API Reference

Cloudforce One

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Threat Events

Filter and list events

cloudforce_one.threat_events.list(ThreatEventListParams**kwargs) -> ThreatEventListResponse

GET/accounts/{account_id}/cloudforce-one/events

Reads an event

Deprecated

cloudforce_one.threat_events.get(strevent_id, ThreatEventGetParams**kwargs) -> ThreatEventGetResponse

GET/accounts/{account_id}/cloudforce-one/events/{event_id}

Creates a new event

cloudforce_one.threat_events.create(ThreatEventCreateParams**kwargs) -> ThreatEventCreateResponse

POST/accounts/{account_id}/cloudforce-one/events/create

Updates an event

cloudforce_one.threat_events.edit(strevent_id, ThreatEventEditParams**kwargs) -> ThreatEventEditResponse

PATCH/accounts/{account_id}/cloudforce-one/events/{event_id}

Creates bulk events

cloudforce_one.threat_events.bulk_create(ThreatEventBulkCreateParams**kwargs) -> ThreatEventBulkCreateResponse

POST/accounts/{account_id}/cloudforce-one/events/create/bulk

ModelsExpand Collapse

List[ThreatEventListResponseItem]

attacker: str

attacker_country: str

category: str

dataset_id: str

date: str

event: str

has_children: bool

indicator: str

indicator_type: str

indicator_type_id: float

kill_chain: float

mitre_attack: List[str]

mitre_capec: List[str]

num_referenced: float

num_references: float

raw_id: str

referenced: List[str]

referenced_ids: List[float]

references: List[str]

references_ids: List[float]

tags: List[str]

target_country: str

target_industry: str

tlp: str

uuid: str

insight: Optional[str]

releasability_id: Optional[str]

class ThreatEventGetResponse: …

attacker: str

attacker_country: str

category: str

dataset_id: str

date: str

event: str

has_children: bool

indicator: str

indicator_type: str

indicator_type_id: float

kill_chain: float

mitre_attack: List[str]

mitre_capec: List[str]

num_referenced: float

num_references: float

raw_id: str

referenced: List[str]

referenced_ids: List[float]

references: List[str]

references_ids: List[float]

tags: List[str]

target_country: str

target_industry: str

tlp: str

uuid: str

insight: Optional[str]

releasability_id: Optional[str]

class ThreatEventCreateResponse: …

attacker: str

attacker_country: str

category: str

dataset_id: str

date: str

event: str

has_children: bool

indicator: str

indicator_type: str

indicator_type_id: float

kill_chain: float

mitre_attack: List[str]

mitre_capec: List[str]

num_referenced: float

num_references: float

raw_id: str

referenced: List[str]

referenced_ids: List[float]

references: List[str]

references_ids: List[float]

tags: List[str]

target_country: str

target_industry: str

tlp: str

uuid: str

insight: Optional[str]

releasability_id: Optional[str]

class ThreatEventEditResponse: …

attacker: str

attacker_country: str

category: str

dataset_id: str

date: str

event: str

has_children: bool

indicator: str

indicator_type: str

indicator_type_id: float

kill_chain: float

mitre_attack: List[str]

mitre_capec: List[str]

num_referenced: float

num_references: float

raw_id: str

referenced: List[str]

referenced_ids: List[float]

references: List[str]

references_ids: List[float]

tags: List[str]

target_country: str

target_industry: str

tlp: str

uuid: str

insight: Optional[str]

releasability_id: Optional[str]

class ThreatEventBulkCreateResponse: …

Detailed result of bulk event creation with auto-tag management

created_events_count: float

Number of events created

created_tags_count: float

Number of new tags created in SoT

error_count: float

Number of errors encountered

queued_indicators_count: float

Number of indicators queued for async processing

create_bulk_events_request_id: Optional[str]

Correlation ID for async indicator processing

formatuuid

created_events: Optional[List[CreatedEvent]]

Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true

event_index: float

Original index in the input data array

shard_id: str

Dataset ID of the shard where the event was created

uuid: str

UUID of the created event

formatuuid

errors: Optional[List[Error]]

Array of error details

error: str

Error message

event_index: float

Index of the event that caused the error

Threat EventsAttackers

Lists attackers across multiple datasets

cloudforce_one.threat_events.attackers.list(AttackerListParams**kwargs) -> AttackerListResponse

GET/accounts/{account_id}/cloudforce-one/events/attackers

ModelsExpand Collapse

class AttackerListResponse: …

items: Items

type: str

type: str

Threat EventsCategories

Lists categories across multiple datasets

cloudforce_one.threat_events.categories.list(CategoryListParams**kwargs) -> CategoryListResponse

GET/accounts/{account_id}/cloudforce-one/events/categories

Reads a category

cloudforce_one.threat_events.categories.get(strcategory_id, CategoryGetParams**kwargs) -> CategoryGetResponse

GET/accounts/{account_id}/cloudforce-one/events/categories/{category_id}

Creates a new category

cloudforce_one.threat_events.categories.create(CategoryCreateParams**kwargs) -> CategoryCreateResponse

POST/accounts/{account_id}/cloudforce-one/events/categories/create

Updates a category

cloudforce_one.threat_events.categories.edit(strcategory_id, CategoryEditParams**kwargs) -> CategoryEditResponse

PATCH/accounts/{account_id}/cloudforce-one/events/categories/{category_id}

Deletes a category

cloudforce_one.threat_events.categories.delete(strcategory_id, CategoryDeleteParams**kwargs) -> CategoryDeleteResponse

DELETE/accounts/{account_id}/cloudforce-one/events/categories/{category_id}

ModelsExpand Collapse

List[CategoryListResponseItem]

kill_chain: float

name: str

uuid: str

mitre_attack: Optional[List[str]]

mitre_capec: Optional[List[str]]

shortname: Optional[str]

class CategoryGetResponse: …

kill_chain: float

name: str

uuid: str

mitre_attack: Optional[List[str]]

mitre_capec: Optional[List[str]]

shortname: Optional[str]

class CategoryCreateResponse: …

kill_chain: float

name: str

uuid: str

mitre_attack: Optional[List[str]]

mitre_capec: Optional[List[str]]

shortname: Optional[str]

class CategoryEditResponse: …

kill_chain: float

name: str

uuid: str

mitre_attack: Optional[List[str]]

mitre_capec: Optional[List[str]]

shortname: Optional[str]

class CategoryDeleteResponse: …

uuid: str

Threat EventsCountries

Retrieves countries information for all countries

cloudforce_one.threat_events.countries.list(CountryListParams**kwargs) -> CountryListResponse

GET/accounts/{account_id}/cloudforce-one/events/countries

ModelsExpand Collapse

List[CountryListResponseItem]

result: List[CountryListResponseItemResult]

alpha3: str

name: str

success: str

Threat EventsCrons

Threat EventsDatasets

Lists all datasets in an account

cloudforce_one.threat_events.datasets.list(DatasetListParams**kwargs) -> DatasetListResponse

GET/accounts/{account_id}/cloudforce-one/events/dataset

Reads a dataset

cloudforce_one.threat_events.datasets.get(strdataset_id, DatasetGetParams**kwargs) -> DatasetGetResponse

GET/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}

Creates a dataset

cloudforce_one.threat_events.datasets.create(DatasetCreateParams**kwargs) -> DatasetCreateResponse

POST/accounts/{account_id}/cloudforce-one/events/dataset/create

Updates an existing dataset

cloudforce_one.threat_events.datasets.edit(strdataset_id, DatasetEditParams**kwargs) -> DatasetEditResponse

PATCH/accounts/{account_id}/cloudforce-one/events/dataset/{dataset_id}

Reads raw data for an event by UUID

cloudforce_one.threat_events.datasets.raw(strevent_id, DatasetRawParams**kwargs) -> DatasetRawResponse

GET/accounts/{account_id}/cloudforce-one/events/raw/{dataset_id}/{event_id}

ModelsExpand Collapse

List[DatasetListResponseItem]

is_public: bool

name: str

uuid: str

class DatasetGetResponse: …

is_public: bool

name: str

uuid: str

class DatasetCreateResponse: …

is_public: bool

name: str

uuid: str

class DatasetEditResponse: …

is_public: bool

name: str

uuid: str

class DatasetRawResponse: …

id: float

account_id: float

created: str

data: str

source: str

tlp: str

Threat EventsDatasetsHealth

Threat EventsIndicator Types

Lists all indicator types

Deprecated

cloudforce_one.threat_events.indicator_types.list(IndicatorTypeListParams**kwargs) -> IndicatorTypeListResponse

GET/accounts/{account_id}/cloudforce-one/events/indicatorTypes

ModelsExpand Collapse

class IndicatorTypeListResponse: …

items: Items

type: str

type: str

Threat EventsRaw

Reads data for a raw event

cloudforce_one.threat_events.raw.get(strraw_id, RawGetParams**kwargs) -> RawGetResponse

GET/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}

Updates a raw event

cloudforce_one.threat_events.raw.edit(strraw_id, RawEditParams**kwargs) -> RawEditResponse

PATCH/accounts/{account_id}/cloudforce-one/events/{event_id}/raw/{raw_id}

ModelsExpand Collapse

class RawGetResponse: …

id: str

account_id: float

created: str

data: object

source: str

tlp: str

class RawEditResponse: …

id: str

data: object

Threat EventsRelate

Removes an event reference

cloudforce_one.threat_events.relate.delete(strevent_id, RelateDeleteParams**kwargs) -> RelateDeleteResponse

DELETE/accounts/{account_id}/cloudforce-one/events/relate/{event_id}

ModelsExpand Collapse

class RelateDeleteResponse: …

success: bool

Threat EventsTags

Creates a new tag

cloudforce_one.threat_events.tags.create(TagCreateParams**kwargs) -> TagCreateResponse

POST/accounts/{account_id}/cloudforce-one/events/tags/create

ModelsExpand Collapse

class TagCreateResponse: …

uuid: str

value: str

active_duration: Optional[str]

actor_category: Optional[str]

alias_group_names: Optional[List[str]]

alias_group_names_internal: Optional[List[str]]

analytic_priority: Optional[float]

attribution_confidence: Optional[str]

attribution_organization: Optional[str]

category_name: Optional[str]

category_uuid: Optional[str]

external_reference_links: Optional[List[str]]

internal_description: Optional[str]

motive: Optional[str]

opsec_level: Optional[str]

origin_country_iso: Optional[str]

priority: Optional[float]

sophistication_level: Optional[str]

Threat EventsEvent Tags

Adds a tag to an event

cloudforce_one.threat_events.event_tags.create(strevent_id, EventTagCreateParams**kwargs) -> EventTagCreateResponse

POST/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}/create

Removes a tag from an event

cloudforce_one.threat_events.event_tags.delete(strevent_id, EventTagDeleteParams**kwargs) -> EventTagDeleteResponse

DELETE/accounts/{account_id}/cloudforce-one/events/event_tag/{event_id}

ModelsExpand Collapse

class EventTagCreateResponse: …

success: bool

class EventTagDeleteResponse: …

success: bool

Threat EventsTarget Industries

Lists target industries across multiple datasets

cloudforce_one.threat_events.target_industries.list(TargetIndustryListParams**kwargs) -> TargetIndustryListResponse

GET/accounts/{account_id}/cloudforce-one/events/targetIndustries

ModelsExpand Collapse

class TargetIndustryListResponse: …

items: Items

type: str

type: str

Threat EventsInsights