Creates bulk events

cloudforce_one.threat_events.bulk_create() -> ThreatEventBulkCreateResponse

POST/accounts/{account_id}/cloudforce-one/events/create/bulk

The datasetId parameter must be defined. To list existing datasets (and their IDs) in your account, use the List Datasets endpoint.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Cloudforce One WriteCloudforce One Read

ParametersExpand Collapse

account_id: str

Account ID.

data: Iterable[Data]

category: str

date: Union[str, datetime]

formatdate-time

event: str

raw: DataRaw

data: Optional[Dict[str, object]]

source: Optional[str]

tlp: Optional[str]

tlp: str

account_id: Optional[float]

attacker: Optional[str]

attacker_country: Optional[str]

dataset_id: Optional[str]

indicator: Optional[str]

indicators: Optional[Iterable[DataIndicator]]

Array of indicators for this event. Supports multiple indicators per event for complex scenarios.

indicator_type: str

The type of indicator (e.g., DOMAIN, IP, JA3, HASH)

value: str

The indicator value (e.g., domain name, IP address, hash)

indicator_type: Optional[str]

insight: Optional[str]

tags: Optional[SequenceNotStr[str]]

target_country: Optional[str]

target_industry: Optional[str]

dataset_id: str

include_created_events: Optional[bool]

When true, response includes array of created event UUIDs and shard IDs. Useful for tracking which events were created and where.

ReturnsExpand Collapse

class ThreatEventBulkCreateResponse: …

Detailed result of bulk event creation with auto-tag management

created_events_count: float

Number of events created

created_tags_count: float

Number of new tags created in SoT

error_count: float

Number of errors encountered

queued_indicators_count: float

Number of indicators queued for async processing

create_bulk_events_request_id: Optional[str]

Correlation ID for async indicator processing

formatuuid

created_events: Optional[List[CreatedEvent]]

Array of created events with UUIDs and shard locations. Only present when includeCreatedEvents=true

event_index: float

Original index in the input data array

shard_id: str

Dataset ID of the shard where the event was created

uuid: str

UUID of the created event

formatuuid

errors: Optional[List[Error]]

Array of error details

error: str

Error message

event_index: float

Index of the event that caused the error

Creates bulk events

import os
from datetime import datetime
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
response = client.cloudforce_one.threat_events.bulk_create(
    account_id="account_id",
    data=[{
        "category": "Domain Resolution",
        "date": datetime.fromisoformat("2022-04-01T00:00:00"),
        "event": "An attacker registered the domain domain.com",
        "raw": {
            "data": {
                "foo": "bar"
            }
        },
        "tlp": "amber",
    }],
    dataset_id="durableObjectName",
)
print(response.created_events_count)

{
  "createdEventsCount": 0,
  "createdTagsCount": 0,
  "errorCount": 0,
  "queuedIndicatorsCount": 0,
  "createBulkEventsRequestId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
  "createdEvents": [
    {
      "eventIndex": 0,
      "shardId": "shardId",
      "uuid": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"
    }
  ],
  "errors": [
    {
      "error": "error",
      "eventIndex": 0
    }
  ]
}

Returns Examples

{
  "createdEventsCount": 0,
  "createdTagsCount": 0,
  "errorCount": 0,
  "queuedIndicatorsCount": 0,
  "createBulkEventsRequestId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
  "createdEvents": [
    {
      "eventIndex": 0,
      "shardId": "shardId",
      "uuid": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"
    }
  ],
  "errors": [
    {
      "error": "error",
      "eventIndex": 0
    }
  ]
}