Changelog

The Cloudforce One Threat Events API now supports TAXII ↗ as an output format, enabling standardized, automated sharing of cyber threat intelligence with your existing security stack.

• You can now ingest Cloudforce One threat data directly into your SIEM, TIP or SOAR tools that prefer TAXII-formatted streams without needing custom translation scripts.
• By supporting the TAXII format parameter in our API, security teams can automate the synchronization of indicator data, reducing the manual overhead of updating blocklists and detection rules.
• This alignment with industry standards ensures that your threat data remains consistent across different security ecosystems and partner integrations.

When calling the Threat Events API, you can now specify taxii in the format query parameter:

GET /accounts/{account_id}/cloudforce_one/threat_events?format=taxii

You can find the updated documentation in the Cloudflare API Reference ↗.