## Creates a new event

`cloudforce_one.threat_events.create(ThreatEventCreateParams**kwargs)  -> ThreatEventCreateResponse`

**post** `/accounts/{account_id}/cloudforce-one/events/create`

To create a dataset, see the [`Create Dataset`](https://developers.cloudflare.com/api/resources/cloudforce_one/subresources/threat_events/subresources/datasets/methods/create/) endpoint. When `datasetId` parameter is unspecified, it will be created in a default dataset named `Cloudforce One Threat Events`.

### Parameters

- `account_id: str`

  Account ID.

- `category: str`

- `date: Union[str, datetime]`

- `event: str`

- `raw: Raw`

  - `data: Optional[Dict[str, object]]`

  - `source: Optional[str]`

  - `tlp: Optional[str]`

- `tlp: str`

- `account_id: Optional[float]`

- `attacker: Optional[str]`

- `attacker_country: Optional[str]`

- `dataset_id: Optional[str]`

- `indicator: Optional[str]`

- `indicators: Optional[Iterable[Indicator]]`

  Array of indicators for this event. Supports multiple indicators per event for complex scenarios.

  - `indicator_type: str`

    The type of indicator (e.g., DOMAIN, IP, JA3, HASH)

  - `value: str`

    The indicator value (e.g., domain name, IP address, hash)

- `indicator_type: Optional[str]`

- `insight: Optional[str]`

- `tags: Optional[SequenceNotStr[str]]`

- `target_country: Optional[str]`

- `target_industry: Optional[str]`

### Returns

- `class ThreatEventCreateResponse: …`

  - `attacker: str`

  - `attacker_country: str`

  - `category: str`

  - `dataset_id: str`

  - `date: str`

  - `event: str`

  - `has_children: bool`

  - `indicator: str`

  - `indicator_type: str`

  - `indicator_type_id: float`

  - `kill_chain: float`

  - `mitre_attack: List[str]`

  - `mitre_capec: List[str]`

  - `num_referenced: float`

  - `num_references: float`

  - `raw_id: str`

  - `referenced: List[str]`

  - `referenced_ids: List[float]`

  - `references: List[str]`

  - `references_ids: List[float]`

  - `tags: List[str]`

  - `target_country: str`

  - `target_industry: str`

  - `tlp: str`

  - `uuid: str`

  - `insight: Optional[str]`

  - `releasability_id: Optional[str]`

### Example

```python
import os
from datetime import datetime
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
threat_event = client.cloudforce_one.threat_events.create(
    path_account_id="account_id",
    category="Domain Resolution",
    date=datetime.fromisoformat("2022-04-01T00:00:00"),
    event="An attacker registered the domain domain.com",
    raw={
        "data": {
            "foo": "bar"
        }
    },
    tlp="amber",
)
print(threat_event.uuid)
```

#### Response

```json
{
  "attacker": "Flying Yeti",
  "attackerCountry": "CN",
  "category": "Domain Resolution",
  "datasetId": "dataset-example-id",
  "date": "2022-04-01T00:00:00Z",
  "event": "An attacker registered the domain domain.com",
  "hasChildren": true,
  "indicator": "domain.com",
  "indicatorType": "domain",
  "indicatorTypeId": 5,
  "killChain": 0,
  "mitreAttack": [
    " "
  ],
  "mitreCapec": [
    " "
  ],
  "numReferenced": 0,
  "numReferences": 0,
  "rawId": "453gw34w3",
  "referenced": [
    " "
  ],
  "referencedIds": [
    0
  ],
  "references": [
    " "
  ],
  "referencesIds": [
    0
  ],
  "tags": [
    "malware"
  ],
  "targetCountry": "US",
  "targetIndustry": "Agriculture",
  "tlp": "amber",
  "uuid": "12345678-1234-1234-1234-1234567890ab",
  "insight": "insight",
  "releasabilityId": "releasabilityId"
}
```