List threat events
List threat events v2
This endpoint allows you to search for threat events which were detected by your domain monitoring. Many results can be returned, so a pagination system is provided with the size and page parameters. You can search for events by specific domain, criticality level, or date range.
Endpoint
GET /cti/v2/events
Parameters
| Name | Location | Required | Type | Default value | Description |
|---|---|---|---|---|---|
| size | URL | No | Integer | 100 | Number of events to return (max 500) |
| page | URL | No | Integer | 0 | Page offset used |
| customerId | URL | No | Integer | Connected user's customer ID | Search for events associated to this customer. By default, the id of the customer associated to the connected user will be used |
| sort | URL | No | String | date,asc | Attribute sort, can be multivalued (the order of the parameters is important). Available: id, date, type, brand, domain, criticality Format: sort=attribute1,attribute2 (default ascending order) Format: sort=attribute1,desc&sort=attribute2,asc |
| criticality | URL | No | String | Search for events with a specific criticality (Could be: NONE, LOW, MEDIUM, HIGH) | |
| domain | URL | No | String | search for events with a domain name that contains the value | |
| startedAt | URL | No | String | Search for events emitted after this datetime (UTC). Format : yyyy-MM-dd HH:mm:ss | |
| endedAt | URL | No | String | Search for events emitted before this datetime (UTC). Format : yyyy-MM-dd HH:mm:ss |
Request
GET /cti/v2/events?criticality=LOW&startedAt=2024-12-31%2015:30:45
Response
A page of ThreatEvent.
{
"data": [
{
"date": "2025-01-27T09:42:58.000Z",
"type": "DOMAIN_REPORTED",
"customer_id": 42,
"brand": {
"id": 1,
"name": "Example",
"monitored_since": "2014-06-13T15:20:08.880Z"
},
"domain": "example.com",
"observed_data": {
"dns_records": [
{
"country_code": "CH",
"ip": "1.1.1.42",
"name": "ns.example.net",
"type": "NS",
"autonomous_system_info": {
"as_number": "12345",
"as_organization": "Example Org."
}
},
{
"country_code": "FR",
"ip": "2.2.2.42",
"name": "mx.mail.example.net",
"type": "MX",
"autonomous_system_info": {
"as_number": "67891",
"as_organization": "Example SAS"
}
},
{
"country_code": "CH",
"ip": "3.3.3.42",
"name": "a.example.net",
"type": "A",
"autonomous_system_info": {
"as_number": "23456",
"as_organization": "Example TM"
}
},
{
"country_code": "ZZ",
"ip": "4.4.4.42",
"name": "example.example.com",
"type": "CNAME",
"autonomous_system_info": {
"as_number": "78910",
"as_organization": "Example"
}
}
],
"whois": {
"owner_name": "Example owner",
"owner_email": "owner@example.com",
"owner_organisation": "Example Org",
"registrar_name": "Nameshield",
"statuses": [
"clientDeleteProhibited",
"clientRenewProhibited",
"clientTransferProhibited",
"clientUpdateProhibited"
],
"creation_date": "1998-09-22T22:00:00.000Z",
"updated_date": "2023-09-21T22:00:00.000Z",
"expiration_date": "2025-09-21T22:00:00.000Z",
"resource_url": "https://resources.namescan.com/lorem4hcvl9n1vebral8ncll.txt"
},
"website": {
"page_title": "Example title",
"page_description": "Example description",
"origin_url": "http://www.example.com",
"final_url": "https://example.com",
"redirection_types": [
"301"
],
"screenshot_resource_url": "https://resources.namescan.com/ipsumtg08as0c90r4vs71u9eab.png",
"source_resource_url": "https://resources.namescan.com/dolore8dvik94indgf4ehfed5s.html"
}
},
"criticality": {
"level": "LOW",
"name": "Low"
},
"comments": [
{
"content": "Lorem ipsum dolor sit amet, qui minim labore adipisicing minim sint cillum sint consectetur cupidatat.",
"date": "2025-01-27T17:28:10.670Z"
}
],
"id": "2fc25065-4766-5fa1-93a3-471f36599f1d"
}
],
"current_page": 0,
"total_pages": 1,
"total_items": 1,
"page_size": 100,
"has_next": false,
"has_previous": false
}