# Cloudforce One # Scans # Results ## Get the Latest Scan Result `cloudforce_one.scans.results.get(strconfig_id, ResultGetParams**kwargs) -> ResultGetResponse` **get** `/accounts/{account_id}/cloudforce-one/scans/results/{config_id}` Get the Latest Scan Result ### Parameters - `account_id: str` Defines the Account ID. - `config_id: str` Defines the Config ID. ### Returns - `class ResultGetResponse: …` - `_1_1_1_1: List[ScanResult]` - `number: Optional[float]` - `proto: Optional[str]` - `status: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) result = client.cloudforce_one.scans.results.get( config_id="config_id", account_id="account_id", ) print(result._1._1._1._1) ``` #### Response ```json { "errors": [ "string" ], "messages": [ "string" ], "result": { "1.1.1.1": [ { "number": 8080, "proto": "tcp", "status": "open" } ] }, "success": true } ``` ## Domain Types ### Scan Result - `class ScanResult: …` - `number: Optional[float]` - `proto: Optional[str]` - `status: Optional[str]` ### Result Get Response - `class ResultGetResponse: …` - `_1_1_1_1: List[ScanResult]` - `number: Optional[float]` - `proto: Optional[str]` - `status: Optional[str]` # Config ## List Scan Configs `cloudforce_one.scans.config.list(ConfigListParams**kwargs) -> SyncSinglePage[ConfigListResponse]` **get** `/accounts/{account_id}/cloudforce-one/scans/config` List Scan Configs ### Parameters - `account_id: str` Defines the Account ID. ### Returns - `class ConfigListResponse: …` - `id: str` Defines the Config ID. - `account_id: str` - `frequency: float` Defines the number of days between each scan (0 = One-off scan). - `ips: List[str]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `ports: List[str]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.cloudforce_one.scans.config.list( account_id="account_id", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "uuid", "account_id": "abcd1234abcd1234abcd1234abcd1234", "frequency": 7, "ips": [ "1.1.1.1", "2606:4700:4700::1111" ], "ports": [ "default" ] } ] } ``` ## Create a new Scan Config `cloudforce_one.scans.config.create(ConfigCreateParams**kwargs) -> ConfigCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/scans/config` Create a new Scan Config ### Parameters - `account_id: str` Defines the Account ID. - `ips: SequenceNotStr[str]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `frequency: Optional[float]` Defines the number of days between each scan (0 = One-off scan). - `ports: Optional[SequenceNotStr[str]]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Returns - `class ConfigCreateResponse: …` - `id: str` Defines the Config ID. - `account_id: str` - `frequency: float` Defines the number of days between each scan (0 = One-off scan). - `ips: List[str]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `ports: List[str]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) config = client.cloudforce_one.scans.config.create( account_id="account_id", ips=["1.1.1.1", "2606:4700:4700::1111"], ) print(config.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "uuid", "account_id": "abcd1234abcd1234abcd1234abcd1234", "frequency": 7, "ips": [ "1.1.1.1", "2606:4700:4700::1111" ], "ports": [ "default" ] } } ``` ## Update an existing Scan Config `cloudforce_one.scans.config.edit(strconfig_id, ConfigEditParams**kwargs) -> ConfigEditResponse` **patch** `/accounts/{account_id}/cloudforce-one/scans/config/{config_id}` Update an existing Scan Config ### Parameters - `account_id: str` Defines the Account ID. - `config_id: str` Defines the Config ID. - `frequency: Optional[float]` Defines the number of days between each scan (0 = One-off scan). - `ips: Optional[SequenceNotStr[str]]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `ports: Optional[SequenceNotStr[str]]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Returns - `class ConfigEditResponse: …` - `id: str` Defines the Config ID. - `account_id: str` - `frequency: float` Defines the number of days between each scan (0 = One-off scan). - `ips: List[str]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `ports: List[str]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.cloudforce_one.scans.config.edit( config_id="config_id", account_id="account_id", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "uuid", "account_id": "abcd1234abcd1234abcd1234abcd1234", "frequency": 7, "ips": [ "1.1.1.1", "2606:4700:4700::1111" ], "ports": [ "default" ] } } ``` ## Delete a Scan Config `cloudforce_one.scans.config.delete(strconfig_id, ConfigDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/cloudforce-one/scans/config/{config_id}` Delete a Scan Config ### Parameters - `account_id: str` Defines the Account ID. - `config_id: str` Defines the Config ID. ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) config = client.cloudforce_one.scans.config.delete( config_id="config_id", account_id="account_id", ) print(config) ``` #### Response ```json { "errors": [ "string" ], "messages": [ "string" ], "result": {}, "success": true } ``` ## Domain Types ### Config List Response - `class ConfigListResponse: …` - `id: str` Defines the Config ID. - `account_id: str` - `frequency: float` Defines the number of days between each scan (0 = One-off scan). - `ips: List[str]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `ports: List[str]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Config Create Response - `class ConfigCreateResponse: …` - `id: str` Defines the Config ID. - `account_id: str` - `frequency: float` Defines the number of days between each scan (0 = One-off scan). - `ips: List[str]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `ports: List[str]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. ### Config Edit Response - `class ConfigEditResponse: …` - `id: str` Defines the Config ID. - `account_id: str` - `frequency: float` Defines the number of days between each scan (0 = One-off scan). - `ips: List[str]` Defines a list of IP addresses or CIDR blocks to scan. The maximum number of total IP addresses allowed is 5000. - `ports: List[str]` Defines a list of ports to scan. Valid values are:"default", "all", or a comma-separated list of ports or range of ports (e.g. ["1-80", "443"]). "default" scans the 100 most commonly open ports. # Binary Storage ## Retrieves a file from Binary Storage `cloudforce_one.binary_storage.get(strhash, BinaryStorageGetParams**kwargs)` **get** `/accounts/{account_id}/cloudforce-one/binary/{hash}` Retrieves a file from Binary Storage ### Parameters - `account_id: str` Account ID. - `hash: str` hash of the binary ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) client.cloudforce_one.binary_storage.get( hash="hash", account_id="account_id", ) ``` ## Posts a file to Binary Storage `cloudforce_one.binary_storage.create(BinaryStorageCreateParams**kwargs) -> BinaryStorageCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/binary` Posts a file to Binary Storage ### Parameters - `account_id: str` Account ID. - `file: FileTypes` The binary file content to upload. ### Returns - `class BinaryStorageCreateResponse: …` - `content_type: str` - `md5: str` - `sha1: str` - `sha256: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) binary_storage = client.cloudforce_one.binary_storage.create( account_id="account_id", file=b"Example data", ) print(binary_storage.content_type) ``` #### Response ```json { "content_type": "text/plain", "md5": "5d84ade76d2a8387c81175bb0cbe6492", "sha1": "9aff6879626d957eafadda044e4f879aae1e7278", "sha256": "0000a7f2692ef479e2e3d02661568882cadec451cc8a64d4e7faca29810cd626" } ``` ## Domain Types ### Binary Storage Create Response - `class BinaryStorageCreateResponse: …` - `content_type: str` - `md5: str` - `sha1: str` - `sha256: str` # Requests ## List Requests `cloudforce_one.requests.list(RequestListParams**kwargs) -> SyncSinglePage[ListItem]` **post** `/accounts/{account_id}/cloudforce-one/requests` List Requests ### Parameters - `account_id: str` Identifier. - `page: int` Page number of results. - `per_page: int` Number of results per page. - `completed_after: Optional[Union[str, datetime]]` Retrieve requests completed after this time. - `completed_before: Optional[Union[str, datetime]]` Retrieve requests completed before this time. - `created_after: Optional[Union[str, datetime]]` Retrieve requests created after this time. - `created_before: Optional[Union[str, datetime]]` Retrieve requests created before this time. - `request_type: Optional[str]` Requested information from request. - `sort_by: Optional[str]` Field to sort results by. - `sort_order: Optional[Literal["asc", "desc"]]` Sort order (asc or desc). - `"asc"` - `"desc"` - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` ### Returns - `class ListItem: …` - `id: str` UUID. - `created: datetime` Request creation time. - `priority: Literal["routine", "high", "urgent"]` - `"routine"` - `"high"` - `"urgent"` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` Request last updated time. - `completed: Optional[datetime]` Request completion time. - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.cloudforce_one.requests.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", page=0, per_page=10, ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2022-04-01T00:00:00Z", "priority": "routine", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T00:00:00Z", "completed": "2024-01-01T00:00:00Z", "message_tokens": 16, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 0 } ] } ``` ## Get a Request `cloudforce_one.requests.get(strrequest_id, RequestGetParams**kwargs) -> Item` **get** `/accounts/{account_id}/cloudforce-one/requests/{request_id}` Get a Request ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. ### Returns - `class Item: …` - `id: str` UUID. - `content: str` Request content. - `created: datetime` - `priority: datetime` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` - `completed: Optional[datetime]` - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) item = client.cloudforce_one.requests.get( request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(item.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Create a New Request. `cloudforce_one.requests.create(RequestCreateParams**kwargs) -> Item` **post** `/accounts/{account_id}/cloudforce-one/requests/new` Creating a request adds the request into the Cloudforce One queue for analysis. In addition to the content, a short title, type, priority, and releasability should be provided. If one is not provided, a default will be assigned. ### Parameters - `account_id: str` Identifier. - `content: Optional[str]` Request content. - `priority: Optional[str]` Priority for analyzing the request. - `request_type: Optional[str]` Requested information from request. - `summary: Optional[str]` Brief description of the request. - `tlp: Optional[Literal["clear", "amber", "amber-strict", 2 more]]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` ### Returns - `class Item: …` - `id: str` UUID. - `content: str` Request content. - `created: datetime` - `priority: datetime` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` - `completed: Optional[datetime]` - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) item = client.cloudforce_one.requests.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(item.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Update a Request `cloudforce_one.requests.update(strrequest_id, RequestUpdateParams**kwargs) -> Item` **put** `/accounts/{account_id}/cloudforce-one/requests/{request_id}` Updating a request alters the request in the Cloudforce One queue. This API may be used to update any attributes of the request after the initial submission. Only fields that you choose to update need to be add to the request body. ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `content: Optional[str]` Request content. - `priority: Optional[str]` Priority for analyzing the request. - `request_type: Optional[str]` Requested information from request. - `summary: Optional[str]` Brief description of the request. - `tlp: Optional[Literal["clear", "amber", "amber-strict", 2 more]]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` ### Returns - `class Item: …` - `id: str` UUID. - `content: str` Request content. - `created: datetime` - `priority: datetime` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` - `completed: Optional[datetime]` - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) item = client.cloudforce_one.requests.update( request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(item.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Delete a Request `cloudforce_one.requests.delete(strrequest_id, RequestDeleteParams**kwargs) -> RequestDeleteResponse` **delete** `/accounts/{account_id}/cloudforce-one/requests/{request_id}` Delete a Request ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. ### Returns - `class RequestDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) request = client.cloudforce_one.requests.delete( request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(request.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Get Request Quota `cloudforce_one.requests.quota(RequestQuotaParams**kwargs) -> Quota` **get** `/accounts/{account_id}/cloudforce-one/requests/quota` Get Request Quota ### Parameters - `account_id: str` Identifier. ### Returns - `class Quota: …` - `anniversary_date: Optional[datetime]` Anniversary date is when annual quota limit is refreshed. - `quarter_anniversary_date: Optional[datetime]` Quarter anniversary date is when quota limit is refreshed each quarter. - `quota: Optional[int]` Tokens for the quarter. - `remaining: Optional[int]` Tokens remaining for the quarter. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) quota = client.cloudforce_one.requests.quota( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(quota.anniversary_date) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "anniversary_date": "2022-04-01T00:00:00Z", "quarter_anniversary_date": "2022-04-01T00:00:00Z", "quota": 120, "remaining": 64 } } ``` ## Get Request Types `cloudforce_one.requests.types(RequestTypesParams**kwargs) -> SyncSinglePage[RequestTypesResponse]` **get** `/accounts/{account_id}/cloudforce-one/requests/types` Get Request Types ### Parameters - `account_id: str` Identifier. ### Returns - `str` Request Types. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.cloudforce_one.requests.types( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ "Indicators of Compromise", "Victomology" ] } ``` ## Get Request Priority, Status, and TLP constants `cloudforce_one.requests.constants(RequestConstantsParams**kwargs) -> RequestConstants` **get** `/accounts/{account_id}/cloudforce-one/requests/constants` Get Request Priority, Status, and TLP constants ### Parameters - `account_id: str` Identifier. ### Returns - `class RequestConstants: …` - `priority: Optional[List[Literal["routine", "high", "urgent"]]]` - `"routine"` - `"high"` - `"urgent"` - `status: Optional[List[Literal["open", "accepted", "reported", 3 more]]]` - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tlp: Optional[List[Literal["clear", "amber", "amber-strict", 2 more]]]` - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) request_constants = client.cloudforce_one.requests.constants( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(request_constants.priority) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "priority": [ "routine", "high", "urgent" ], "status": [ "open", "accepted", "reported", "approved", "completed", "declined" ], "tlp": [ "clear", "green", "amber", "amber-strict", "red" ] } } ``` ## Domain Types ### Item - `class Item: …` - `id: str` UUID. - `content: str` Request content. - `created: datetime` - `priority: datetime` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` - `completed: Optional[datetime]` - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### List Item - `class ListItem: …` - `id: str` UUID. - `created: datetime` Request creation time. - `priority: Literal["routine", "high", "urgent"]` - `"routine"` - `"high"` - `"urgent"` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` Request last updated time. - `completed: Optional[datetime]` Request completion time. - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### Quota - `class Quota: …` - `anniversary_date: Optional[datetime]` Anniversary date is when annual quota limit is refreshed. - `quarter_anniversary_date: Optional[datetime]` Quarter anniversary date is when quota limit is refreshed each quarter. - `quota: Optional[int]` Tokens for the quarter. - `remaining: Optional[int]` Tokens remaining for the quarter. ### Request Constants - `class RequestConstants: …` - `priority: Optional[List[Literal["routine", "high", "urgent"]]]` - `"routine"` - `"high"` - `"urgent"` - `status: Optional[List[Literal["open", "accepted", "reported", 3 more]]]` - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tlp: Optional[List[Literal["clear", "amber", "amber-strict", 2 more]]]` - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` ### Request Types - `List[RequestTypesResponse]` ### Request Delete Response - `class RequestDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Request Types Response - `str` Request Types. # Message ## List Request Messages `cloudforce_one.requests.message.get(strrequest_id, MessageGetParams**kwargs) -> SyncSinglePage[Message]` **post** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message` List Request Messages ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `page: int` Page number of results. - `per_page: int` Number of results per page. - `after: Optional[Union[str, datetime]]` Retrieve mes ges created after this time. - `before: Optional[Union[str, datetime]]` Retrieve messages created before this time. - `sort_by: Optional[str]` Field to sort results by. - `sort_order: Optional[Literal["asc", "desc"]]` Sort order (asc or desc). - `"asc"` - `"desc"` ### Returns - `class Message: …` - `id: int` Message ID. - `author: str` Author of message. - `content: str` Content of message. - `is_follow_on_request: bool` Whether the message is a follow-on request. - `updated: datetime` Defines the message last updated time. - `created: Optional[datetime]` Defines the message creation time. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.cloudforce_one.requests.message.get( request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", page=0, per_page=10, ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 0, "author": "user@domain.com", "content": "Can you elaborate on the type of DoS that occurred?", "is_follow_on_request": true, "updated": "2022-01-01T00:00:00Z", "created": "2022-01-01T00:00:00Z" } ] } ``` ## Create a New Request Message `cloudforce_one.requests.message.create(strrequest_id, MessageCreateParams**kwargs) -> Message` **post** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/new` Create a New Request Message ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `content: Optional[str]` Content of message. ### Returns - `class Message: …` - `id: int` Message ID. - `author: str` Author of message. - `content: str` Content of message. - `is_follow_on_request: bool` Whether the message is a follow-on request. - `updated: datetime` Defines the message last updated time. - `created: Optional[datetime]` Defines the message creation time. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) message = client.cloudforce_one.requests.message.create( request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(message.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 0, "author": "user@domain.com", "content": "Can you elaborate on the type of DoS that occurred?", "is_follow_on_request": true, "updated": "2022-01-01T00:00:00Z", "created": "2022-01-01T00:00:00Z" } } ``` ## Update a Request Message `cloudforce_one.requests.message.update(intmessage_id, MessageUpdateParams**kwargs) -> Message` **put** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/{message_id}` Update a Request Message ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `message_id: int` - `content: Optional[str]` Content of message. ### Returns - `class Message: …` - `id: int` Message ID. - `author: str` Author of message. - `content: str` Content of message. - `is_follow_on_request: bool` Whether the message is a follow-on request. - `updated: datetime` Defines the message last updated time. - `created: Optional[datetime]` Defines the message creation time. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) message = client.cloudforce_one.requests.message.update( message_id=0, account_id="023e105f4ecef8ad9ca31a8372d0c353", request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", ) print(message.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 0, "author": "user@domain.com", "content": "Can you elaborate on the type of DoS that occurred?", "is_follow_on_request": true, "updated": "2022-01-01T00:00:00Z", "created": "2022-01-01T00:00:00Z" } } ``` ## Delete a Request Message `cloudforce_one.requests.message.delete(intmessage_id, MessageDeleteParams**kwargs) -> MessageDeleteResponse` **delete** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/message/{message_id}` Delete a Request Message ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `message_id: int` ### Returns - `class MessageDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) message = client.cloudforce_one.requests.message.delete( message_id=0, account_id="023e105f4ecef8ad9ca31a8372d0c353", request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", ) print(message.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Message - `class Message: …` - `id: int` Message ID. - `author: str` Author of message. - `content: str` Content of message. - `is_follow_on_request: bool` Whether the message is a follow-on request. - `updated: datetime` Defines the message last updated time. - `created: Optional[datetime]` Defines the message creation time. ### Message Delete Response - `class MessageDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` # Priority ## Get a Priority Intelligence Requirement `cloudforce_one.requests.priority.get(strpriority_id, PriorityGetParams**kwargs) -> Item` **get** `/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}` Get a Priority Intelligence Requirement ### Parameters - `account_id: str` Identifier. - `priority_id: str` UUID. ### Returns - `class Item: …` - `id: str` UUID. - `content: str` Request content. - `created: datetime` - `priority: datetime` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` - `completed: Optional[datetime]` - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) item = client.cloudforce_one.requests.priority.get( priority_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(item.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Create a New Priority Intelligence Requirement `cloudforce_one.requests.priority.create(PriorityCreateParams**kwargs) -> Priority` **post** `/accounts/{account_id}/cloudforce-one/requests/priority/new` Create a New Priority Intelligence Requirement ### Parameters - `account_id: str` Identifier. - `labels: SequenceNotStr[Label]` List of labels. - `priority: int` Priority. - `requirement: str` Requirement. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` ### Returns - `class Priority: …` - `id: str` UUID. - `created: datetime` Priority creation time. - `labels: List[Label]` List of labels. - `priority: int` Priority. - `requirement: str` Requirement. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` Priority last updated time. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) priority = client.cloudforce_one.requests.priority.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", labels=["DoS", "CVE"], priority=1, requirement="DoS attacks carried out by CVEs", tlp="clear", ) print(priority.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2022-04-01T05:20:00Z", "labels": [ "DoS", "CVE" ], "priority": 1, "requirement": "DoS attacks carried out by CVEs", "tlp": "clear", "updated": "2022-04-01T05:20:00Z" } } ``` ## Update a Priority Intelligence Requirement `cloudforce_one.requests.priority.update(strpriority_id, PriorityUpdateParams**kwargs) -> Item` **put** `/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}` Update a Priority Intelligence Requirement ### Parameters - `account_id: str` Identifier. - `priority_id: str` UUID. - `labels: SequenceNotStr[Label]` List of labels. - `priority: int` Priority. - `requirement: str` Requirement. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` ### Returns - `class Item: …` - `id: str` UUID. - `content: str` Request content. - `created: datetime` - `priority: datetime` - `request: str` Requested information from request. - `summary: str` Brief description of the request. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` - `completed: Optional[datetime]` - `message_tokens: Optional[int]` Tokens for the request messages. - `readable_id: Optional[str]` Readable Request ID. - `status: Optional[Literal["open", "accepted", "reported", 3 more]]` Request Status. - `"open"` - `"accepted"` - `"reported"` - `"approved"` - `"completed"` - `"declined"` - `tokens: Optional[int]` Tokens for the request. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) item = client.cloudforce_one.requests.priority.update( priority_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", labels=["DoS", "CVE"], priority=1, requirement="DoS attacks carried out by CVEs", tlp="clear", ) print(item.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "content": "What regions were most effected by the recent DoS?", "created": "2022-04-01T05:20:00Z", "priority": "2022-04-01T05:20:00Z", "request": "Victomology", "summary": "DoS attack", "tlp": "clear", "updated": "2022-04-01T05:20:00Z", "completed": "2022-04-01T05:20:00Z", "message_tokens": 1, "readable_id": "RFI-2022-000001", "status": "open", "tokens": 16 } } ``` ## Delete a Priority Intelligence Requirement `cloudforce_one.requests.priority.delete(strpriority_id, PriorityDeleteParams**kwargs) -> PriorityDeleteResponse` **delete** `/accounts/{account_id}/cloudforce-one/requests/priority/{priority_id}` Delete a Priority Intelligence Requirement ### Parameters - `account_id: str` Identifier. - `priority_id: str` UUID. ### Returns - `class PriorityDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) priority = client.cloudforce_one.requests.priority.delete( priority_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(priority.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Get Priority Intelligence Requirement Quota `cloudforce_one.requests.priority.quota(PriorityQuotaParams**kwargs) -> Quota` **get** `/accounts/{account_id}/cloudforce-one/requests/priority/quota` Get Priority Intelligence Requirement Quota ### Parameters - `account_id: str` Identifier. ### Returns - `class Quota: …` - `anniversary_date: Optional[datetime]` Anniversary date is when annual quota limit is refreshed. - `quarter_anniversary_date: Optional[datetime]` Quarter anniversary date is when quota limit is refreshed each quarter. - `quota: Optional[int]` Tokens for the quarter. - `remaining: Optional[int]` Tokens remaining for the quarter. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) quota = client.cloudforce_one.requests.priority.quota( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(quota.anniversary_date) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "anniversary_date": "2022-04-01T00:00:00Z", "quarter_anniversary_date": "2022-04-01T00:00:00Z", "quota": 120, "remaining": 64 } } ``` ## Domain Types ### Label - `str` ### Priority - `class Priority: …` - `id: str` UUID. - `created: datetime` Priority creation time. - `labels: List[Label]` List of labels. - `priority: int` Priority. - `requirement: str` Requirement. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` - `updated: datetime` Priority last updated time. ### Priority Edit - `class PriorityEdit: …` - `labels: List[Label]` List of labels. - `priority: int` Priority. - `requirement: str` Requirement. - `tlp: Literal["clear", "amber", "amber-strict", 2 more]` The CISA defined Traffic Light Protocol (TLP). - `"clear"` - `"amber"` - `"amber-strict"` - `"green"` - `"red"` ### Priority Delete Response - `class PriorityDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` # Assets ## Get a Request Asset `cloudforce_one.requests.assets.get(strasset_id, AssetGetParams**kwargs) -> SyncSinglePage[AssetGetResponse]` **get** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}` Get a Request Asset ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `asset_id: str` UUID. ### Returns - `class AssetGetResponse: …` - `id: int` Asset ID. - `name: str` Asset name. - `created: Optional[datetime]` Defines the asset creation time. - `description: Optional[str]` Asset description. - `file_type: Optional[str]` Asset file type. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.cloudforce_one.requests.assets.get( asset_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 0, "name": "example.docx", "created": "2022-01-01T00:00:00Z", "description": "example description", "file_type": "docx" } ] } ``` ## List Request Assets `cloudforce_one.requests.assets.create(strrequest_id, AssetCreateParams**kwargs) -> SyncSinglePage[AssetCreateResponse]` **post** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset` List Request Assets ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `page: int` Page number of results. - `per_page: int` Number of results per page. ### Returns - `class AssetCreateResponse: …` - `id: int` Asset ID. - `name: str` Asset name. - `created: Optional[datetime]` Defines the asset creation time. - `description: Optional[str]` Asset description. - `file_type: Optional[str]` Asset file type. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.cloudforce_one.requests.assets.create( request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", page=0, per_page=10, ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 0, "name": "example.docx", "created": "2022-01-01T00:00:00Z", "description": "example description", "file_type": "docx" } ] } ``` ## Update a Request Asset `cloudforce_one.requests.assets.update(strasset_id, AssetUpdateParams**kwargs) -> AssetUpdateResponse` **put** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}` Update a Request Asset ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `asset_id: str` UUID. - `source: Optional[str]` Asset file to upload. ### Returns - `class AssetUpdateResponse: …` - `id: int` Asset ID. - `name: str` Asset name. - `created: Optional[datetime]` Defines the asset creation time. - `description: Optional[str]` Asset description. - `file_type: Optional[str]` Asset file type. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) asset = client.cloudforce_one.requests.assets.update( asset_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", ) print(asset.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 0, "name": "example.docx", "created": "2022-01-01T00:00:00Z", "description": "example description", "file_type": "docx" } } ``` ## Delete a Request Asset `cloudforce_one.requests.assets.delete(strasset_id, AssetDeleteParams**kwargs) -> AssetDeleteResponse` **delete** `/accounts/{account_id}/cloudforce-one/requests/{request_id}/asset/{asset_id}` Delete a Request Asset ### Parameters - `account_id: str` Identifier. - `request_id: str` UUID. - `asset_id: str` UUID. ### Returns - `class AssetDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) asset = client.cloudforce_one.requests.assets.delete( asset_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="023e105f4ecef8ad9ca31a8372d0c353", request_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", ) print(asset.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Asset Get Response - `class AssetGetResponse: …` - `id: int` Asset ID. - `name: str` Asset name. - `created: Optional[datetime]` Defines the asset creation time. - `description: Optional[str]` Asset description. - `file_type: Optional[str]` Asset file type. ### Asset Create Response - `class AssetCreateResponse: …` - `id: int` Asset ID. - `name: str` Asset name. - `created: Optional[datetime]` Defines the asset creation time. - `description: Optional[str]` Asset description. - `file_type: Optional[str]` Asset file type. ### Asset Update Response - `class AssetUpdateResponse: …` - `id: int` Asset ID. - `name: str` Asset name. - `created: Optional[datetime]` Defines the asset creation time. - `description: Optional[str]` Asset description. - `file_type: Optional[str]` Asset file type. ### Asset Delete Response - `class AssetDeleteResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` # Threat Events ## Filter and list events `cloudforce_one.threat_events.list(ThreatEventListParams**kwargs) -> ThreatEventListResponse` **get** `/accounts/{account_id}/cloudforce-one/events` When `datasetId` is unspecified, events will be listed from the `Cloudforce One Threat Events` dataset. To list existing datasets (and their IDs), use the [`List Datasets`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/) endpoint). Also, must provide query parameters. ### Parameters - `account_id: str` Account ID. - `cursor: Optional[str]` Cursor for pagination. When provided, filters are embedded in the cursor so you only need to pass cursor and pageSize. Returned in the previous response's result_info.cursor field. Use cursor-based pagination for deep pagination (beyond 100,000 records) or for optimal performance. - `dataset_id: Optional[SequenceNotStr[str]]` - `force_refresh: Optional[bool]` - `format: Optional[Literal["json", "stix2"]]` - `"json"` - `"stix2"` - `order: Optional[Literal["asc", "desc"]]` - `"asc"` - `"desc"` - `order_by: Optional[str]` - `page: Optional[float]` Page number (1-indexed) for offset-based pagination. Limited to offset of 100,000 records. For deep pagination, use cursor-based pagination instead. - `page_size: Optional[float]` Number of results per page. Maximum 25,000. - `search: Optional[Iterable[Search]]` - `field: Optional[str]` Event field to search on. Allowed: attacker, attackerCountry, category, createdAt, date, event, indicator, indicatorType, killChain, mitreAttack, tags, targetCountry, targetIndustry, tlp, uuid. - `op: Optional[Literal["equals", "not", "gt", 9 more]]` Search operator. Use 'in' for bulk lookup of up to 100 values at once, e.g. {field:'tags', op:'in', value:['malware','apt']}. - `"equals"` - `"not"` - `"gt"` - `"gte"` - `"lt"` - `"lte"` - `"like"` - `"contains"` - `"startsWith"` - `"endsWith"` - `"in"` - `"find"` - `value: Optional[Union[str, float, SequenceNotStr[Union[str, float]]]]` Search value. String or number for most operators. Array for 'in' operator (max 100 items). - `str` - `float` - `SequenceNotStr[Union[str, float]]` - `str` - `float` ### Returns - `List[ThreatEventListResponseItem]` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) threat_events = client.cloudforce_one.threat_events.list( account_id="account_id", ) print(threat_events) ``` #### Response ```json [ { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ] ``` ## Reads an event `cloudforce_one.threat_events.get(strevent_id, ThreatEventGetParams**kwargs) -> ThreatEventGetResponse` **get** `/accounts/{account_id}/cloudforce-one/events/{event_id}` This Method is deprecated. Please use /events/dataset/:dataset_id/events/:event_id instead. ### Parameters - `account_id: str` Account ID. - `event_id: str` Event UUID. ### Returns - `class ThreatEventGetResponse: …` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) threat_event = client.cloudforce_one.threat_events.get( event_id="event_id", account_id="account_id", ) print(threat_event.uuid) ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Creates a new event `cloudforce_one.threat_events.create(ThreatEventCreateParams**kwargs) -> ThreatEventCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/events/create` To create a dataset, see the [`Create Dataset`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/create/) endpoint. When `datasetId` parameter is unspecified, it will be created in a default dataset named `Cloudforce One Threat Events`. ### Parameters - `account_id: str` Account ID. - `category: str` - `date: Union[str, datetime]` - `event: str` - `raw: Raw` - `data: Optional[Dict[str, object]]` - `source: Optional[str]` - `tlp: Optional[str]` - `tlp: str` - `account_id: Optional[float]` - `attacker: Optional[str]` - `attacker_country: Optional[str]` - `dataset_id: Optional[str]` - `indicator: Optional[str]` - `indicators: Optional[Iterable[Indicator]]` Array of indicators for this event. Supports multiple indicators per event for complex scenarios. - `indicator_type: str` The type of indicator (e.g., DOMAIN, IP, JA3, HASH) - `value: str` The indicator value (e.g., domain name, IP address, hash) - `indicator_type: Optional[str]` - `insight: Optional[str]` - `tags: Optional[SequenceNotStr[str]]` - `target_country: Optional[str]` - `target_industry: Optional[str]` ### Returns - `class ThreatEventCreateResponse: …` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Example ```python import os from datetime import datetime from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) threat_event = client.cloudforce_one.threat_events.create( path_account_id="account_id", category="Domain Resolution", date=datetime.fromisoformat("2022-04-01T00:00:00"), event="An attacker registered the domain domain.com", raw={ "data": { "foo": "bar" } }, tlp="amber", ) print(threat_event.uuid) ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Updates an event `cloudforce_one.threat_events.edit(strevent_id, ThreatEventEditParams**kwargs) -> ThreatEventEditResponse` **patch** `/accounts/{account_id}/cloudforce-one/events/{event_id}` Updates an event ### Parameters - `account_id: str` Account ID. - `event_id: str` Event UUID. - `dataset_id: str` Dataset ID containing the event to update. - `attacker: Optional[str]` - `attacker_country: Optional[str]` - `category: Optional[str]` - `created_at: Optional[Union[str, datetime]]` - `date: Optional[Union[str, datetime]]` - `event: Optional[str]` - `indicator: Optional[str]` - `indicator_type: Optional[str]` - `insight: Optional[str]` - `raw: Optional[Raw]` - `data: Optional[Dict[str, object]]` - `source: Optional[str]` - `tlp: Optional[str]` - `target_country: Optional[str]` - `target_industry: Optional[str]` - `tlp: Optional[str]` ### Returns - `class ThreatEventEditResponse: …` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.cloudforce_one.threat_events.edit( event_id="event_id", account_id="account_id", dataset_id="9b769969-a211-466c-8ac3-cb91266a066a", ) print(response.uuid) ``` #### Response ```json { "attacker": "Flying Yeti", "attackerCountry": "CN", "category": "Domain Resolution", "datasetId": "dataset-example-id", "date": "2022-04-01T00:00:00Z", "event": "An attacker registered the domain domain.com", "hasChildren": true, "indicator": "domain.com", "indicatorType": "domain", "indicatorTypeId": 5, "killChain": 0, "mitreAttack": [ " " ], "mitreCapec": [ " " ], "numReferenced": 0, "numReferences": 0, "rawId": "453gw34w3", "referenced": [ " " ], "referencedIds": [ 0 ], "references": [ " " ], "referencesIds": [ 0 ], "tags": [ "malware" ], "targetCountry": "US", "targetIndustry": "Agriculture", "tlp": "amber", "uuid": "12345678-1234-1234-1234-1234567890ab", "insight": "insight", "releasabilityId": "releasabilityId" } ``` ## Creates bulk events `cloudforce_one.threat_events.bulk_create(ThreatEventBulkCreateParams**kwargs) -> ThreatEventBulkCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/events/create/bulk` The `datasetId` parameter must be defined. To list existing datasets (and their IDs) in your account, use the [`List Datasets`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/list/) endpoint. ### Parameters - `account_id: str` Account ID. - `data: Iterable[Data]` - `category: str` - `date: Union[str, datetime]` - `event: str` - `raw: DataRaw` - `data: Optional[Dict[str, object]]` - `source: Optional[str]` - `tlp: Optional[str]` - `tlp: str` - `account_id: Optional[float]` - `attacker: Optional[str]` - `attacker_country: Optional[str]` - `dataset_id: Optional[str]` - `indicator: Optional[str]` - `indicators: Optional[Iterable[DataIndicator]]` Array of indicators for this event. Supports multiple indicators per event for complex scenarios. - `indicator_type: str` The type of indicator (e.g., DOMAIN, IP, JA3, HASH) - `value: str` The indicator value (e.g., domain name, IP address, hash) - `indicator_type: Optional[str]` - `insight: Optional[str]` - `tags: Optional[SequenceNotStr[str]]` - `target_country: Optional[str]` - `target_industry: Optional[str]` - `dataset_id: str` - `include_created_events: Optional[bool]` When true, response includes array of created event UUIDs and shard IDs. Useful for tracking which events were created and where. ### Returns - `class ThreatEventBulkCreateResponse: …` Detailed result of bulk event creation with auto-tag management - `created_events_count: float` Number of events created - `created_tags_count: float` Number of new tags created in SoT - `error_count: float` Number of errors encountered - `queued_indicators_count: float` Number of indicators queued for async processing - `create_bulk_events_request_id: Optional[str]` Correlation ID for async indicator processing - `created_events: Optional[List[CreatedEvent]]` Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true - `event_index: float` Original index in the input data array - `shard_id: str` Dataset ID of the shard where the event was created - `uuid: str` UUID of the created event - `errors: Optional[List[Error]]` Array of error details - `error: str` Error message - `event_index: float` Index of the event that caused the error ### Example ```python import os from datetime import datetime from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.cloudforce_one.threat_events.bulk_create( account_id="account_id", data=[{ "category": "Domain Resolution", "date": datetime.fromisoformat("2022-04-01T00:00:00"), "event": "An attacker registered the domain domain.com", "raw": { "data": { "foo": "bar" } }, "tlp": "amber", }], dataset_id="durableObjectName", ) print(response.created_events_count) ``` #### Response ```json { "createdEventsCount": 0, "createdTagsCount": 0, "errorCount": 0, "queuedIndicatorsCount": 0, "createBulkEventsRequestId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "createdEvents": [ { "eventIndex": 0, "shardId": "shardId", "uuid": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } ], "errors": [ { "error": "error", "eventIndex": 0 } ] } ``` ## Domain Types ### Threat Event List Response - `List[ThreatEventListResponseItem]` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Threat Event Get Response - `class ThreatEventGetResponse: …` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Threat Event Create Response - `class ThreatEventCreateResponse: …` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Threat Event Edit Response - `class ThreatEventEditResponse: …` - `attacker: str` - `attacker_country: str` - `category: str` - `dataset_id: str` - `date: str` - `event: str` - `has_children: bool` - `indicator: str` - `indicator_type: str` - `indicator_type_id: float` - `kill_chain: float` - `mitre_attack: List[str]` - `mitre_capec: List[str]` - `num_referenced: float` - `num_references: float` - `raw_id: str` - `referenced: List[str]` - `referenced_ids: List[float]` - `references: List[str]` - `references_ids: List[float]` - `tags: List[str]` - `target_country: str` - `target_industry: str` - `tlp: str` - `uuid: str` - `insight: Optional[str]` - `releasability_id: Optional[str]` ### Threat Event Bulk Create Response - `class ThreatEventBulkCreateResponse: …` Detailed result of bulk event creation with auto-tag management - `created_events_count: float` Number of events created - `created_tags_count: float` Number of new tags created in SoT - `error_count: float` Number of errors encountered - `queued_indicators_count: float` Number of indicators queued for async processing - `create_bulk_events_request_id: Optional[str]` Correlation ID for async indicator processing - `created_events: Optional[List[CreatedEvent]]` Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true - `event_index: float` Original index in the input data array - `shard_id: str` Dataset ID of the shard where the event was created - `uuid: str` UUID of the created event - `errors: Optional[List[Error]]` Array of error details - `error: str` Error message - `event_index: float` Index of the event that caused the error # Attackers ## Lists attackers across multiple datasets `cloudforce_one.threat_events.attackers.list(AttackerListParams**kwargs) -> AttackerListResponse` **get** `/accounts/{account_id}/cloudforce-one/events/attackers` Lists attackers across multiple datasets ### Parameters - `account_id: str` Account ID. - `dataset_ids: Optional[SequenceNotStr[str]]` Array of dataset IDs to query attackers from. If not provided, uses the default dataset. ### Returns - `class AttackerListResponse: …` - `items: Items` - `type: str` - `type: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) attackers = client.cloudforce_one.threat_events.attackers.list( account_id="account_id", ) print(attackers.items) ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` ## Domain Types ### Attacker List Response - `class AttackerListResponse: …` - `items: Items` - `type: str` - `type: str` # Categories ## Lists categories across multiple datasets `cloudforce_one.threat_events.categories.list(CategoryListParams**kwargs) -> CategoryListResponse` **get** `/accounts/{account_id}/cloudforce-one/events/categories` Lists categories across multiple datasets ### Parameters - `account_id: str` Account ID. - `dataset_ids: Optional[SequenceNotStr[str]]` Array of dataset IDs to query categories from. If not provided, uses the default dataset. ### Returns - `List[CategoryListResponseItem]` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) categories = client.cloudforce_one.threat_events.categories.list( account_id="account_id", ) print(categories) ``` #### Response ```json [ { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ] ``` ## Reads a category `cloudforce_one.threat_events.categories.get(strcategory_id, CategoryGetParams**kwargs) -> CategoryGetResponse` **get** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Reads a category ### Parameters - `account_id: str` Account ID. - `category_id: str` Category UUID. ### Returns - `class CategoryGetResponse: …` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) category = client.cloudforce_one.threat_events.categories.get( category_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(category.uuid) ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Creates a new category `cloudforce_one.threat_events.categories.create(CategoryCreateParams**kwargs) -> CategoryCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/events/categories/create` Creates a new category ### Parameters - `account_id: str` Account ID. - `kill_chain: float` - `name: str` - `mitre_attack: Optional[SequenceNotStr[str]]` - `mitre_capec: Optional[SequenceNotStr[str]]` - `shortname: Optional[str]` ### Returns - `class CategoryCreateResponse: …` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) category = client.cloudforce_one.threat_events.categories.create( account_id="account_id", kill_chain=0, name="name", ) print(category.uuid) ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Updates a category `cloudforce_one.threat_events.categories.edit(strcategory_id, CategoryEditParams**kwargs) -> CategoryEditResponse` **patch** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Updates a category ### Parameters - `account_id: str` Account ID. - `category_id: str` Category UUID. - `kill_chain: Optional[float]` - `mitre_attack: Optional[SequenceNotStr[str]]` - `mitre_capec: Optional[SequenceNotStr[str]]` - `name: Optional[str]` - `shortname: Optional[str]` ### Returns - `class CategoryEditResponse: …` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.cloudforce_one.threat_events.categories.edit( category_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(response.uuid) ``` #### Response ```json { "killChain": 0, "name": "name", "uuid": "12345678-1234-1234-1234-1234567890ab", "mitreAttack": [ "T1234" ], "mitreCapec": [ "123" ], "shortname": "shortname" } ``` ## Deletes a category `cloudforce_one.threat_events.categories.delete(strcategory_id, CategoryDeleteParams**kwargs) -> CategoryDeleteResponse` **delete** `/accounts/{account_id}/cloudforce-one/events/categories/{category_id}` Deletes a category ### Parameters - `account_id: str` Account ID. - `category_id: str` Category UUID. ### Returns - `class CategoryDeleteResponse: …` - `uuid: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) category = client.cloudforce_one.threat_events.categories.delete( category_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(category.uuid) ``` #### Response ```json { "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Domain Types ### Category List Response - `List[CategoryListResponseItem]` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Category Get Response - `class CategoryGetResponse: …` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Category Create Response - `class CategoryCreateResponse: …` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Category Edit Response - `class CategoryEditResponse: …` - `kill_chain: float` - `name: str` - `uuid: str` - `mitre_attack: Optional[List[str]]` - `mitre_capec: Optional[List[str]]` - `shortname: Optional[str]` ### Category Delete Response - `class CategoryDeleteResponse: …` - `uuid: str` # Countries ## Retrieves countries information for all countries `cloudforce_one.threat_events.countries.list(CountryListParams**kwargs) -> CountryListResponse` **get** `/accounts/{account_id}/cloudforce-one/events/countries` Retrieves countries information for all countries ### Parameters - `account_id: str` Account ID. ### Returns - `List[CountryListResponseItem]` - `result: List[CountryListResponseItemResult]` - `alpha3: str` - `name: str` - `success: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) countries = client.cloudforce_one.threat_events.countries.list( account_id="account_id", ) print(countries) ``` #### Response ```json [ { "result": [ { "alpha3": "AF", "name": "Afghanistan" } ], "success": "true" } ] ``` ## Domain Types ### Country List Response - `List[CountryListResponseItem]` - `result: List[CountryListResponseItemResult]` - `alpha3: str` - `name: str` - `success: str` # Crons # Datasets ## Lists all datasets in an account `cloudforce_one.threat_events.datasets.list(DatasetListParams**kwargs) -> DatasetListResponse` **get** `/accounts/{account_id}/cloudforce-one/events/dataset` Lists all datasets in an account ### Parameters - `account_id: str` Account ID. ### Returns - `List[DatasetListResponseItem]` - `is_public: bool` - `name: str` - `uuid: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) datasets = client.cloudforce_one.threat_events.datasets.list( account_id="account_id", ) print(datasets) ``` #### Response ```json [ { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ] ``` ## Reads a dataset `cloudforce_one.threat_events.datasets.get(strdataset_id, DatasetGetParams**kwargs) -> DatasetGetResponse` **get** `/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}` Reads a dataset ### Parameters - `account_id: str` Account ID. - `dataset_id: str` Dataset ID. ### Returns - `class DatasetGetResponse: …` - `is_public: bool` - `name: str` - `uuid: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) dataset = client.cloudforce_one.threat_events.datasets.get( dataset_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(dataset.uuid) ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Creates a dataset `cloudforce_one.threat_events.datasets.create(DatasetCreateParams**kwargs) -> DatasetCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/events/dataset/create` Creates a dataset ### Parameters - `account_id: str` Account ID. - `is_public: bool` If true, then anyone can search the dataset. If false, then its limited to the account. - `name: str` Used to describe the dataset within the account context. ### Returns - `class DatasetCreateResponse: …` - `is_public: bool` - `name: str` - `uuid: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) dataset = client.cloudforce_one.threat_events.datasets.create( account_id="account_id", is_public=True, name="x", ) print(dataset.uuid) ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Updates an existing dataset `cloudforce_one.threat_events.datasets.edit(strdataset_id, DatasetEditParams**kwargs) -> DatasetEditResponse` **patch** `/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}` Updates an existing dataset ### Parameters - `account_id: str` Account ID. - `dataset_id: str` Dataset ID. - `is_public: bool` If true, then anyone can search the dataset. If false, then its limited to the account. - `name: str` Used to describe the dataset within the account context. ### Returns - `class DatasetEditResponse: …` - `is_public: bool` - `name: str` - `uuid: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.cloudforce_one.threat_events.datasets.edit( dataset_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", is_public=True, name="x", ) print(response.uuid) ``` #### Response ```json { "isPublic": true, "name": "friendly dataset name", "uuid": "12345678-1234-1234-1234-1234567890ab" } ``` ## Reads raw data for an event by UUID `cloudforce_one.threat_events.datasets.raw(strevent_id, DatasetRawParams**kwargs) -> DatasetRawResponse` **get** `/accounts/{account_id}/cloudforce-one/events/raw/{dataset_id}/{event_id}` Retrieves the raw data associated with an event. Searches across all shards in the dataset. ### Parameters - `account_id: str` Account ID. - `dataset_id: str` Dataset ID. - `event_id: str` Event ID. ### Returns - `class DatasetRawResponse: …` - `id: float` - `account_id: float` - `created: str` - `data: str` - `source: str` - `tlp: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.cloudforce_one.threat_events.datasets.raw( event_id="event_id", account_id="account_id", dataset_id="dataset_id", ) print(response.id) ``` #### Response ```json { "id": 1, "accountId": 1234, "created": "1970-01-01T00:00:00.000Z", "data": "{\"foo\": \"bar\"}", "source": "https://example.com", "tlp": "amber" } ``` ## Domain Types ### Dataset List Response - `List[DatasetListResponseItem]` - `is_public: bool` - `name: str` - `uuid: str` ### Dataset Get Response - `class DatasetGetResponse: …` - `is_public: bool` - `name: str` - `uuid: str` ### Dataset Create Response - `class DatasetCreateResponse: …` - `is_public: bool` - `name: str` - `uuid: str` ### Dataset Edit Response - `class DatasetEditResponse: …` - `is_public: bool` - `name: str` - `uuid: str` ### Dataset Raw Response - `class DatasetRawResponse: …` - `id: float` - `account_id: float` - `created: str` - `data: str` - `source: str` - `tlp: str` # Health # Indicator Types ## Lists all indicator types `cloudforce_one.threat_events.indicator_types.list(IndicatorTypeListParams**kwargs) -> IndicatorTypeListResponse` **get** `/accounts/{account_id}/cloudforce-one/events/indicatorTypes` This Method is deprecated. Please use /events/dataset/:dataset_id/indicatorTypes instead. ### Parameters - `account_id: str` Account ID. ### Returns - `class IndicatorTypeListResponse: …` - `items: Items` - `type: str` - `type: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) indicator_types = client.cloudforce_one.threat_events.indicator_types.list( account_id="account_id", ) print(indicator_types.items) ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` ## Domain Types ### Indicator Type List Response - `class IndicatorTypeListResponse: …` - `items: Items` - `type: str` - `type: str` # Raw ## Reads data for a raw event `cloudforce_one.threat_events.raw.get(strraw_id, RawGetParams**kwargs) -> RawGetResponse` **get** `/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}` Reads data for a raw event ### Parameters - `account_id: str` Account ID. - `event_id: str` Event UUID. - `raw_id: str` Raw Event UUID. ### Returns - `class RawGetResponse: …` - `id: str` - `account_id: float` - `created: str` - `data: object` - `source: str` - `tlp: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) raw = client.cloudforce_one.threat_events.raw.get( raw_id="raw_id", account_id="account_id", event_id="event_id", ) print(raw.id) ``` #### Response ```json { "id": "1234", "accountId": 1234, "created": "1970-01-01", "data": {}, "source": "https://example.com", "tlp": "amber" } ``` ## Updates a raw event `cloudforce_one.threat_events.raw.edit(strraw_id, RawEditParams**kwargs) -> RawEditResponse` **patch** `/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}` Updates a raw event ### Parameters - `account_id: str` Account ID. - `event_id: str` Event UUID. - `raw_id: str` Raw Event UUID. - `data: Optional[object]` - `source: Optional[str]` - `tlp: Optional[str]` ### Returns - `class RawEditResponse: …` - `id: str` - `data: object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.cloudforce_one.threat_events.raw.edit( raw_id="raw_id", account_id="account_id", event_id="event_id", ) print(response.id) ``` #### Response ```json { "id": "1234", "data": {} } ``` ## Domain Types ### Raw Get Response - `class RawGetResponse: …` - `id: str` - `account_id: float` - `created: str` - `data: object` - `source: str` - `tlp: str` ### Raw Edit Response - `class RawEditResponse: …` - `id: str` - `data: object` # Relate ## Removes an event reference `cloudforce_one.threat_events.relate.delete(strevent_id, RelateDeleteParams**kwargs) -> RelateDeleteResponse` **delete** `/accounts/{account_id}/cloudforce-one/events/relate/{event_id}` Removes an event reference ### Parameters - `account_id: str` Account ID. - `event_id: str` Event UUID. ### Returns - `class RelateDeleteResponse: …` - `success: bool` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) relate = client.cloudforce_one.threat_events.relate.delete( event_id="event_id", account_id="account_id", ) print(relate.success) ``` #### Response ```json { "result": { "success": true }, "success": true } ``` ## Domain Types ### Relate Delete Response - `class RelateDeleteResponse: …` - `success: bool` # Tags ## Creates a new tag `cloudforce_one.threat_events.tags.create(TagCreateParams**kwargs) -> TagCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/events/tags/create` Creates a new tag to be used accross threat events. ### Parameters - `account_id: str` Account ID. - `value: str` - `active_duration: Optional[str]` - `actor_category: Optional[str]` - `alias_group_names: Optional[SequenceNotStr[str]]` - `alias_group_names_internal: Optional[SequenceNotStr[str]]` - `analytic_priority: Optional[float]` - `attribution_confidence: Optional[str]` - `attribution_organization: Optional[str]` - `category_uuid: Optional[str]` - `external_reference_links: Optional[SequenceNotStr[str]]` - `internal_description: Optional[str]` - `motive: Optional[str]` - `opsec_level: Optional[str]` - `origin_country_iso: Optional[str]` - `priority: Optional[float]` - `sophistication_level: Optional[str]` ### Returns - `class TagCreateResponse: …` - `uuid: str` - `value: str` - `active_duration: Optional[str]` - `actor_category: Optional[str]` - `alias_group_names: Optional[List[str]]` - `alias_group_names_internal: Optional[List[str]]` - `analytic_priority: Optional[float]` - `attribution_confidence: Optional[str]` - `attribution_organization: Optional[str]` - `category_name: Optional[str]` - `category_uuid: Optional[str]` - `external_reference_links: Optional[List[str]]` - `internal_description: Optional[str]` - `motive: Optional[str]` - `opsec_level: Optional[str]` - `origin_country_iso: Optional[str]` - `priority: Optional[float]` - `sophistication_level: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) tag = client.cloudforce_one.threat_events.tags.create( account_id="account_id", value="APT28", ) print(tag.uuid) ``` #### Response ```json { "uuid": "12345678-1234-1234-1234-1234567890ab", "value": "APT28", "activeDuration": "activeDuration", "actorCategory": "actorCategory", "aliasGroupNames": [ "string" ], "aliasGroupNamesInternal": [ "string" ], "analyticPriority": 0, "attributionConfidence": "attributionConfidence", "attributionOrganization": "attributionOrganization", "categoryName": "Nation State", "categoryUuid": "12345678-1234-1234-1234-1234567890ab", "externalReferenceLinks": [ "string" ], "internalDescription": "internalDescription", "motive": "motive", "opsecLevel": "opsecLevel", "originCountryISO": "originCountryISO", "priority": 0, "sophisticationLevel": "sophisticationLevel" } ``` ## Domain Types ### Tag Create Response - `class TagCreateResponse: …` - `uuid: str` - `value: str` - `active_duration: Optional[str]` - `actor_category: Optional[str]` - `alias_group_names: Optional[List[str]]` - `alias_group_names_internal: Optional[List[str]]` - `analytic_priority: Optional[float]` - `attribution_confidence: Optional[str]` - `attribution_organization: Optional[str]` - `category_name: Optional[str]` - `category_uuid: Optional[str]` - `external_reference_links: Optional[List[str]]` - `internal_description: Optional[str]` - `motive: Optional[str]` - `opsec_level: Optional[str]` - `origin_country_iso: Optional[str]` - `priority: Optional[float]` - `sophistication_level: Optional[str]` # Event Tags ## Adds a tag to an event `cloudforce_one.threat_events.event_tags.create(strevent_id, EventTagCreateParams**kwargs) -> EventTagCreateResponse` **post** `/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}/create` Adds a tag to an event ### Parameters - `account_id: str` Account ID. - `event_id: str` Event UUID. - `tags: SequenceNotStr[str]` ### Returns - `class EventTagCreateResponse: …` - `success: bool` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) event_tag = client.cloudforce_one.threat_events.event_tags.create( event_id="event_id", account_id="account_id", tags=["botnet"], ) print(event_tag.success) ``` #### Response ```json { "result": { "success": true }, "success": true } ``` ## Removes a tag from an event `cloudforce_one.threat_events.event_tags.delete(strevent_id, EventTagDeleteParams**kwargs) -> EventTagDeleteResponse` **delete** `/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}` Removes a tag from an event ### Parameters - `account_id: str` Account ID. - `event_id: str` Event UUID. ### Returns - `class EventTagDeleteResponse: …` - `success: bool` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) event_tag = client.cloudforce_one.threat_events.event_tags.delete( event_id="event_id", account_id="account_id", ) print(event_tag.success) ``` #### Response ```json { "result": { "success": true }, "success": true } ``` ## Domain Types ### Event Tag Create Response - `class EventTagCreateResponse: …` - `success: bool` ### Event Tag Delete Response - `class EventTagDeleteResponse: …` - `success: bool` # Target Industries ## Lists target industries across multiple datasets `cloudforce_one.threat_events.target_industries.list(TargetIndustryListParams**kwargs) -> TargetIndustryListResponse` **get** `/accounts/{account_id}/cloudforce-one/events/targetIndustries` Lists target industries across multiple datasets ### Parameters - `account_id: str` Account ID. - `dataset_ids: Optional[SequenceNotStr[str]]` Array of dataset IDs to query target industries from. If not provided, uses the default dataset. ### Returns - `class TargetIndustryListResponse: …` - `items: Items` - `type: str` - `type: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) target_industries = client.cloudforce_one.threat_events.target_industries.list( account_id="account_id", ) print(target_industries.items) ``` #### Response ```json { "items": { "type": "string" }, "type": "array" } ``` ## Domain Types ### Target Industry List Response - `class TargetIndustryListResponse: …` - `items: Items` - `type: str` - `type: str` # Insights