JSON objects

SearchCriteria

The name, operator and value fields must be used together.
The junction and elements fields must be used together and are used to create more complex queries.

Name	Required	Type	Default value	Description
name	No	String		The ThreatEvent field you want to search for. Allowed values : eventId, domain Example: domain
operator	No	String	EQUALS	The search operator. Allowed values : EQUALS, NOT_EQUALS, EQUALS_CASE_INSENSITIVE, STARTS_WITH, ENDS_WITH, CONTAINS, IN, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS, LESS_THAN_OR_EQUALS
value	No	String, String[], Integer, Integer[]		The value of the name field. Examples : example.com ['example.com', 'example.net']
junction	No	String	AND	Logical operator used with the elements field. Allowed values : AND, OR
elements	No	List of SearchCriteria		A list of SearchCriteria which will be used with the junction logical operator

SearchResult

Name	Type	Default value	Description
total	Integer		Total number of events matching the search criteria
limit	Integer	100	Number of events returned
offset	Integer	0	Offset used
results	List of ThreatEvent		List of events matching the search criteria

ThreatEvent

Name	Type	Default value	Description
id	String		Threat event identifier
date	String		Datetime of the event
type	String		Event type (DOMAIN_REPORTED)
brand	Brand		Brand related to the threat event
domain	String		Domain on which the threat event was detected
criticality	Criticality		Threat event's criticality
comments	List of Comment		Comments submitted
customer_id	Integer		The customer identifier of the event
observed_data	ThreatEventObservedData		Observed data of the threat event (whois, dns records, website details/redirections)

Brand

Name	Type	Default value	Description
id	String		Threat event identifier
monitored_since	String		Datetime of the first analyze
name	String		Brand name

Criticality

Name	Type	Default value	Description
level	String		Criticality of the event
name	String		Name of event's criticality

Comment

Name	Type	Default value	Description
content	String		Comment content
date	String		Datetime of comment submission

ThreatEventObservedData

Name	Type	Default value	Description
dns_records	DnsRecord[]		DNS records of domain observed
whois	Whois		Whois of domain observed
website	Website		Website of domain observed

DnsRecord

Name	Type	Default value	Description
country_code	String		Dns record country code
ip	String		Dns record ip
name	String		Dns record name
type	String		Dns record type (CNAME, A, PTR, CAA, TXT...)

Whois

Name	Type	Default value	Description
owner_name	String		Whois owner name
owner_email	String		Whois owner email
owner_organisation	String		Whois owner organization name
admin_name	String		Whois admin name
admin_email	String		Whois admin email
admin_organisation	String		Whois admin organization name
registrar_name	String		Registrar name of the domain
statuses	String[]		Domain statuses
creation_date	String		Domain creation date time
updated_date	String		Domain update date time
expiration_date	String		Domain expiration date time
resource_url	String		Resource url of the raw whois

Website

Name	Type	Default value	Description
page_title	String		Website page title
page_description	String		Website page description
origin_url	String		Website origin url
final_url	String		Final url after redirection chain
redirection_types	String[]		HTTP redirection code(s)
screenshot_resource_url	String		Resource url of the website's screenshot
source_resource_url	String		Resource url of the website's source code

GenericPage

Name	Type	Default value	Description
data	Array	[]	Array of requested data
current_page	Integer	0	Current page number
total_pages	Integer	0	Total number of pages
total_items	Integer	0	Total number of datas
page_size	Integer	100	Page size
has_next	boolean	false	Next page available
has_previous	boolean	false	Previous page available