - `"Complete"` - `"Error"` - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed - `provider_id?: string` The unique identifier for the provider - `provider_name?: string` The provider of the indicator feed ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const indicatorFeed = await client.intel.indicatorFeeds.get(12, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(indicatorFeed.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "latest_upload_status": "Complete", "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1", "provider_id": "provider_id", "provider_name": "provider_name" } } ``` ## Create new indicator feed `client.intel.indicatorFeeds.create(IndicatorFeedCreateParamsparams, RequestOptionsoptions?): IndicatorFeedCreateResponse` **post** `/accounts/{account_id}/intel/indicator-feeds` Creates a new custom threat indicator feed for sharing threat intelligence data. ### Parameters - `params: IndicatorFeedCreateParams` - `account_id: string` Path param: Identifier - `description?: string` Body param: The description of the example test - `name?: string` Body param: The name of the indicator feed ### Returns - `IndicatorFeedCreateResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const indicatorFeed = await client.intel.indicatorFeeds.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(indicatorFeed.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1" } } ``` ## Update indicator feed metadata `client.intel.indicatorFeeds.update(numberfeedId, IndicatorFeedUpdateParamsparams, RequestOptionsoptions?): IndicatorFeedUpdateResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}` Revises details for a specific custom threat indicator feed. ### Parameters - `feedId: number` Indicator feed ID - `params: IndicatorFeedUpdateParams` - `account_id: string` Path param: Identifier - `description?: string` Body param: The new description of the feed - `is_attributable?: boolean` Body param: The new is_attributable value of the feed - `is_downloadable?: boolean` Body param: The new is_downloadable value of the feed - `is_public?: boolean` Body param: The new is_public value of the feed - `name?: string` Body param: The new name of the feed ### Returns - `IndicatorFeedUpdateResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const indicatorFeed = await client.intel.indicatorFeeds.update(12, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(indicatorFeed.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1" } } ``` ## Get indicator feed data `client.intel.indicatorFeeds.data(numberfeedId, IndicatorFeedDataParamsparams, RequestOptionsoptions?): IndicatorFeedDataResponse` **get** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}/data` Retrieves the raw data entries in a custom threat indicator feed. ### Parameters - `feedId: number` Indicator feed ID - `params: IndicatorFeedDataParams` - `account_id: string` Identifier ### Returns - `IndicatorFeedDataResponse = string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const response = await client.intel.indicatorFeeds.data(12, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response); ``` ## Domain Types ### Indicator Feed List Response - `IndicatorFeedListResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed ### Indicator Feed Get Response - `IndicatorFeedGetResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `latest_upload_status?: "Mirroring" | "Unifying" | "Loading" | 3 more` Status of the latest snapshot uploaded - `"Mirroring"` - `"Unifying"` - `"Loading"` - `"Provisioning"` - `"Complete"` - `"Error"` - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed - `provider_id?: string` The unique identifier for the provider - `provider_name?: string` The provider of the indicator feed ### Indicator Feed Create Response - `IndicatorFeedCreateResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed ### Indicator Feed Update Response - `IndicatorFeedUpdateResponse` - `id?: number` The unique identifier for the indicator feed - `created_on?: string` The date and time when the data entry was created - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `modified_on?: string` The date and time when the data entry was last modified - `name?: string` The name of the indicator feed ### Indicator Feed Data Response - `IndicatorFeedDataResponse = string` # Snapshots ## Update indicator feed data `client.intel.indicatorFeeds.snapshots.update(numberfeedId, SnapshotUpdateParamsparams, RequestOptionsoptions?): SnapshotUpdateResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}/snapshot` Revises the raw data entries in a custom threat indicator feed. ### Parameters - `feedId: number` Indicator feed ID - `params: SnapshotUpdateParams` - `account_id: string` Path param: Identifier - `source?: string` Body param: The file to upload ### Returns - `SnapshotUpdateResponse` - `file_id?: number` Feed id - `filename?: string` Name of the file unified in our system - `status?: string` Current status of upload, should be unified ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const snapshot = await client.intel.indicatorFeeds.snapshots.update(12, { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(snapshot.file_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "file_id": 1, "filename": "snapshot_file.unified", "status": "unified" } } ``` ## Domain Types ### Snapshot Update Response - `SnapshotUpdateResponse` - `file_id?: number` Feed id - `filename?: string` Name of the file unified in our system - `status?: string` Current status of upload, should be unified # Permissions ## List indicator feed permissions `client.intel.indicatorFeeds.permissions.list(PermissionListParamsparams, RequestOptionsoptions?): PermissionListResponse` **get** `/accounts/{account_id}/intel/indicator-feeds/permissions/view` Lists current access permissions for custom threat indicator feeds. ### Parameters - `params: PermissionListParams` - `account_id: string` Identifier ### Returns - `PermissionListResponse = Array` - `id?: number` The unique identifier for the indicator feed - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `name?: string` The name of the indicator feed ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const permissions = await client.intel.indicatorFeeds.permissions.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(permissions); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "description": "An important indicator list", "is_attributable": false, "is_downloadable": false, "is_public": false, "name": "indicator_list_1" }, { "id": 2, "description": "An even more important indicator list", "is_attributable": true, "is_downloadable": false, "is_public": true, "name": "indicator_list_2" } ] } ``` ## Grant permission to indicator feed `client.intel.indicatorFeeds.permissions.create(PermissionCreateParamsparams, RequestOptionsoptions?): PermissionCreateResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/permissions/add` Grants access permissions for a custom threat indicator feed to other accounts. ### Parameters - `params: PermissionCreateParams` - `account_id: string` Path param: Identifier - `account_tag?: string` Body param: The Cloudflare account tag of the account to change permissions on - `feed_id?: number` Body param: The ID of the feed to add/remove permissions on ### Returns - `PermissionCreateResponse` - `success?: boolean` Whether the update succeeded or not ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const permission = await client.intel.indicatorFeeds.permissions.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(permission.success); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "success": true } } ``` ## Revoke permission to indicator feed `client.intel.indicatorFeeds.permissions.delete(PermissionDeleteParamsparams, RequestOptionsoptions?): PermissionDeleteResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/permissions/remove` Revokes access permissions for a custom threat indicator feed. ### Parameters - `params: PermissionDeleteParams` - `account_id: string` Path param: Identifier - `account_tag?: string` Body param: The Cloudflare account tag of the account to change permissions on - `feed_id?: number` Body param: The ID of the feed to add/remove permissions on ### Returns - `PermissionDeleteResponse` - `success?: boolean` Whether the update succeeded or not ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const permission = await client.intel.indicatorFeeds.permissions.delete({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(permission.success); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "success": true } } ``` ## Domain Types ### Permission List Response - `PermissionListResponse = Array` - `id?: number` The unique identifier for the indicator feed - `description?: string` The description of the example test - `is_attributable?: boolean` Whether the indicator feed can be attributed to a provider - `is_downloadable?: boolean` Whether the indicator feed can be downloaded - `is_public?: boolean` Whether the indicator feed is exposed to customers - `name?: string` The name of the indicator feed ### Permission Create Response - `PermissionCreateResponse` - `success?: boolean` Whether the update succeeded or not ### Permission Delete Response - `PermissionDeleteResponse` - `success?: boolean` Whether the update succeeded or not # Downloads # Sinkholes ## List sinkholes owned by this account `client.intel.sinkholes.list(SinkholeListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/intel/sinkholes` List sinkholes owned by this account ### Parameters - `params: SinkholeListParams` - `account_id: string` Identifier ### Returns - `Sinkhole` - `id?: number` The unique identifier for the sinkhole - `account_tag?: string` The account tag that owns this sinkhole - `created_on?: string` The date and time when the sinkhole was created - `modified_on?: string` The date and time when the sinkhole was last modified - `name?: string` The name of the sinkhole - `r2_bucket?: string` The name of the R2 bucket to store results - `r2_id?: string` The id of the R2 instance ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const sinkhole of client.intel.sinkholes.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(sinkhole.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "account_tag": "233f45e61fd1f7e21e1e154ede4q2859", "created_on": "2023-05-12T12:21:56.777653Z", "modified_on": "2023-06-18T03:13:34.123321Z", "name": "sinkhole_1", "r2_bucket": "my_bucket", "r2_id": "" }, { "id": 2, "account_tag": "233f45e61fd1f7e21e1e154ede4q2859", "created_on": "2023-05-21T21:43:52.867525Z", "modified_on": "2023-06-28T18:46:18.764425Z", "name": "sinkhole_1", "r2_bucket": "my_bucket", "r2_id": "" } ] } ``` ## Domain Types ### Sinkhole - `Sinkhole` - `id?: number` The unique identifier for the sinkhole - `account_tag?: string` The account tag that owns this sinkhole - `created_on?: string` The date and time when the sinkhole was created - `modified_on?: string` The date and time when the sinkhole was last modified - `name?: string` The name of the sinkhole - `r2_bucket?: string` The name of the R2 bucket to store results - `r2_id?: string` The id of the R2 instance # Attack Surface Report # Issue Types ## Retrieves Security Center Issues Types `client.intel.attackSurfaceReport.issueTypes.get(IssueTypeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/intel/attack-surface-report/issue-types` Lists all available issue types in Security Center, describing categories of security issues. ### Parameters - `params: IssueTypeGetParams` - `account_id: string` Identifier. ### Returns - `IssueTypeGetResponse = string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const issueTypeGetResponse of client.intel.attackSurfaceReport.issueTypes.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(issueTypeGetResponse); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ "string" ] } ``` ## Domain Types ### Issue Type Get Response - `IssueTypeGetResponse = string` # Issues ## Retrieves Security Center Issues `client.intel.attackSurfaceReport.issues.list(IssueListParamsparams, RequestOptionsoptions?): V4PagePagination` **get** `/accounts/{account_id}/intel/attack-surface-report/issues` Lists all Security Center issues for the account, showing active security problems requiring attention. ### Parameters - `params: IssueListParams` - `account_id: string` Path param: Identifier. - `dismissed?: boolean` Query param - `issue_class?: Array` Query param - `issueClassNeq?: Array` Query param - `issue_type?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issueTypeNeq?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `page?: number` Query param: Specifies the current page within paginated list of results. - `per_page?: number` Query param: Sets the number of results per page of results. - `product?: Array` Query param - `productNeq?: Array` Query param - `severity?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `severityNeq?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `subject?: Array` Query param - `subjectNeq?: Array` Query param ### Returns - `IssueListResponse` - `count?: number` Indicates the total number of results. - `issues?: Array` - `id?: string` - `dismissed?: boolean` - `issue_class?: string` - `issue_type?: IssueType` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `payload?: Payload` - `detection_method?: string` Describes the method used to detect insight. - `zone_tag?: string` - `resolve_link?: string` - `resolve_text?: string` - `severity?: "Low" | "Moderate" | "Critical"` - `"Low"` - `"Moderate"` - `"Critical"` - `since?: string` - `subject?: string` - `timestamp?: string` - `page?: number` Specifies the current page within paginated list of results. - `per_page?: number` Sets the number of results per page of results. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const issueListResponse of client.intel.attackSurfaceReport.issues.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(issueListResponse.count); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "count": 1, "issues": [ { "id": "id", "dismissed": false, "issue_class": "always_use_https_not_enabled", "issue_type": "compliance_violation", "payload": { "detection_method": "We detected security rules referencing multiple IP addresses directly in the rules.", "zone_tag": "zone_tag" }, "resolve_link": "resolve_link", "resolve_text": "resolve_text", "severity": "Low", "since": "2019-12-27T18:11:19.117Z", "subject": "example.com", "timestamp": "2019-12-27T18:11:19.117Z" } ], "page": 1, "per_page": 25 } } ``` ## Retrieves Security Center Issue Counts by Class `client.intel.attackSurfaceReport.issues.class(IssueClassParamsparams, RequestOptionsoptions?): IssueClassResponse` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/class` Retrieves Security Center issue counts aggregated by classification class. ### Parameters - `params: IssueClassParams` - `account_id: string` Path param: Identifier. - `dismissed?: boolean` Query param - `issue_class?: Array` Query param - `issueClassNeq?: Array` Query param - `issue_type?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issueTypeNeq?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `product?: Array` Query param - `productNeq?: Array` Query param - `severity?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `severityNeq?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `subject?: Array` Query param - `subjectNeq?: Array` Query param ### Returns - `IssueClassResponse = Array` - `count?: number` - `value?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.intel.attackSurfaceReport.issues.class({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Retrieves Security Center Issue Counts by Severity `client.intel.attackSurfaceReport.issues.severity(IssueSeverityParamsparams, RequestOptionsoptions?): IssueSeverityResponse` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/severity` Retrieves Security Center issue counts aggregated by severity level. ### Parameters - `params: IssueSeverityParams` - `account_id: string` Path param: Identifier. - `dismissed?: boolean` Query param - `issue_class?: Array` Query param - `issueClassNeq?: Array` Query param - `issue_type?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issueTypeNeq?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `product?: Array` Query param - `productNeq?: Array` Query param - `severity?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `severityNeq?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `subject?: Array` Query param - `subjectNeq?: Array` Query param ### Returns - `IssueSeverityResponse = Array` - `count?: number` - `value?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.intel.attackSurfaceReport.issues.severity({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Retrieves Security Center Issue Counts by Type `client.intel.attackSurfaceReport.issues.type(IssueTypeParamsparams, RequestOptionsoptions?): IssueTypeResponse` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/type` Retrieves Security Center issue counts aggregated by issue type. ### Parameters - `params: IssueTypeParams` - `account_id: string` Path param: Identifier. - `dismissed?: boolean` Query param - `issue_class?: Array` Query param - `issueClassNeq?: Array` Query param - `issue_type?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issueTypeNeq?: Array` Query param - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `product?: Array` Query param - `productNeq?: Array` Query param - `severity?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `severityNeq?: Array` Query param - `"low"` - `"moderate"` - `"critical"` - `subject?: Array` Query param - `subjectNeq?: Array` Query param ### Returns - `IssueTypeResponse = Array` - `count?: number` - `value?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.intel.attackSurfaceReport.issues.type({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Archives Security Center Insight `client.intel.attackSurfaceReport.issues.dismiss(stringissueId, IssueDismissParamsparams, RequestOptionsoptions?): IssueDismissResponse` **put** `/accounts/{account_id}/intel/attack-surface-report/{issue_id}/dismiss` Deprecated endpoint for archiving Security Center insights. Use the newer archive-security-center-insight endpoint instead. ### Parameters - `issueId: string` - `params: IssueDismissParams` - `account_id: string` Path param: Identifier. - `dismiss?: boolean` Body param ### Returns - `IssueDismissResponse` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `success: true` Whether the API call was successful. - `true` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.intel.attackSurfaceReport.issues.dismiss('issue_id', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response.errors); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Issue Type - `IssueType = "compliance_violation" | "email_security" | "exposed_infrastructure" | 3 more` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` ### Severity Query Param - `SeverityQueryParam = "low" | "moderate" | "critical"` - `"low"` - `"moderate"` - `"critical"` ### Issue List Response - `IssueListResponse` - `count?: number` Indicates the total number of results. - `issues?: Array` - `id?: string` - `dismissed?: boolean` - `issue_class?: string` - `issue_type?: IssueType` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `payload?: Payload` - `detection_method?: string` Describes the method used to detect insight. - `zone_tag?: string` - `resolve_link?: string` - `resolve_text?: string` - `severity?: "Low" | "Moderate" | "Critical"` - `"Low"` - `"Moderate"` - `"Critical"` - `since?: string` - `subject?: string` - `timestamp?: string` - `page?: number` Specifies the current page within paginated list of results. - `per_page?: number` Sets the number of results per page of results. ### Issue Class Response - `IssueClassResponse = Array` - `count?: number` - `value?: string` ### Issue Severity Response - `IssueSeverityResponse = Array` - `count?: number` - `value?: string` ### Issue Type Response - `IssueTypeResponse = Array` - `count?: number` - `value?: string` ### Issue Dismiss Response - `IssueDismissResponse` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `success: true` Whether the API call was successful. - `true`