List threat events

List threat events v2

This endpoint allows you to search for threat events which were detected by your domain monitoring. Many results can be returned, so a pagination system is provided with the limit and offset parameters. You can search for events by specific domain, criticality level, or date range.

Endpoint

GET /cti/v2/events

Parameters

Name	Location	Required	Type	Default value	Description
size	URL	No	Integer	100	Number of events to return (max 500)
page	URL	No	Integer	0	Page offset used
customerId	URL	No	Integer	Connected user's customer ID	Search for events associated to this customer. By default, the id of the customer associated to the connected user will be used
sort	URL	No	String	date,asc	Attribute sort, can be multivalued (the order of the parameters is important). Available: id, date, type, brand, domain, criticality Format: sort=attribute1,attribute2 (default ascending order) Format: sort=attribute1,desc&sort=attribute2,asc
criticality	URL	No	String		Search for events with a specific criticality (Could be: NONE, LOW, MEDIUM, HIGH)
domain	URL	No	String		search for events with a domain name that contains the value
startedAt	URL	No	String		Search for events emitted after this datetime (UTC). Format : yyyy-MM-dd HH:mm:ss
endedAt	URL	No	String		Search for events emitted before this datetime (UTC). Format : yyyy-MM-dd HH:mm:ss

Request

GET /cti/v2/events?criticality=LOW&startedAt=2024-12-31%2015:30:45

Response

A page of ThreatEvent.

{
  "data": [
    {
      "date": "2025-01-27T09:42:58.000Z",
      "type": "DOMAIN_REPORTED",
      "customer_id": 42,
      "brand": {
        "id": 1,
        "name": "Example",
        "monitored_since": "2014-06-13T15:20:08.880Z"
      },
      "domain": "example.com",
      "observed_data": {
        "dns_records": [
          {
            "country_code": "CH",
            "ip": "1.1.1.42",
            "name": "ns.example.net",
            "type": "NS"
          },
          {
            "country_code": "FR",
            "ip": "2.2.2.42",
            "name": "mx.mail.example.net",
            "type": "MX"
          },
          {
            "country_code": "CH",
            "ip": "3.3.3.42",
            "name": "a.example.net",
            "type": "A"
          },
          {
            "country_code": "ZZ",
            "ip": "4.4.4.42",
            "name": "example.example.com",
            "type": "CNAME"
          }
        ],
        "whois": {
          "owner_name": "Example owner",
          "owner_email": "owner@example.com",
          "owner_organisation": "Example Org",
          "registrar_name": "Nameshield",
          "statuses": [
            "clientDeleteProhibited",
            "clientRenewProhibited",
            "clientTransferProhibited",
            "clientUpdateProhibited"
          ],
          "creation_date": "1998-09-22T22:00:00.000Z",
          "updated_date": "2023-09-21T22:00:00.000Z",
          "expiration_date": "2025-09-21T22:00:00.000Z",
          "resource_url": "https://resources.namescan.com/lorem4hcvl9n1vebral8ncll.txt"
        },
        "website": {
          "page_title": "Example title",
          "page_description": "Example description",
          "origin_url": "http://www.example.com",
          "final_url": "https://example.com",
          "redirection_types": [
            "301"
          ],
          "screenshot_resource_url": "https://resources.namescan.com/ipsumtg08as0c90r4vs71u9eab.png",
          "source_resource_url": "https://resources.namescan.com/dolore8dvik94indgf4ehfed5s.html"
        }
      },
      "criticality": {
        "level": "LOW",
        "name": "Low"
      },
      "comments": [
        {
          "content": "Lorem ipsum dolor sit amet, qui minim labore adipisicing minim sint cillum sint consectetur cupidatat.",
          "date": "2025-01-27T17:28:10.670Z"
        }
      ],
      "id": "2fc25065-4766-5fa1-93a3-471f36599f1d"
    }
  ],
  "current_page": 0,
  "total_pages": 1,
  "total_items": 1,
  "page_size": 100,
  "has_next": false,
  "has_previous": false
}

List threat events v1 (deprecated)

This route will soon be removed; please use list thread v2 instead.

This endpoint allows you to search for threat events which were detected by your domain monitoring. Many results can be returned, so a pagination system is provided with the limit and offset parameters. You can search for events that took place on a particular domain, or search for a specific event with its id.

Endpoint

POST /cti/v1/events/search

Parameters

Name	Location	Required	Type	Default value	Description
query_parameters	Body	No	SearchCriteria[]		List of search criteria
limit	Body	No	Integer	100	Number of events to return (max 500)
offset	Body	No	Integer	0	Offset used
customer_id	Body	No	Integer	Connected user's customer ID	Search for events associated to this customer. By default, the id of the customer associated to the connected user will be used
criticality	Body	No	String		Search for events with a specific criticality (Could be: NONE, LOW, MEDIUM, HIGH)
include_customer_children_events	Body	No	Boolean	true	Search for events associated to subsidiaries
started_at	Body	No	String		Search for events emitted after this datetime (UTC). Format : yyyy-MM-dd HH:mm:ss
ended_at	Body	No	String		Search for events emitted before this datetime (UTC). Format : yyyy-MM-dd HH:mm:ss

Response

A SearchResult object.

Example Request

POST /cti/v1/events/search
Content-Type: application/json

Body

{
    "query_parameters": [
        {
            "name": "domain",
            "operator": "ENDS_WITH",
            "value": ".com"
        }
    ],
    "limit": 10,
    "started_At": "2023-10-01 00:00:00",
    "ended_at": "2023-10-31 00:00:00"
}

Example Response

{
  "message": "OK",
  "data": {
    "limit": 10,
    "offset": 0,
    "total": 1,
    "results": [
      {
        "id": "2fc25065-5fa1-4766-93a3-471f36599f1d",
        "date": "2023-10-27T09:42:58.000Z",
        "type": "DOMAIN_REPORTED",
        "brand": {
          "id": 1,
          "name": "Example",
          "monitored_since": "2014-06-13T15:20:08.880Z"
        },
        "domain": "example.com",
        "criticality": {
          "level": "HIGH",
          "name": "High"
        },
        "comments": [
          {
            "content": "Lorem ipsum dolor sit amet, qui minim labore adipisicing minim sint cillum sint consectetur cupidatat.",
            "date": "2023-10-26T07:28:10.670Z"
          }
        ],
        "customer_id": 6,
        "observed_data": {
          "dns_records": [
            {
              "country_code": "ZZ",
              "ip": "13.107.246.42",
              "name": "cng4cvfbf6g4eaby.example.com",
              "type": "CNAME"
            }
          ],
          "whois": {
            "owner_name": "Example owner",
            "owner_email": "owner@example.com",
            "owner_organisation": "Example Org",
            "registrar_name": "Nameshield",
            "statuses": [
              "clientDeleteProhibited",
              "clientRenewProhibited",
              "clientTransferProhibited",
              "clientUpdateProhibited"
            ],
            "creation_date": "1998-09-22T22:00:00.000Z",
            "updated_date": "2023-09-21T22:00:00.000Z",
            "expiration_date": "2024-09-21T22:00:00.000Z",
            "resource_url": "https://resources.namescan.com/l5occem4hcvl9n1vebral8ncll.txt"
          },
          "website": {
            "page_title": "Example title",
            "page_description": "Example description",
            "origin_url": "http://www.example.com",
            "final_url": "https://example.com",
            "redirection_types": [
              "301"
            ],
            "screenshot_resource_url": "https://resources.namescan.com/ius4otg08as0c90r4vs71u9eab.png",
            "source_resource_url": "https://resources.namescan.com/f5bg8e8dvik94indgf4ehfed5s.html"
          }
        }
      }
    ]
  }
}