# Intel # ASN ## Get ASN Overview. `intel.asn.get(ASNasn, ASNGetParams**kwargs) -> ASN` **get** `/accounts/{account_id}/intel/asn/{asn}` Gets an overview of the Autonomous System Number (ASN) and a list of subnets for it. ### Parameters - `account_id: str` Identifier. - `asn: ASN` ### Returns - `int` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) asn = client.intel.asn.get( asn=0, account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(asn) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": 0 } ``` # Subnets ## Get ASN Subnets `intel.asn.subnets.get(ASNasn, SubnetGetParams**kwargs) -> SubnetGetResponse` **get** `/accounts/{account_id}/intel/asn/{asn}/subnets` Get ASN Subnets. ### Parameters - `account_id: str` Identifier. - `asn: ASN` ### Returns - `class SubnetGetResponse: …` - `asn: Optional[ASN]` - `count: Optional[float]` Total results returned based on your search parameters. - `ip_count_total: Optional[int]` - `page: Optional[float]` Current page within paginated list of results. - `per_page: Optional[float]` Number of results per page of results. - `subnets: Optional[List[str]]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) subnet = client.intel.asn.subnets.get( asn=0, account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(subnet.asn) ``` #### Response ```json { "asn": 0, "count": 1, "ip_count_total": 0, "page": 1, "per_page": 20, "subnets": [ "192.0.2.0/24", "2001:DB8::/32" ] } ``` ## Domain Types ### Subnet Get Response - `class SubnetGetResponse: …` - `asn: Optional[ASN]` - `count: Optional[float]` Total results returned based on your search parameters. - `ip_count_total: Optional[int]` - `page: Optional[float]` Current page within paginated list of results. - `per_page: Optional[float]` Number of results per page of results. - `subnets: Optional[List[str]]` # DNS ## Get Passive DNS by IP `intel.dns.list(DNSListParams**kwargs) -> SyncV4PagePagination[Optional[DNS]]` **get** `/accounts/{account_id}/intel/dns` Gets a list of all the domains that have resolved to a specific IP address. ### Parameters - `account_id: str` Identifier. - `ipv4: Optional[str]` - `page: Optional[float]` Requested page within paginated list of results. - `per_page: Optional[float]` Maximum number of results requested. - `start_end_params: Optional[StartEndParams]` - `end: Optional[Union[null, null]]` Defaults to the current date. - `start: Optional[Union[null, null]]` Defaults to 30 days before the end parameter value. ### Returns - `class DNS: …` - `count: Optional[float]` Total results returned based on your search parameters. - `page: Optional[float]` Current page within paginated list of results. - `per_page: Optional[float]` Number of results per page of results. - `reverse_records: Optional[List[ReverseRecord]]` Reverse DNS look-ups observed during the time period. - `first_seen: Optional[date]` First seen date of the DNS record during the time period. - `hostname: Optional[str]` Hostname that the IP was observed resolving to. - `last_seen: Optional[date]` Last seen date of the DNS record during the time period. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.intel.dns.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result.items[0] print(page.count) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "count": 1, "page": 1, "per_page": 20, "reverse_records": [ { "first_seen": "2021-04-01", "hostname": "hostname", "last_seen": "2021-04-30" } ] }, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### DNS - `class DNS: …` - `count: Optional[float]` Total results returned based on your search parameters. - `page: Optional[float]` Current page within paginated list of results. - `per_page: Optional[float]` Number of results per page of results. - `reverse_records: Optional[List[ReverseRecord]]` Reverse DNS look-ups observed during the time period. - `first_seen: Optional[date]` First seen date of the DNS record during the time period. - `hostname: Optional[str]` Hostname that the IP was observed resolving to. - `last_seen: Optional[date]` Last seen date of the DNS record during the time period. # Domains ## Get Domain Details `intel.domains.get(DomainGetParams**kwargs) -> Domain` **get** `/accounts/{account_id}/intel/domain` Gets security details and statistics about a domain. ### Parameters - `account_id: str` Identifier. - `domain: Optional[str]` ### Returns - `class Domain: …` - `additional_information: Optional[AdditionalInformation]` Additional information related to the host name. - `suspected_malware_family: Optional[str]` Suspected DGA malware family. - `application: Optional[Application]` Application that the hostname belongs to. - `id: Optional[int]` - `name: Optional[str]` - `content_categories: Optional[List[ContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `domain: Optional[str]` - `inherited_content_categories: Optional[List[InheritedContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `inherited_from: Optional[str]` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types: Optional[List[InheritedRiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `popularity_rank: Optional[int]` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `resolves_to_refs: Optional[List[ResolvesToRef]]` Specifies a list of references to one or more IP addresses or domain names that the domain name currently resolves to. - `id: Optional[str]` STIX 2.1 identifier: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html#_64yvzeku5a5c. - `value: Optional[str]` IP address or domain name. - `risk_score: Optional[float]` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types: Optional[List[RiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) domain = client.intel.domains.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(domain.additional_information) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "additional_information": { "suspected_malware_family": "" }, "application": { "id": 0, "name": "CLOUDFLARE" }, "content_categories": [ { "id": 155, "name": "Technology", "super_category_id": 26 } ], "domain": "cloudflare.com", "inherited_content_categories": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "inherited_from": "inherited_from", "inherited_risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "popularity_rank": 0, "resolves_to_refs": [ { "id": "ipv4-addr--baa568ec-6efe-5902-be55-0663833db537", "value": "192.0.2.0" } ], "risk_score": 0, "risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ] } } ``` ## Domain Types ### Domain - `class Domain: …` - `additional_information: Optional[AdditionalInformation]` Additional information related to the host name. - `suspected_malware_family: Optional[str]` Suspected DGA malware family. - `application: Optional[Application]` Application that the hostname belongs to. - `id: Optional[int]` - `name: Optional[str]` - `content_categories: Optional[List[ContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `domain: Optional[str]` - `inherited_content_categories: Optional[List[InheritedContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `inherited_from: Optional[str]` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types: Optional[List[InheritedRiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `popularity_rank: Optional[int]` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `resolves_to_refs: Optional[List[ResolvesToRef]]` Specifies a list of references to one or more IP addresses or domain names that the domain name currently resolves to. - `id: Optional[str]` STIX 2.1 identifier: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html#_64yvzeku5a5c. - `value: Optional[str]` IP address or domain name. - `risk_score: Optional[float]` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types: Optional[List[RiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` # Bulks ## Get Multiple Domain Details `intel.domains.bulks.get(BulkGetParams**kwargs) -> BulkGetResponse` **get** `/accounts/{account_id}/intel/domain/bulk` Same as summary. ### Parameters - `account_id: str` Identifier. - `domain: Optional[SequenceNotStr[str]]` Accepts multiple values like `?domain=cloudflare.com&domain=example.com`. ### Returns - `Optional[List[BulkGetResponseItem]]` - `additional_information: Optional[BulkGetResponseItemAdditionalInformation]` Additional information related to the host name. - `suspected_malware_family: Optional[str]` Suspected DGA malware family. - `application: Optional[BulkGetResponseItemApplication]` Application that the hostname belongs to. - `id: Optional[int]` - `name: Optional[str]` - `content_categories: Optional[List[BulkGetResponseItemContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `domain: Optional[str]` - `inherited_content_categories: Optional[List[BulkGetResponseItemInheritedContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `inherited_from: Optional[str]` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types: Optional[List[BulkGetResponseItemInheritedRiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `popularity_rank: Optional[int]` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `risk_score: Optional[float]` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types: Optional[List[BulkGetResponseItemRiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) bulks = client.intel.domains.bulks.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(bulks) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "additional_information": { "suspected_malware_family": "" }, "application": { "id": 0, "name": "CLOUDFLARE" }, "content_categories": [ { "id": 155, "name": "Technology", "super_category_id": 26 } ], "domain": "cloudflare.com", "inherited_content_categories": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "inherited_from": "inherited_from", "inherited_risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ], "popularity_rank": 0, "risk_score": 0, "risk_types": [ { "id": 0, "name": "name", "super_category_id": 0 } ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Bulk Get Response - `Optional[List[BulkGetResponseItem]]` - `additional_information: Optional[BulkGetResponseItemAdditionalInformation]` Additional information related to the host name. - `suspected_malware_family: Optional[str]` Suspected DGA malware family. - `application: Optional[BulkGetResponseItemApplication]` Application that the hostname belongs to. - `id: Optional[int]` - `name: Optional[str]` - `content_categories: Optional[List[BulkGetResponseItemContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `domain: Optional[str]` - `inherited_content_categories: Optional[List[BulkGetResponseItemInheritedContentCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `inherited_from: Optional[str]` Domain from which `inherited_content_categories` and `inherited_risk_types` are inherited, if applicable. - `inherited_risk_types: Optional[List[BulkGetResponseItemInheritedRiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` - `popularity_rank: Optional[int]` Global Cloudflare 100k ranking for the last 30 days, if available for the hostname. The top ranked domain is 1, the lowest ranked domain is 100,000. - `risk_score: Optional[float]` Hostname risk score, which is a value between 0 (lowest risk) to 1 (highest risk). - `risk_types: Optional[List[BulkGetResponseItemRiskType]]` - `id: Optional[int]` - `name: Optional[str]` - `super_category_id: Optional[int]` # Domain History ## Get Domain History `intel.domain_history.get(DomainHistoryGetParams**kwargs) -> DomainHistoryGetResponse` **get** `/accounts/{account_id}/intel/domain-history` Gets historical security threat and content categories currently and previously assigned to a domain. ### Parameters - `account_id: str` Identifier. - `domain: Optional[str]` ### Returns - `Optional[List[DomainHistory]]` - `categorizations: Optional[List[Categorization]]` - `categories: Optional[List[CategorizationCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `end: Optional[date]` - `start: Optional[date]` - `domain: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) domain_histories = client.intel.domain_history.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(domain_histories) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "categorizations": [ { "categories": [ { "id": 155, "name": "Technology" } ], "end": "2021-04-30", "start": "2021-04-01" } ], "domain": "cloudflare.com" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Domain History - `class DomainHistory: …` - `categorizations: Optional[List[Categorization]]` - `categories: Optional[List[CategorizationCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `end: Optional[date]` - `start: Optional[date]` - `domain: Optional[str]` ### Domain History Get Response - `Optional[List[DomainHistory]]` - `categorizations: Optional[List[Categorization]]` - `categories: Optional[List[CategorizationCategory]]` - `id: Optional[int]` - `name: Optional[str]` - `end: Optional[date]` - `start: Optional[date]` - `domain: Optional[str]` # IPs ## Get IP Overview `intel.ips.get(IPGetParams**kwargs) -> IPGetResponse` **get** `/accounts/{account_id}/intel/ip` Gets the geolocation, ASN, infrastructure type of the ASN, and any security threat categories of an IP address. **Must provide ip query parameters.** For example, `/intel/ip?ipv4=1.1.1.1` or `/intel/ip?ipv6=2001:db8::1`. ### Parameters - `account_id: str` Identifier. - `ipv4: Optional[str]` - `ipv6: Optional[str]` ### Returns - `Optional[List[IP]]` - `belongs_to_ref: Optional[BelongsToRef]` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `id: Optional[str]` - `country: Optional[str]` - `description: Optional[str]` - `type: Optional[Literal["hosting_provider", "isp", "organization"]]` Infrastructure type of this ASN. - `"hosting_provider"` - `"isp"` - `"organization"` - `value: Optional[str]` - `ip: Optional[str]` - `risk_types: Optional[List[RiskType]]` - `id: Optional[float]` - `name: Optional[str]` - `super_category_id: Optional[float]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) ips = client.intel.ips.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(ips) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "belongs_to_ref": { "id": "autonomous-system--2fa28d71-3549-5a38-af05-770b79ad6ea8", "country": "US", "description": "CLOUDFLARENET", "type": "hosting_provider", "value": "value" }, "ip": "192.0.2.0", "risk_types": [ { "id": 131, "name": "Phishing", "super_category_id": 21 } ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### IP - `class IP: …` - `belongs_to_ref: Optional[BelongsToRef]` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `id: Optional[str]` - `country: Optional[str]` - `description: Optional[str]` - `type: Optional[Literal["hosting_provider", "isp", "organization"]]` Infrastructure type of this ASN. - `"hosting_provider"` - `"isp"` - `"organization"` - `value: Optional[str]` - `ip: Optional[str]` - `risk_types: Optional[List[RiskType]]` - `id: Optional[float]` - `name: Optional[str]` - `super_category_id: Optional[float]` ### IP Get Response - `Optional[List[IP]]` - `belongs_to_ref: Optional[BelongsToRef]` Specifies a reference to the autonomous systems (AS) that the IP address belongs to. - `id: Optional[str]` - `country: Optional[str]` - `description: Optional[str]` - `type: Optional[Literal["hosting_provider", "isp", "organization"]]` Infrastructure type of this ASN. - `"hosting_provider"` - `"isp"` - `"organization"` - `value: Optional[str]` - `ip: Optional[str]` - `risk_types: Optional[List[RiskType]]` - `id: Optional[float]` - `name: Optional[str]` - `super_category_id: Optional[float]` # IP Lists ## Domain Types ### IP List - `class IPList: …` - `id: Optional[int]` - `description: Optional[str]` - `name: Optional[str]` # Miscategorizations ## Create Miscategorization `intel.miscategorizations.create(MiscategorizationCreateParams**kwargs) -> MiscategorizationCreateResponse` **post** `/accounts/{account_id}/intel/miscategorization` Allows you to submit requests to change a domain’s category. ### Parameters - `account_id: str` Identifier. - `content_adds: Optional[Iterable[int]]` Content category IDs to add. - `content_removes: Optional[Iterable[int]]` Content category IDs to remove. - `indicator_type: Optional[Literal["domain", "ipv4", "ipv6", "url"]]` - `"domain"` - `"ipv4"` - `"ipv6"` - `"url"` - `ip: Optional[str]` Provide only if indicator_type is `ipv4` or `ipv6`. - `security_adds: Optional[Iterable[int]]` Security category IDs to add. - `security_removes: Optional[Iterable[int]]` Security category IDs to remove. - `url: Optional[str]` Provide only if indicator_type is `domain` or `url`. Example if indicator_type is `domain`: `example.com`. Example if indicator_type is `url`: `https://example.com/news/`. ### Returns - `class MiscategorizationCreateResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) miscategorization = client.intel.miscategorizations.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(miscategorization.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Miscategorization Create Response - `class MiscategorizationCreateResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` # Whois ## Get WHOIS Record `intel.whois.get(WhoisGetParams**kwargs) -> WhoisGetResponse` **get** `/accounts/{account_id}/intel/whois` Retrieves WHOIS registration data for a domain, including registrant and nameserver information. ### Parameters - `account_id: str` Use to uniquely identify or reference the resource. - `domain: Optional[str]` ### Returns - `class WhoisGetResponse: …` - `dnssec: bool` - `domain: str` - `extension: str` - `found: bool` - `nameservers: List[str]` - `punycode: str` - `registrant: str` - `registrar: str` - `id: Optional[str]` - `administrative_city: Optional[str]` - `administrative_country: Optional[str]` - `administrative_email: Optional[str]` - `administrative_fax: Optional[str]` - `administrative_fax_ext: Optional[str]` - `administrative_id: Optional[str]` - `administrative_name: Optional[str]` - `administrative_org: Optional[str]` - `administrative_phone: Optional[str]` - `administrative_phone_ext: Optional[str]` - `administrative_postal_code: Optional[str]` - `administrative_province: Optional[str]` - `administrative_referral_url: Optional[str]` - `administrative_street: Optional[str]` - `billing_city: Optional[str]` - `billing_country: Optional[str]` - `billing_email: Optional[str]` - `billing_fax: Optional[str]` - `billing_fax_ext: Optional[str]` - `billing_id: Optional[str]` - `billing_name: Optional[str]` - `billing_org: Optional[str]` - `billing_phone: Optional[str]` - `billing_phone_ext: Optional[str]` - `billing_postal_code: Optional[str]` - `billing_province: Optional[str]` - `billing_referral_url: Optional[str]` - `billing_street: Optional[str]` - `created_date: Optional[datetime]` - `created_date_raw: Optional[str]` - `expiration_date: Optional[datetime]` - `expiration_date_raw: Optional[str]` - `registrant_city: Optional[str]` - `registrant_country: Optional[str]` - `registrant_email: Optional[str]` - `registrant_fax: Optional[str]` - `registrant_fax_ext: Optional[str]` - `registrant_id: Optional[str]` - `registrant_name: Optional[str]` - `registrant_org: Optional[str]` - `registrant_phone: Optional[str]` - `registrant_phone_ext: Optional[str]` - `registrant_postal_code: Optional[str]` - `registrant_province: Optional[str]` - `registrant_referral_url: Optional[str]` - `registrant_street: Optional[str]` - `registrar_city: Optional[str]` - `registrar_country: Optional[str]` - `registrar_email: Optional[str]` - `registrar_fax: Optional[str]` - `registrar_fax_ext: Optional[str]` - `registrar_id: Optional[str]` - `registrar_name: Optional[str]` - `registrar_org: Optional[str]` - `registrar_phone: Optional[str]` - `registrar_phone_ext: Optional[str]` - `registrar_postal_code: Optional[str]` - `registrar_province: Optional[str]` - `registrar_referral_url: Optional[str]` - `registrar_street: Optional[str]` - `status: Optional[List[str]]` - `technical_city: Optional[str]` - `technical_country: Optional[str]` - `technical_email: Optional[str]` - `technical_fax: Optional[str]` - `technical_fax_ext: Optional[str]` - `technical_id: Optional[str]` - `technical_name: Optional[str]` - `technical_org: Optional[str]` - `technical_phone: Optional[str]` - `technical_phone_ext: Optional[str]` - `technical_postal_code: Optional[str]` - `technical_province: Optional[str]` - `technical_referral_url: Optional[str]` - `technical_street: Optional[str]` - `updated_date: Optional[datetime]` - `updated_date_raw: Optional[str]` - `whois_server: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) whois = client.intel.whois.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(whois.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "dnssec": true, "domain": "cloudflare.com", "extension": "com", "found": true, "nameservers": [ "ns3.cloudflare.com", "ns4.cloudflare.com", "ns5.cloudflare.com", "ns6.cloudflare.com", "ns7.cloudflare.com" ], "punycode": "cloudflare.com", "registrant": "registrant", "registrar": "Cloudflare, Inc.", "id": "1542998887_DOMAIN_COM-VRSN", "administrative_city": "administrative_city", "administrative_country": "administrative_country", "administrative_email": "administrative_email", "administrative_fax": "administrative_fax", "administrative_fax_ext": "administrative_fax_ext", "administrative_id": "administrative_id", "administrative_name": "administrative_name", "administrative_org": "administrative_org", "administrative_phone": "administrative_phone", "administrative_phone_ext": "administrative_phone_ext", "administrative_postal_code": "administrative_postal_code", "administrative_province": "administrative_province", "administrative_referral_url": "administrative_referral_url", "administrative_street": "administrative_street", "billing_city": "billing_city", "billing_country": "billing_country", "billing_email": "billing_email", "billing_fax": "billing_fax", "billing_fax_ext": "billing_fax_ext", "billing_id": "billing_id", "billing_name": "billing_name", "billing_org": "billing_org", "billing_phone": "billing_phone", "billing_phone_ext": "billing_phone_ext", "billing_postal_code": "billing_postal_code", "billing_province": "billing_province", "billing_referral_url": "billing_referral_url", "billing_street": "billing_street", "created_date": "2009-02-17T22:07:54.000Z", "created_date_raw": "2009-02-17T22:07:54Z", "expiration_date": "2033-02-17T22:07:54.000Z", "expiration_date_raw": "2033-02-17T22:07:54Z", "registrant_city": "registrant_city", "registrant_country": "registrant_country", "registrant_email": "registrant_email", "registrant_fax": "registrant_fax", "registrant_fax_ext": "registrant_fax_ext", "registrant_id": "registrant_id", "registrant_name": "registrant_name", "registrant_org": "registrant_org", "registrant_phone": "registrant_phone", "registrant_phone_ext": "registrant_phone_ext", "registrant_postal_code": "registrant_postal_code", "registrant_province": "registrant_province", "registrant_referral_url": "registrant_referral_url", "registrant_street": "registrant_street", "registrar_city": "registrar_city", "registrar_country": "registrar_country", "registrar_email": "registrar_email", "registrar_fax": "registrar_fax", "registrar_fax_ext": "registrar_fax_ext", "registrar_id": "registrar_id", "registrar_name": "registrar_name", "registrar_org": "registrar_org", "registrar_phone": "registrar_phone", "registrar_phone_ext": "registrar_phone_ext", "registrar_postal_code": "registrar_postal_code", "registrar_province": "registrar_province", "registrar_referral_url": "registrar_referral_url", "registrar_street": "registrar_street", "status": [ "clientdeleteprohibited", "clienttransferprohibited", "clientupdateprohibited", "serverdeleteprohibited", "servertransferprohibited", "serverupdateprohibited" ], "technical_city": "technical_city", "technical_country": "technical_country", "technical_email": "technical_email", "technical_fax": "technical_fax", "technical_fax_ext": "technical_fax_ext", "technical_id": "technical_id", "technical_name": "technical_name", "technical_org": "technical_org", "technical_phone": "technical_phone", "technical_phone_ext": "technical_phone_ext", "technical_postal_code": "technical_postal_code", "technical_province": "technical_province", "technical_referral_url": "technical_referral_url", "technical_street": "technical_street", "updated_date": "2024-01-09T16:45:28.000Z", "updated_date_raw": "2024-01-09T16:45:28Z", "whois_server": "whois.cloudflare.com" } } ``` ## Domain Types ### Whois - `class Whois: …` - `created_date: Optional[date]` - `domain: Optional[str]` - `nameservers: Optional[List[str]]` - `registrant: Optional[str]` - `registrant_country: Optional[str]` - `registrant_email: Optional[str]` - `registrant_org: Optional[str]` - `registrar: Optional[str]` - `updated_date: Optional[date]` ### Whois Get Response - `class WhoisGetResponse: …` - `dnssec: bool` - `domain: str` - `extension: str` - `found: bool` - `nameservers: List[str]` - `punycode: str` - `registrant: str` - `registrar: str` - `id: Optional[str]` - `administrative_city: Optional[str]` - `administrative_country: Optional[str]` - `administrative_email: Optional[str]` - `administrative_fax: Optional[str]` - `administrative_fax_ext: Optional[str]` - `administrative_id: Optional[str]` - `administrative_name: Optional[str]` - `administrative_org: Optional[str]` - `administrative_phone: Optional[str]` - `administrative_phone_ext: Optional[str]` - `administrative_postal_code: Optional[str]` - `administrative_province: Optional[str]` - `administrative_referral_url: Optional[str]` - `administrative_street: Optional[str]` - `billing_city: Optional[str]` - `billing_country: Optional[str]` - `billing_email: Optional[str]` - `billing_fax: Optional[str]` - `billing_fax_ext: Optional[str]` - `billing_id: Optional[str]` - `billing_name: Optional[str]` - `billing_org: Optional[str]` - `billing_phone: Optional[str]` - `billing_phone_ext: Optional[str]` - `billing_postal_code: Optional[str]` - `billing_province: Optional[str]` - `billing_referral_url: Optional[str]` - `billing_street: Optional[str]` - `created_date: Optional[datetime]` - `created_date_raw: Optional[str]` - `expiration_date: Optional[datetime]` - `expiration_date_raw: Optional[str]` - `registrant_city: Optional[str]` - `registrant_country: Optional[str]` - `registrant_email: Optional[str]` - `registrant_fax: Optional[str]` - `registrant_fax_ext: Optional[str]` - `registrant_id: Optional[str]` - `registrant_name: Optional[str]` - `registrant_org: Optional[str]` - `registrant_phone: Optional[str]` - `registrant_phone_ext: Optional[str]` - `registrant_postal_code: Optional[str]` - `registrant_province: Optional[str]` - `registrant_referral_url: Optional[str]` - `registrant_street: Optional[str]` - `registrar_city: Optional[str]` - `registrar_country: Optional[str]` - `registrar_email: Optional[str]` - `registrar_fax: Optional[str]` - `registrar_fax_ext: Optional[str]` - `registrar_id: Optional[str]` - `registrar_name: Optional[str]` - `registrar_org: Optional[str]` - `registrar_phone: Optional[str]` - `registrar_phone_ext: Optional[str]` - `registrar_postal_code: Optional[str]` - `registrar_province: Optional[str]` - `registrar_referral_url: Optional[str]` - `registrar_street: Optional[str]` - `status: Optional[List[str]]` - `technical_city: Optional[str]` - `technical_country: Optional[str]` - `technical_email: Optional[str]` - `technical_fax: Optional[str]` - `technical_fax_ext: Optional[str]` - `technical_id: Optional[str]` - `technical_name: Optional[str]` - `technical_org: Optional[str]` - `technical_phone: Optional[str]` - `technical_phone_ext: Optional[str]` - `technical_postal_code: Optional[str]` - `technical_province: Optional[str]` - `technical_referral_url: Optional[str]` - `technical_street: Optional[str]` - `updated_date: Optional[datetime]` - `updated_date_raw: Optional[str]` - `whois_server: Optional[str]` # Indicator Feeds ## Get indicator feeds owned by this account `intel.indicator_feeds.list(IndicatorFeedListParams**kwargs) -> SyncSinglePage[IndicatorFeedListResponse]` **get** `/accounts/{account_id}/intel/indicator-feeds` Retrieves details for all accessible custom threat indicator feeds. ### Parameters - `account_id: str` Identifier ### Returns - `class IndicatorFeedListResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.intel.indicator_feeds.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "user specified description 1", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "user_specified_name_1" }, { "id": 2, "created_on": "2023-05-21T21:43:52.867525Z", "description": "User specified description 2", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-28T18:46:18.764425Z", "name": "user_specified_name_2" } ] } ``` ## Get indicator feed metadata `intel.indicator_feeds.get(intfeed_id, IndicatorFeedGetParams**kwargs) -> IndicatorFeedGetResponse` **get** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}` Retrieves details for a specific custom threat indicator feed. ### Parameters - `account_id: str` Identifier - `feed_id: int` Indicator feed ID ### Returns - `class IndicatorFeedGetResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `latest_upload_status: Optional[Literal["Mirroring", "Unifying", "Loading", 3 more]]` Status of the latest snapshot uploaded - `"Mirroring"` - `"Unifying"` - `"Loading"` - `"Provisioning"` - `"Complete"` - `"Error"` - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed - `provider_id: Optional[str]` The unique identifier for the provider - `provider_name: Optional[str]` The provider of the indicator feed ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) indicator_feed = client.intel.indicator_feeds.get( feed_id=12, account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(indicator_feed.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "latest_upload_status": "Complete", "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1", "provider_id": "provider_id", "provider_name": "provider_name" } } ``` ## Create new indicator feed `intel.indicator_feeds.create(IndicatorFeedCreateParams**kwargs) -> IndicatorFeedCreateResponse` **post** `/accounts/{account_id}/intel/indicator-feeds` Creates a new custom threat indicator feed for sharing threat intelligence data. ### Parameters - `account_id: str` Identifier - `description: Optional[str]` The description of the example test - `name: Optional[str]` The name of the indicator feed ### Returns - `class IndicatorFeedCreateResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) indicator_feed = client.intel.indicator_feeds.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(indicator_feed.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1" } } ``` ## Update indicator feed metadata `intel.indicator_feeds.update(intfeed_id, IndicatorFeedUpdateParams**kwargs) -> IndicatorFeedUpdateResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}` Revises details for a specific custom threat indicator feed. ### Parameters - `account_id: str` Identifier - `feed_id: int` Indicator feed ID - `description: Optional[str]` The new description of the feed - `is_attributable: Optional[bool]` The new is_attributable value of the feed - `is_downloadable: Optional[bool]` The new is_downloadable value of the feed - `is_public: Optional[bool]` The new is_public value of the feed - `name: Optional[str]` The new name of the feed ### Returns - `class IndicatorFeedUpdateResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) indicator_feed = client.intel.indicator_feeds.update( feed_id=12, account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(indicator_feed.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": 1, "created_on": "2023-05-12T12:21:56.777653Z", "description": "example feed description", "is_attributable": false, "is_downloadable": false, "is_public": false, "modified_on": "2023-06-18T03:13:34.123321Z", "name": "example_feed_1" } } ``` ## Get indicator feed data `intel.indicator_feeds.data(intfeed_id, IndicatorFeedDataParams**kwargs) -> IndicatorFeedDataResponse` **get** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}/data` Retrieves the raw data entries in a custom threat indicator feed. ### Parameters - `account_id: str` Identifier - `feed_id: int` Indicator feed ID ### Returns - `str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) response = client.intel.indicator_feeds.data( feed_id=12, account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response) ``` ## Domain Types ### Indicator Feed List Response - `class IndicatorFeedListResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed ### Indicator Feed Get Response - `class IndicatorFeedGetResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `latest_upload_status: Optional[Literal["Mirroring", "Unifying", "Loading", 3 more]]` Status of the latest snapshot uploaded - `"Mirroring"` - `"Unifying"` - `"Loading"` - `"Provisioning"` - `"Complete"` - `"Error"` - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed - `provider_id: Optional[str]` The unique identifier for the provider - `provider_name: Optional[str]` The provider of the indicator feed ### Indicator Feed Create Response - `class IndicatorFeedCreateResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed ### Indicator Feed Update Response - `class IndicatorFeedUpdateResponse: …` - `id: Optional[int]` The unique identifier for the indicator feed - `created_on: Optional[datetime]` The date and time when the data entry was created - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `modified_on: Optional[datetime]` The date and time when the data entry was last modified - `name: Optional[str]` The name of the indicator feed ### Indicator Feed Data Response - `str` # Snapshots ## Update indicator feed data `intel.indicator_feeds.snapshots.update(intfeed_id, SnapshotUpdateParams**kwargs) -> SnapshotUpdateResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/{feed_id}/snapshot` Revises the raw data entries in a custom threat indicator feed. ### Parameters - `account_id: str` Identifier - `feed_id: int` Indicator feed ID - `source: Optional[str]` The file to upload ### Returns - `class SnapshotUpdateResponse: …` - `file_id: Optional[int]` Feed id - `filename: Optional[str]` Name of the file unified in our system - `status: Optional[str]` Current status of upload, should be unified ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) snapshot = client.intel.indicator_feeds.snapshots.update( feed_id=12, account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(snapshot.file_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "file_id": 1, "filename": "snapshot_file.unified", "status": "unified" } } ``` ## Domain Types ### Snapshot Update Response - `class SnapshotUpdateResponse: …` - `file_id: Optional[int]` Feed id - `filename: Optional[str]` Name of the file unified in our system - `status: Optional[str]` Current status of upload, should be unified # Permissions ## List indicator feed permissions `intel.indicator_feeds.permissions.list(PermissionListParams**kwargs) -> PermissionListResponse` **get** `/accounts/{account_id}/intel/indicator-feeds/permissions/view` Lists current access permissions for custom threat indicator feeds. ### Parameters - `account_id: str` Identifier ### Returns - `List[PermissionListResponseItem]` - `id: Optional[int]` The unique identifier for the indicator feed - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `name: Optional[str]` The name of the indicator feed ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) permissions = client.intel.indicator_feeds.permissions.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(permissions) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "description": "An important indicator list", "is_attributable": false, "is_downloadable": false, "is_public": false, "name": "indicator_list_1" }, { "id": 2, "description": "An even more important indicator list", "is_attributable": true, "is_downloadable": false, "is_public": true, "name": "indicator_list_2" } ] } ``` ## Grant permission to indicator feed `intel.indicator_feeds.permissions.create(PermissionCreateParams**kwargs) -> PermissionCreateResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/permissions/add` Grants access permissions for a custom threat indicator feed to other accounts. ### Parameters - `account_id: str` Identifier - `account_tag: Optional[str]` The Cloudflare account tag of the account to change permissions on - `feed_id: Optional[int]` The ID of the feed to add/remove permissions on ### Returns - `class PermissionCreateResponse: …` - `success: Optional[bool]` Whether the update succeeded or not ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) permission = client.intel.indicator_feeds.permissions.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(permission.success) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "success": true } } ``` ## Revoke permission to indicator feed `intel.indicator_feeds.permissions.delete(PermissionDeleteParams**kwargs) -> PermissionDeleteResponse` **put** `/accounts/{account_id}/intel/indicator-feeds/permissions/remove` Revokes access permissions for a custom threat indicator feed. ### Parameters - `account_id: str` Identifier - `account_tag: Optional[str]` The Cloudflare account tag of the account to change permissions on - `feed_id: Optional[int]` The ID of the feed to add/remove permissions on ### Returns - `class PermissionDeleteResponse: …` - `success: Optional[bool]` Whether the update succeeded or not ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) permission = client.intel.indicator_feeds.permissions.delete( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(permission.success) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "success": true } } ``` ## Domain Types ### Permission List Response - `List[PermissionListResponseItem]` - `id: Optional[int]` The unique identifier for the indicator feed - `description: Optional[str]` The description of the example test - `is_attributable: Optional[bool]` Whether the indicator feed can be attributed to a provider - `is_downloadable: Optional[bool]` Whether the indicator feed can be downloaded - `is_public: Optional[bool]` Whether the indicator feed is exposed to customers - `name: Optional[str]` The name of the indicator feed ### Permission Create Response - `class PermissionCreateResponse: …` - `success: Optional[bool]` Whether the update succeeded or not ### Permission Delete Response - `class PermissionDeleteResponse: …` - `success: Optional[bool]` Whether the update succeeded or not # Downloads # Sinkholes ## List sinkholes owned by this account `intel.sinkholes.list(SinkholeListParams**kwargs) -> SyncSinglePage[Sinkhole]` **get** `/accounts/{account_id}/intel/sinkholes` List sinkholes owned by this account ### Parameters - `account_id: str` Identifier ### Returns - `class Sinkhole: …` - `id: Optional[int]` The unique identifier for the sinkhole - `account_tag: Optional[str]` The account tag that owns this sinkhole - `created_on: Optional[datetime]` The date and time when the sinkhole was created - `modified_on: Optional[datetime]` The date and time when the sinkhole was last modified - `name: Optional[str]` The name of the sinkhole - `r2_bucket: Optional[str]` The name of the R2 bucket to store results - `r2_id: Optional[str]` The id of the R2 instance ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.intel.sinkholes.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": 1, "account_tag": "233f45e61fd1f7e21e1e154ede4q2859", "created_on": "2023-05-12T12:21:56.777653Z", "modified_on": "2023-06-18T03:13:34.123321Z", "name": "sinkhole_1", "r2_bucket": "my_bucket", "r2_id": "" }, { "id": 2, "account_tag": "233f45e61fd1f7e21e1e154ede4q2859", "created_on": "2023-05-21T21:43:52.867525Z", "modified_on": "2023-06-28T18:46:18.764425Z", "name": "sinkhole_1", "r2_bucket": "my_bucket", "r2_id": "" } ] } ``` ## Domain Types ### Sinkhole - `class Sinkhole: …` - `id: Optional[int]` The unique identifier for the sinkhole - `account_tag: Optional[str]` The account tag that owns this sinkhole - `created_on: Optional[datetime]` The date and time when the sinkhole was created - `modified_on: Optional[datetime]` The date and time when the sinkhole was last modified - `name: Optional[str]` The name of the sinkhole - `r2_bucket: Optional[str]` The name of the R2 bucket to store results - `r2_id: Optional[str]` The id of the R2 instance # Attack Surface Report # Issue Types ## Retrieves Security Center Issues Types `intel.attack_surface_report.issue_types.get(IssueTypeGetParams**kwargs) -> SyncSinglePage[IssueTypeGetResponse]` **get** `/accounts/{account_id}/intel/attack-surface-report/issue-types` Lists all available issue types in Security Center, describing categories of security issues. ### Parameters - `account_id: str` Identifier. ### Returns - `str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.intel.attack_surface_report.issue_types.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ "string" ] } ``` ## Domain Types ### Issue Type Get Response - `str` # Issues ## Retrieves Security Center Issues `intel.attack_surface_report.issues.list(IssueListParams**kwargs) -> SyncV4PagePagination[Optional[IssueListResponse]]` **get** `/accounts/{account_id}/intel/attack-surface-report/issues` Lists all Security Center issues for the account, showing active security problems requiring attention. ### Parameters - `account_id: str` Identifier. - `dismissed: Optional[bool]` - `issue_class: Optional[SequenceNotStr[str]]` - `issue_class_neq: Optional[SequenceNotStr[str]]` - `issue_type: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issue_type_neq: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `page: Optional[int]` Specifies the current page within paginated list of results. - `per_page: Optional[int]` Sets the number of results per page of results. - `product: Optional[SequenceNotStr[str]]` - `product_neq: Optional[SequenceNotStr[str]]` - `severity: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `severity_neq: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `subject: Optional[SequenceNotStr[str]]` - `subject_neq: Optional[SequenceNotStr[str]]` ### Returns - `class IssueListResponse: …` - `count: Optional[int]` Indicates the total number of results. - `issues: Optional[List[Issue]]` - `id: Optional[str]` - `dismissed: Optional[bool]` - `issue_class: Optional[str]` - `issue_type: Optional[IssueType]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `payload: Optional[IssuePayload]` - `detection_method: Optional[str]` Describes the method used to detect insight. - `zone_tag: Optional[str]` - `resolve_link: Optional[str]` - `resolve_text: Optional[str]` - `severity: Optional[Literal["Low", "Moderate", "Critical"]]` - `"Low"` - `"Moderate"` - `"Critical"` - `since: Optional[datetime]` - `subject: Optional[str]` - `timestamp: Optional[datetime]` - `page: Optional[int]` Specifies the current page within paginated list of results. - `per_page: Optional[int]` Sets the number of results per page of results. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.intel.attack_surface_report.issues.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result.items[0] print(page.count) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "count": 1, "issues": [ { "id": "id", "dismissed": false, "issue_class": "always_use_https_not_enabled", "issue_type": "compliance_violation", "payload": { "detection_method": "We detected security rules referencing multiple IP addresses directly in the rules.", "zone_tag": "zone_tag" }, "resolve_link": "resolve_link", "resolve_text": "resolve_text", "severity": "Low", "since": "2019-12-27T18:11:19.117Z", "subject": "example.com", "timestamp": "2019-12-27T18:11:19.117Z" } ], "page": 1, "per_page": 25 } } ``` ## Retrieves Security Center Issue Counts by Class `intel.attack_surface_report.issues.class_(IssueClassParams**kwargs) -> IssueClassResponse` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/class` Retrieves Security Center issue counts aggregated by classification class. ### Parameters - `account_id: str` Identifier. - `dismissed: Optional[bool]` - `issue_class: Optional[SequenceNotStr[str]]` - `issue_class_neq: Optional[SequenceNotStr[str]]` - `issue_type: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issue_type_neq: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `product: Optional[SequenceNotStr[str]]` - `product_neq: Optional[SequenceNotStr[str]]` - `severity: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `severity_neq: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `subject: Optional[SequenceNotStr[str]]` - `subject_neq: Optional[SequenceNotStr[str]]` ### Returns - `List[IssueClassResponseItem]` - `count: Optional[int]` - `value: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.intel.attack_surface_report.issues.class_( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Retrieves Security Center Issue Counts by Severity `intel.attack_surface_report.issues.severity(IssueSeverityParams**kwargs) -> IssueSeverityResponse` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/severity` Retrieves Security Center issue counts aggregated by severity level. ### Parameters - `account_id: str` Identifier. - `dismissed: Optional[bool]` - `issue_class: Optional[SequenceNotStr[str]]` - `issue_class_neq: Optional[SequenceNotStr[str]]` - `issue_type: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issue_type_neq: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `product: Optional[SequenceNotStr[str]]` - `product_neq: Optional[SequenceNotStr[str]]` - `severity: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `severity_neq: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `subject: Optional[SequenceNotStr[str]]` - `subject_neq: Optional[SequenceNotStr[str]]` ### Returns - `List[IssueSeverityResponseItem]` - `count: Optional[int]` - `value: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.intel.attack_surface_report.issues.severity( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Retrieves Security Center Issue Counts by Type `intel.attack_surface_report.issues.type(IssueTypeParams**kwargs) -> IssueTypeResponse` **get** `/accounts/{account_id}/intel/attack-surface-report/issues/type` Retrieves Security Center issue counts aggregated by issue type. ### Parameters - `account_id: str` Identifier. - `dismissed: Optional[bool]` - `issue_class: Optional[SequenceNotStr[str]]` - `issue_class_neq: Optional[SequenceNotStr[str]]` - `issue_type: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `issue_type_neq: Optional[List[IssueType]]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `product: Optional[SequenceNotStr[str]]` - `product_neq: Optional[SequenceNotStr[str]]` - `severity: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `severity_neq: Optional[List[SeverityQueryParam]]` - `"low"` - `"moderate"` - `"critical"` - `subject: Optional[SequenceNotStr[str]]` - `subject_neq: Optional[SequenceNotStr[str]]` ### Returns - `List[IssueTypeResponseItem]` - `count: Optional[int]` - `value: Optional[str]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.intel.attack_surface_report.issues.type( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "count": 1, "value": "value" } ] } ``` ## Archives Security Center Insight `intel.attack_surface_report.issues.dismiss(strissue_id, IssueDismissParams**kwargs) -> IssueDismissResponse` **put** `/accounts/{account_id}/intel/attack-surface-report/{issue_id}/dismiss` Deprecated endpoint for archiving Security Center insights. Use the newer archive-security-center-insight endpoint instead. ### Parameters - `account_id: str` Identifier. - `issue_id: str` - `dismiss: Optional[bool]` ### Returns - `class IssueDismissResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.intel.attack_surface_report.issues.dismiss( issue_id="issue_id", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Issue Type - `Literal["compliance_violation", "email_security", "exposed_infrastructure", 3 more]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` ### Severity Query Param - `Literal["low", "moderate", "critical"]` - `"low"` - `"moderate"` - `"critical"` ### Issue List Response - `class IssueListResponse: …` - `count: Optional[int]` Indicates the total number of results. - `issues: Optional[List[Issue]]` - `id: Optional[str]` - `dismissed: Optional[bool]` - `issue_class: Optional[str]` - `issue_type: Optional[IssueType]` - `"compliance_violation"` - `"email_security"` - `"exposed_infrastructure"` - `"insecure_configuration"` - `"weak_authentication"` - `"configuration_suggestion"` - `payload: Optional[IssuePayload]` - `detection_method: Optional[str]` Describes the method used to detect insight. - `zone_tag: Optional[str]` - `resolve_link: Optional[str]` - `resolve_text: Optional[str]` - `severity: Optional[Literal["Low", "Moderate", "Critical"]]` - `"Low"` - `"Moderate"` - `"Critical"` - `since: Optional[datetime]` - `subject: Optional[str]` - `timestamp: Optional[datetime]` - `page: Optional[int]` Specifies the current page within paginated list of results. - `per_page: Optional[int]` Sets the number of results per page of results. ### Issue Class Response - `List[IssueClassResponseItem]` - `count: Optional[int]` - `value: Optional[str]` ### Issue Severity Response - `List[IssueSeverityResponseItem]` - `count: Optional[int]` - `value: Optional[str]` ### Issue Type Response - `List[IssueTypeResponseItem]` - `count: Optional[int]` - `value: Optional[str]` ### Issue Dismiss Response - `class IssueDismissResponse: …` - `errors: List[Error]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[ErrorSource]` - `pointer: Optional[str]` - `messages: List[Message]` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageSource]` - `pointer: Optional[str]` - `success: Literal[true]` Whether the API call was successful. - `true`