Skip to content

Explanation of automated actions

CyberQuestPlayBook/SendAlert method

This action generates an alert with a provided parameters.

Inputs Description
alert_name (is required) The name that will be used in the alert
description The drescription that will be used in the alert
alert_security_level (is required) The alert security level that will be used in the alert
alert_security_score (is required) The alert security score that will be used in the alert

CyberQuestPlayBook/IF method

IF node evaluates the condition and directs the flow through the green output if the evaluation is TRUE otherwise through the red output if the evaluation is FALSE.

Inputs Description
condition (is required) Condition which will be evaluated

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/Code method

Code node is using a DTS object from CYBERQUEST to modify/enrich the playbook data flow with custom functionality which is defined by the user.

Inputs Description
DTS (is required) DTS, or Data Transformation Services, is a JavaScript-based parsing service with multifunctional capabilities. Its main function is to perform advanced transformations on data derived from gathered events

CyberQuestPlayBook/Eval method

This action it's used to evaluate a condition and stop the playbook if it failes.

Inputs Description
condition (is required) Condition which will be evaluated

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/Count method

This operation determines the number of elements present in the array.

Inputs Description
Left Argument (is required) The argument which you want to count
Operation (is required) The operation which is used to count the arguments
Right Argument (is required) The value of the count

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/RunPlayBook method

Enables the execution of a pre-existing playbook.

Inputs Description
PlayBook (is required) The name of the playbook which you want to run
Playbook Input (is required) The input of the playbook

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/ForEachRunPlayBook method

Enables the execution of a pre-existing playbook by a number of times.

Inputs Description
PlayBook (is required) The name of the playbook which you want to run
Playbook Input (is required) The input of the playbook
Iterated Variable (is required) The variable which indicates how many times the playbook will be executed

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/BreakLoopAfterEnd method

This action is used to stop the ForEachRunPlayBook execution.

CyberQuestPlayBook/Check Items In TI method

Checks a list of IP or Domains or Tor Exit Nodes in Threat Intelligence.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
List (is required) The list of IPs or Domains or Tor Exit Nodes which will be verified
Type (is required) The type of check, you can choose from the dropdown list the following items: IPs or Domains or Tor Exit Nodes
Outputs Description
Data (data) The results of the API call

CyberQuestPlayBook/Check And Block IP method

Verified whether the IPs are present in the CQTI list, and block them if they are found in that list.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
IPs A list of the IPs (one per line)
IPs as Array IPs as Array
expires The duration of blocking
comment Additional informations
List The name of the list
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/ValidateCertificates method

This action is verifying for list of hosts the SSL Certificates.

Inputs Description
Hosts (is required) The Hosts you want to check

CyberQuestPlayBook/ValidateCertificate method

This action is verifying a host the SSL Certificates.

Inputs Description
Host (is required) The Host you want to check

CyberQuestPlayBook/Add Case Types method

This action is used to add one or more case types to an already open case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you wish to assign the case type
Case Types (is required) The case types which you want to add of the existing case

CyberQuestPlayBook/Remove Case Types method

This action is used to remove one or more case types to an already open case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to delete the case type
Case Types (is required) The case types which you want to delete of the existing case (one per line)

CyberQuestPlayBook/Create Case method

This action is used to create a new investigation case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Name (is required) The name of the investigation case
Collaborators A list of users ids that can work on this case (array)
Case Types A list of case types which you want to add to the investigation case (array of strings)
Description Additional details about the investigation case.
Outputs Description
Case ID (case_id) The ID of the new created investigation case
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Event Evidence method

This method is used to add additional information (Event) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add event
Input Event (is required) Event to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/SetKeyValueToGlobalEnv method

Set a variable to be called globally.

Inputs Description
Key (is required) The name of the variable
Value (is required) The value which you want to be stored in variable

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/GetKeyValueToGlobalEnv method

This action gets the global parameter.

Inputs Description
Key (is required) The name of the variable which is set globally

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/Case Add Events method

This method is used to add additional information (Events) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add events
Input Events (is required) Events to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Alert Evidence method

This method is used to add additional information (Alert) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add alert
Input Alert (is required) Alert to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Alerts method

This method is used to add additional information (Alerts) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add alerts
Input Alerts (is required) Alerts to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Get Alerts method

This method is used to get the alerts from the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to get the alerts
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Get Events method

This method is used to get the events from the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to get the events
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Get Notes method

This method is used to get the notes from the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to get the notes
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Reopen Case method

This method is used to reopen the case which were closed.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to reopen
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Open Case method

This action help to classify the open cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to classify
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Solved Case method

This action help to classify the solved cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to classify
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Close Case method

This action help to classify the closed cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to classify
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Achieve case method

This action help to archive the cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to archive
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Note method

This action help to create a note for the existing cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the existing case which you want to add the note
Note (is required) The informations you want to add to the Note
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Blocked IPs method

This method help you to block a list of IPs.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
List The list of IPs that you want to block
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Blocked Domains method

This method help you to block a list of Domains.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
List The list of Domains that you want to block
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Add Blocked IPs method

This action help you to block a list o IPs.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
IPs (is required) A list of the IPs (one per line)
expires The duration of blocking
comment Additional informations
List The name of the list
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Add Blocked Domains method

This action help you to block a list o Domains.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Domains (is required) A list of the Domains (one per line)
expires The duration of blocking
comment Additional informations
List The name of the list
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

LinuxActions/Disable User method

This action is used to Disable a User.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to disable

LinuxActions/Enable User method

This action is used to Enable a User.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to enable

LinuxActions/Expire User Password method

This action is used to set the period of the User password.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to set the period of the password

LinuxActions/Disable User Password Expire method

This action is used to disable the period of the User password.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to disable the period of the password

LinuxActions/Start Service method

This action is used to start a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Start a Service

LinuxActions/Stop Service method

This action is used to stop a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Stop a Service

LinuxActions/Restart Service method

This action is used to restart a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Restart a Service

LinuxActions/Enable Service method

This action is used to enable a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Enable a Service

LinuxActions/Disable Service method

This action is used to enable a service disable a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Disable a Service

LinuxActions/Kill Process by PID method

This action is used to Kill a process by PID.

Inputs Description
PID (is required) Provide the Process ID (PID)
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Kill a Process by Process ID

LinuxActions/Kill Process by Name method

This action is used to Kill a process by name.

Inputs Description
Process Name (is required) Provide the Process Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Kill a Process by Name

LinuxActions/CQ Services Status method

This action is used to check the services status.

Inputs Description
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to check the CYBERQUEST Services

LinuxActions/Block IP Address method

This action is used to Block IP Address.

Inputs Description
ipAddress (is required) The IP Address that you want to block
host (is required) The host that you want to block the IP Address
credentialsGUID (is required) The credentials of the Computer that you want to block the IP Address

LinuxActions/Remove Block IP Address method

This action is used to Remove Block IP Address.

Inputs Description
ipAddress (is required) The blocked IP Address that you want to remove
host (is required) The host that you want to remove the blocked IP Address
credentialsGUID (is required) The credentials of the Computer that you want to remove the blocked IP Address

LinuxActions/Check if OS Is Windows method

This action is used to check if OS Is Windows.

Inputs Description
host (is required) The host that you want to verify the Operating System

WindowsActions/Disable User method

This action is used to disable a User.

Inputs Description
Targeted User (is required) The user who is targeted
Host (is required) The target host
Credentials GUID (is required) Credentials GUID

WindowsActions/Enable User method

This action is used to enable a User.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to disable

WindowsActions/Start Service method

This action is used to start a service.

Inputs Description
Targeted Service (is required) Provide the Service Name
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to Start a Service

WindowsActions/Stop Service method

This action is used to stop a service.

Inputs Description
Targeted Service (is required) Provide the Service Name
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to Stop a Service

WindowsActions/Restart Service method

This action is used to restart a service.

Inputs Description
Targeted Service (is required) Provide the Service Name
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to Restart a Service

Notifications/Microsoft Teams method

This action help you to send notification to Microsoft Teams.

Inputs Description
Notification Content (is required) The content of notification

Notifications/Slack method

This action help you to send notification to Slack.

Inputs Description
Notification Content (is required) The content of notification

Notifications/Jira method

This action help you to send notification to Jira.

Inputs Description
Notification Content (is required) The content of notification

Notifications/Email

This action help you to send notification to Email.

Inputs Description
To (is required) To
Subject (is required) Subject
Message (is required) Subject

AbuseIPDB

AbuseIPDB/Check IP method

This action executes an AbuseIPDB IP lookup using the IP address you provided.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP Address (is required) The IP Address which is verified by AbuseIPDB
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Verbose Reports can be included in this response if the verbose flag is added
Outputs Description
IP Address(ipAddress) The investigated IP address
Is Public(isPublic) True or False if the ip is public or not
IP Version(ipVersion) The version of the investigated IP
Is Whitelisted(isWhitelisted) True or false if the investigated IP is in Whitelist of AbuseIPDB
Abuse Confidence Score(abuseConfidenceScore) This score is calculated by AbuseIPDB. This score can be used to take action against a malicious IP
Country Code(countryCode) The country code from which the investigated IP originates
Country Name(countryName) The country name from which the investigated IP originates
Usage Type(usageType) The general use of the investigate IP address (for example: Comercial, Organization, Government, Military, etc.)
ISP(isp) The name of the Internet Service Provider which provided the IP which is investigated
Domain Name(domain) The domain name of the ISP which provided the IP which is investigated
Is TOR(isTor) True or False if the investigated IP was seen in TOR nodes
Total Reports(totalReports) The total number of registered reports about the investigated IP
Distinct Users(numDistinctUsers) The number of distinct users who reported the investigated IP
Last Reported at(lastReportedAt) The date when the investigated IP was last time reported
Reports(reports) The list of reports for the investigated IP

AbuseIPDB/Reports method

This action get reports about IP address.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP Address (is required) The IP address which is verified
Page Navigate the created pagination via PerPage parameter
PerPage Adjust the pagination
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Outputs Description
Total(total) Total number of reports for investigated IP
Page(page) The page number of reports list
Count(count) The number of reports presented in the page
Per Page(perPage) How many reports are listed by page
Last Page(lastPage) The number of the last page which contains reports
Next Page URL(nextPageUrl) The URL of the next page which contains reports
Previous Page URL(previousPageUrl) The URL of the previous page which contains reports
Results(results) The reports listed by page

AbuseIPDB/Blacklist method

This action depending on the input settings you have chosen, AbuseIPDB will return a list of all reported IP addresses or a list of a specific subset of reported IP addresses.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
Minimum Confidence It helps to determine the level of trust or reliability assigned to the reported information associated with an IP address
Limit The number of IP addresses included in the list
Plain Text Set the Plain Text flag if you prefer a simple newline-separated plaintext response
Only Countries This parameter retrieves IPs that only originate in the given country or countries
Except Countries This parameter retrieves all IPs except those that originate in the given country or countries
IP Version Filter results by IP version (v4 or v6) with this parameter
Outputs Description
Generated at(generatedAt) The date when the blacklist was generated
Data(data) List of blacklisted IPs and additional details (Abuse Confidence Score and date the IP was last reported)

AbuseIPDB/Create Report method

Based on the IP address and malware category you have chosen, reports a specific IP address that has been linked to malicious online activity to AbuseIPDB.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP (is required) The reported IP address (IPv4 or IPv6)
Categories (is required) The category in which the IP will be reported
Comment Related information (server logs, timestamps, etc.)
Outputs Description
IP Address(ipAddress) The reported IP Address
Abuse Confidence Score(abuseConfidenceScore) This score is calculated by AbuseIPDB. This score can be used to take action against a malicious IP

AbuseIPDB/Check Blocked IP method

This action check if the IP is block.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
Network (is required) The network address that will be queried
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Outputs Description
Network Address(networkAddress) The starting IP address of the subnet
Netmask(netmask) The subnet mask
Min Address(minAddress) The minimum IP address within the subnet
Max Address(maxAddress) The maximum IP address within the subnet
Number of Possible Hosts(numPossibleHosts) The total number of possible hosts in the subnet
Address Space Description(addressSpaceDesc) A description of the address space (e.g., “Loopback”)
Reported Address(reportedAddress) For each IP address within the subnet, the following details are provided:
ipAddress: The specific IP address;
numReports: The total number of abuse reports for that IP;
mostRecentReport: The timestamp of the most recent report;
abuseConfidenceScore: A calculated evaluation of how abusive the IP is based on user reports;
countryCode: The country code (if available).

AbuseIPDB/Clear Address method

This action clear an IP address.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP Address (is required) The IP address which is cleared
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Outputs Description
Number of Reports Deleted(numReportsDeleted) The number of reports deleted associated with the specified IP address reported by you ( you cant delete reports from another user account)

AlienVault

AlienVault User/Validate User API Key method

Validate your API Key configuration.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Outputs Description
Subscriber Count(subscriber_count) The number of subscribers of the user
Follower Count(follower_count) The number of followers of the user
Member Since(member_since) The timestamp of the creation of the account of the user
Award Count(award_count) The number of awards of the user
Username(username) The username of the user

AlienVault User/User Actions method

Perform actions like follow/subscribe to other users by username.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Username (is required) The user on whom the action takes place
Action (is required) The action that will happen: subscribe, unsubscribe, follow, unfollow
Outputs Description
Status(status) The status of API call

AlienVault Users/Validate API Key method

Validate your API Key configuration.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Outputs Description
Subscriber Count(subscriber_count) The number of subscribers of the user
Follower Count(follower_count) The number of followers of the user
Member Since(member_since) The timestamp of the creation of the account of the user
User ID(user_id) The ID of the user
Username(username) The username of the user

AlienVault Users/Users Actions method

Perform actions like follow/subscribe to other users by username.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Username (is required) The user on whom the action takes place
Action (is required) The action that will happen: subscribe, unsubscribe, follow, unfollow
Outputs Description
Status(status) The status of the API call

AlienVault Search/Search Users method

Search for users matcing query.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
User (is required) Query string to search results with
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: username, pulse_count
Outputs Description
Results(results) The results of the API call

AlienVault Search/Search Pulses method

Search for pulses matcing query.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: modified, created, subscriber_count
Query Query string to search results with
Outputs Description
Results(results) The results of the API call

AlienVault Pulses/View Pulse method

View or edit of pulse with id pulse_id. When editing a pulse, use PATCH.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse
Outputs Description
ID(id) The ID of the interogated Pulse
Name(name) The name of the Pulse
Description(description) Details about Pulse
Author Name(author_name) The name of the person/authority who created the Pulse
Modified(modified) The timestamp when Pulse was last time modified
Created(created) The timestamp when Pulse was created
Tags(tags) A list which contains the tags added by the creator of the Pulse
References(references) A collection of information containing references to various external sources relevant Pulse
Targeted Countries(targeted_countries) A list which contains countries affected by the malware from the Pulse
Indicators(indicators) Informations about the specific threat or security event which is investigated
Groups(groups) A list which contains Open Source Threat Intelligence
Malware Families(malware_families) A list containing the categories in which the malware was classified
Attack IDs(attack_ids) A list which contains attack ids
Industries(industries) A list containing possible industries affected by malware

AlienVault Pulses/List indicators for Pulse method

Returns paginated list view of the indicators inside the pulse pulse_id.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse that will be used
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Related Pulses based on an indicator method

Return all pulses that share an indicator with this pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse that will be used
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Related Pulses By Malware Family method

Find pulses related to either an existing a malware family.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Malware Family (is required) The malware family you'd like to find pulsed related to
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

Find pulses related to either an existing an adversary.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Adversary (is required) Adversary you'd like to find pulsed related to
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Show Subscribed Pulses method

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Modified since (optional, ISO format datetime (UTC) string) Only include pulses who is modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00.123+00:00)
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/IDs of subscribed Pulses method

List the IDs of all pulses you are subscribed to.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Activity of Pulses method

Activity feed consists of pulses:

  • All pulse subscriptions (directly subscribed to pulse, and all pulses by subscribed to users)

  • All pulses created by myself

  • All pulses by users I am following

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Modified since (optional, ISO 8601 format datetime (UTC) string) Only include pulses who is modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00+00:00)
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Subscribe to a Pulse method

Subscribe to pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse the will be used
Outputs Description
Status(status) The status of the action
Subscriber Count(subscriber_count) The number of subscribers of the Pulse

AlienVault Pulses/Unsubscribe from a Pulse method

Unsubscribe from pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse the will be used
Outputs Description
Status(status) The status of the action
Subscriber Count(subscriber_count) The number of subscribers of the Pulse

AlienVault Pulses/List indicators recognized by OTX method

Returns string representations of each indicator type (i.e. "domain"), as recognized by OTX.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Outputs Description
Detail(detail) A list with indicators recognized by AlienVault

AlienVault Pulses/List Events for a Pulses method

List events, such as subscribe/unsubscribe to user/pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Modified since (optional, ISO format datetime (UTC) string) Only include pulses modified more recently than a specific time.
Outputs Description
Results(results) A list of events related to pulse

AlienVault Pulses/Return authenticated or passed users method

Returns authenticated users or passed in user created pulse feed, default sorted by latest modified.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Username (is required) Retrieve details about the username that will be introduced
Since (optional, ISO format datetime (UTC) string) Only include pulses who has modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00.123+00:00)
Outputs Description
Results(results) The results of the API call

AlienVault Pulses/My Pulses method

Returns your feed of pulses you've created, default sorted by latest modified.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Since (optional, ISO format datetime (UTC) string) Only include pulses who has modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00.123+00:00)
Outputs Description
Results(results) A list with pulses created by you
Count(count) The number of pulses created by you

AlienVault Indicators/Details about Domains HTTP Scans Section method

Indicator page API for https scan section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Data(data) A list of reports for the intevestigated IP

AlienVault Indicators/Details about Domains Malware Section method

Indicator page API for malware section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Data(data) A list of reports for the intevestigated IP

AlienVault Indicators/Details about Domains Passive DNS Section method

Indicator page API for DNS section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated domain

AlienVault Indicators/Details about Domains URL List Section method

Indicator page API for URL List section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
url_list(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about Domains Geo Section method

Indicator page API for Geo Section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
ASN(asn) The name of ASN
Country Code(country_code) The country name from where originates investigated IP

AlienVault Indicators/Details about Domains General Section method

Indicator page API for General section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
WHOIS(whois) An external link to gain additional WHOIS informations
Alexa(alexa) An external link to gain additional informations from Amazon Alexa
Indicator(indicator) Informations about the specific threat or security event which is investigated
Type(type) The type of the investigation
Validation(validation) A list of validations done on the investigated domain

AlienVault Indicators/Details about Domains WHOIS Section method

Indicator page API for WHOIS section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Data(data) A list of reports for the intevestigated domain
Related(related) A list of domains related to the investigated domain

AlienVault Indicators/Get Correlation Rule method

Indicator page API for Correlation Rules.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Correlation Rule (is required) Correlation rules in AlienVault are used to analyze and correlate data from various security data sources, such as logs, network traffic, and vulnerability scans
Outputs Description
Indicator(indicator) Indicator (Correlation Rule from input parameter) link related events to detect security threats
Pulses Info(pulses) Threat summaries available in the AlienVault Open Threat Exchange (OTX).

AlienVault Indicators/Submit URL method

This is an endpoint to Submit a single URL at once.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) The url that will be submitted
TLP (is required) Select the color of TLP for the url that will be submitted
Outputs Description
Status(status) The status of API call
Result(result) The result of analysis

AlienVault Indicators/Get Network Intrusion Detection Systems General Section method

Indicator page API for NIDSs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
NIDS (is required) Retrieve details about NIDS that will be introduced
Outputs Description
Base Indicator(base_indicator) Essential information about the specific threat or security event which is investigated
Pulses Info(pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX)
False Positive(false_positive) An Array which includes the false positives detected
Category(category) The main category of security event detected by NIDS
Subcategory(subcategory) Additional details about security event detected by NIDS
Name(name) The name of the security event
Malware Name(malware_name) The malware category in which is classified the security event
Event Activity(event_activity) Details security event
CVE(cve) CVE (Common Vulnerabilities and Exposures) is a program that assigns unique identifiers to publicly disclosed cybersecurity vulnerabilities

AlienVault Indicators/Get Common Vulnerability Enumeration General Section method

Indicator page API for CVEs (MITRE's Common Vulnerability Enumeration).

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
CVE (is required) Retrieve details about CVE (Common Vulnerabilities and Exposures) that will be introduced
Outputs Description
MITRE URL(mitre_url) The Mitre URL to CVE ID investigated
NVD URL(nvd_url) The NDV URL to CVE ID investigated
Base Indicator(base_indicator) Essential information about the specific threat or security event which is investigated
CVE(cve) CVE ID which is investigated
Pulses Info(pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX).
Configurations(configurations) The configurations used to test the CVE
Exploits(exploits) A structured set of data containing information about vulnerabilities
Products(products) A structured set of data containing information about affected products
References(references) A collection of information containing references to various external sources relevant to the CVE investigated
Description(description) General description about
Date modified(date_modified) The last timestamp when the report was modified
Date created(date_created) The timestamp when the report was created
CVSS(cvss) Common Vulnerability Scoring System
CVSS V2(cvss_v2) Common Vulnerability Scoring System Version 2
CVSS V3(cvss_v3) Common Vulnerability Scoring System Version 3

AlienVault Indicators/Get details for URLs HTTPS Scans Section method

Indicator page API for URLs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) Retrieve details about URL that will be introduced
Outputs Description
Data(data) The results of the API call which contains

AlienVault Indicators/Get details for URLs URL List Section method

Indicator page API for URLs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) Retrieve details about URL that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API
City(city) The city from where originates investigated URL
Region(region) The region from where originates investigated URL
Country Code(country_code) The country code from where originates investigated URL

AlienVault Indicators/Get details for URLs General Section method

Indicator page API for URLs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) Retrieve details about URL that will be introduced
Outputs Description
Indicator(indicator) Informations about the specific threat or security event which is investigated
Alexa(alexa) An external link to gain additional informations from Amazon Alexa
WHOIS(whois) An external link to gain additional WHOIS informations
Domain(domain) The domain name of the investigated URL

AlienVault Indicators/Details about Files Hashes Analysis Section method

Indicator page API for files (file hashes).

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
File Hash (is required) Retrieve details about file hash that will be introduced
Outputs Description
Analysis (analysis) The result of the investigation
Malware (malware) The possible types of malware detected

AlienVault Indicators/Details about Files Hashes General Section method

Indicator page API for files (file hashes).

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
File Hash (is required) Retrieve details about file hash that will be introduced
Outputs Description
Type (type) The type of the investigated hash
Type Title (type_title) The full name of the investigated hash
Indicator (indicator) Informations about the specific threat or security event which is investigated
Validation (validation) A list of validations done on the investigated hash
Base Indicator (base_indicator) Essential information about the specific threat or security event which is investigated
Pulse Info (pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX).
False Positive (false_positive) An Array which includes the false positives detected

AlienVault Indicators/Details about Hostnames Passive WHOIS Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
Data(data) A list of reports for investigated hostname
Related(related) A list of hostnames related to the investigated hostname

AlienVault Indicators/Details about Hostnames Passive Malware Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
Data(data) A list of reports for investigated hostname
Count(count) A list of reports for investigated hostname

AlienVault Indicators/Details about Hostnames Passive DNS Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated hostname
Count(count) The number of reports for the investigated hostname

AlienVault Indicators/Details about Hostnames URL List Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about Hostnames General Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
WHOIS (whois) An external link to gain additional WHOIS informations
Alexa (alexa) An external link to gain additional informations from Amazon Alexa
Indicator (indicator) Informations about the specific threat or security event which is investigated
Type (type) The type of the investigated hash
Type Title (type_title) The full name of the investigated hash
Pulses (pulses) Threat summaries available in the AlienVault Open Threat Exchange (OTX)

AlienVault Indicators/Details about IPv6 Passive DNS Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated IP
Count(count) The number of reports for the investigated IP

AlienVault Indicators/Details about IPv6 URL List Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about IPv6 Malware Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
Data (data) The reports about the investigated IP
Count (count) The number of reports for investigated IP

AlienVault Indicators/Details about IPv6 Geo Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
ASN(asn) The name of ASN
City Data(city_data) Details about the city from where originates investigated IP
Country Code(country_code) The country name from where originates investigated IP

AlienVault Indicators/Details about IPv6 Reputation Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
Reputation(reputation) This value is calculated by AlienVault, it represents the degree of trust of the investigated IP

AlienVault Indicators/Details about IPv6 General Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
WHOIS (whois) An external link to gain additional WHOIS informations
Reputation (reputation) This value is calculated by AlienVault, it represents the degree of trust of the investigated IP
Indicator (indicator) Informations about the specific threat or security event which is investigated
Type (type) The type of the investigated IP
ASN (asn) The name of ASN
Country Code (country_code) The country code from where originates investigated IP
Country Name (country_name) The country name from where originates investigated IP
Pulses Info (pulses) Threat summaries available in the AlienVault Open Threat Exchange (OTX)

AlienVault Indicators/Details about IPv4 HTTP Scans Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
Data(Data) A list of reports for the intevestigated IP

AlienVault Indicators/Details about IPv4 Passive DNS Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated IP

AlienVault Indicators/Details about IPv4 URL List Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about IPv4 Malware Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
Data(data) The results of the API call

AlienVault Indicators/Details about IPv4 Geo Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
ASN (asn) The name of ASN
Country Code (country_code) The country name from where originates investigated IP
City (city) The city from where originates investigated IP
Region (region) The region from where originates investigated IP
Latitude (latitude) The latitude from where originates investigated IP
Longitude (longitude) The longitude from where originates investigated IP

AlienVault Indicators/Details about IPv4 General Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
WHOIS (whois) An external link to gain additional WHOIS informations
Reputation (reputation) This value is calculated by AlienVault, it represents the degree of trust of the investigated IP
Indicator (indicator) Informations about the specific threat or security event which is investigated
Type (type) The type of the investigated IP
ASN (asn) The name of ASN
Country Code (country_code) The country name from where originates investigated IP
Pulses info (pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX).
Base Indicator (base_indicator) Essential information about the specific threat or security event which is investigated
False Positive (false_positive) An Array which includes the false positives detected

AlienVault Indicators/List of submitted URLs method

Returns a list of all submitted URLs, along with the status of the submission.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: add_date,url,complete_date
Outputs Description
Results(results) A list with subbmited URLs
Count(count) The number of submitted URLs for investigation

AlienVault Indicators/List of submitted Files method

Returns a list of all submitted files, along with the status of the submission.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: add_date,sha256,complete_date
Outputs Description
Result(result) The result of analysis

APIVoid

APIVoid/Query ThreatLog method

This API lets you query ThreatLog.com database of malicious domains.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Outputs Description
Data (Data) The result of the API call
Credits Remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/IP Reputation method

This API lets you check the reputation and geolocation of an IPv4 address.Additionally the API also detects public proxy, web proxy, Tor and VPN IP addresses.

Inputs Description
Token (is required) Your APIVoids API key
IP (is required) IPv4 address to submit
Exclude Engines List of comma-separated engines to exclude
Spamhaus Key Your Spamhaus ZEN DQS key, this will enable Spamhaus engine
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain Reputation method

This API lets you check if a domain name is blacklisted by trusted sources.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Exclude Engines List of comma-separated engines to exclude
Spamhaus Key Your Spamhaus DBL DQS key, this will enable Spamhaus engine
Outputs Description
Data (data) The result of the API call
Credits Remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Take Screenshot method

This API lets you take high-quality screenshots of any web page and URL.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
Format Image format, can be png or jpg
Full Page Lets you take a full page screenshot
Viewport Width Lets you change browser viewport width in pixels
Viewport Height Lets you change browser viewport height in pixels
Image Width Lets you change the thumbnail image width in pixels
Image Height Lets you change the thumbnail image height in pixels
User Agent Lets you change the browser user agent string, must be encoded
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Disable JavaScript Lets you disable JavaScript
Disable Pop-ups Lets you disable alerts, prompts and confirmation dialogs
Disable Images Lets you disable loading of images
Disable Ads Lets you disable advertisements
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/URL Reputation method

This API can help you identify potentially unsafe and phishing URLs.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
User Agent Lets you change the browser user agent string, must be encoded
Referer Lets you change the referer URL
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain Age method

This API lets you get domain registration date and domain age in days.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Timeout Set a custom timeout in seconds, can be from 5 to 30 seconds
Cache Only Get data only from cache (if present) for faster response
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Check Site method

This API provides you important details about a website to check if it is legit.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain Name Availability method

This API lets you check if a domain name is parked/for sale.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/URL Status Check method

This API lets you check if an URL is online or offline (down or not accessible).

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) Host to submitURL to submit, must be encoded
User Agent Lets you change the browser user agent string, must be encoded
Referer Lets you change the referer URL
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain DNS Propagation method

This API lets you check if DNS records of a domain have propagated globally.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
DNS Type (is required) DNS type
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if notOutputs

APIVoid/Capture HTML Page method

This API lets you capture the HTML page source after JavaScript has been executed.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/SSL Info method

This API provides you details about a websites SSL certificate.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit, i.e google.com
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Check Email method

This API provides you useful information about an email address.

Inputs Description
Token (is required) Your APIVoids API key
Email (is required) Email to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Hosted Domains hosted on the same IP method

This API lets you find a list of domains hosted on the same IPv4 address.

Inputs Description
Token (is required) Your APIVoids API key
IP (is required) IPv4 address to submit
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Outputs Description
Success (success) True if the API call is successfully executed, false if not

APIVoid/Check SPF method

This API lets you check and validate SPF record of any domain.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
IP IPv4 or IPv6 address you want to check if it is authorized to send emails
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/HTTP Request Checker method

This API lets you check HTTP requests made by an URL or a website.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
User Agent Lets you change the browser user agent string, must be encoded
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/URL to PDF Conversion method

This API lets you convert an URL into a high-quality PDF document.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain DNS Records method

This API lets you easily get DNS records of domain names.

Inputs Description
Token (is required) Your APIVoids API key
Action (is required) DNS lookup type, can be dns-a, dns-aaaa, dns-mx, dns-ns, dns-dmarc, dns-ptr, dns-txt, dns-any, dns-cname, dns-soa, dns-srv, dns-caa
Host (is required) Host to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

Blocklist.de

Blocklist.de/Return all IP from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Return All SSH IPs from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Return All Mails IPs from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Return All Apache IPs from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Last Added IP Addresses method

Get only the last added IP Addresses.

Inputs Description
Token (is required) To use the Blocklist.de API, you must have an API key
Time (is required) The hour you want to see the last added IPs in the last 48 hours
Outputs Description
values(values) The results of the API call

Blocklist.de/Last Added IP Addresses and Reports method

The API can currently only issue attacks and reports per user, server or ip-address.

Inputs Description
Token (is required) To use the Blocklist.de API, you must have an API key
IP (is required) IP-Address to check the Attacks
Server ID of the server to query
Email E-mail address of the user
Start Start time as a Unix timestamp if the number is passed one is being sought for the first time
End Should end as a Unix timestamp, to find where (End of Time-List)
Format Output format: text (default, two rows), php (serialized), xml (xml file), json (json encoded)
Outputs Description
values(values) The results of the API call

BOTVRIJ.EU

Botvreij.eu MISP OSINT/Open Source IOCs method

Botvrij.eu provides different sets of open source IOCs that you can use in your security devices to detect possible malicious activity.

Inputs Description
Data Type (is required) The dataset you want to access
Outputs Description
raw_encoded(raw_encoded) The results of the API call

CheckPhish

CheckPhish/URL Scan Submission method

Submit URL for Scan.

Inputs Description
Token (is required) To use the CheckPhish API, you must have an API key
URL (is required) The URL which is submitted for analysis
Outputs Description
Job ID(jobID) jobID of the scan
Timestamp(timestamp) Timestamp of when the scan the submission of report started

CheckPhish/Scan Results Retrieval method

Get API results from scan.

Inputs Description
Token (is required) To use the CheckPhish API, you must have an API key
Job ID (is required) This parameter is used to identify the report of the URL submitted
Insights Additional details for report
Outputs Description
Job ID (jobID) jobID of the scan
Timestamp (timestamp) Timestamp of when the scan of report was finalised
Status (status) Status of whether the job has completed. Returns DONE when completed
URL (url) URL submitted for scanning
URL SHA256 (url_sha256) SHA256 of the url submitted for scanning
Disposition (disposition) The list of dispositions can be found below
Brand (brand) Brand being targeted by the URL
Insights (insights) insights link
Resolved (resolved) True if the URL resolved. Else False
Screenshot Path (screenshot_path) Storage location of the screenshot for the scan
Error (error) False if the API call execution successfully, otherwise true

Checkpoint Management API

Checkpoint Management API/Login with Credentials method

Log in to the server with username and password. The server shows your session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request.

Inputs Description
User (is required) Administrator user name.
Password (is required) Administrator password.
Server (is required) Server Address
Port (is required) Web Port
Continue Last Session When continue-last-session is set to True, the new session would continue where the last session was stopped. This option is available when the administrator has only one session that can be continued. If there is more than one session, see switch-session API.
Domain Use domain to login to specific domain. Domain can be identified by name or UID.
Enter Last Published Session Login to the last published session. Such login is done with the Read Only permissions.
New Password Administrator new password. Can only be used for first login, when the administrator password must be changed.
Read Only Login with Read Only permissions. This parameter is not considered in case continue-last-session is true.
Session Comments Session comments. Can be viewed only using the show-session API.
Session Description A description of the sessions purpose.
Session Name Session unique name.
Session Timeout general: General metadata about the Correlation Rule
Outputs Description
SID (sid) Session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Disk Space Message (disk_space_message) Information about the available disk space on the management server
Last Login (last_login_was_at) Timestamp when administrator last accessed the management server
Login Message (login_message) Login message
Read Only (read_only) True if this session is read only
Session Timeout (session_timeout) Session expiration timeout in seconds
Standby (standby) True if this management server is in the standby mode
UID (uid) Session object unique identifier. This identifier may be used in the discard API to discard changes that were made in this session, when administrator is working from another session, or in the switch-session API
URL (url) URL that was used to reach the API server

Checkpoint Management API/Login with API Key method

Log in to the server with username and password. The server shows your session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request.

Inputs Description
API Key (is required) Administrator API key. When using api-key, there is no need to send user/password parameters.
Server (is required) Server Address
Port (is required) Web Port
Continue Last Session When continue-last-session is set to True, the new session would continue where the last session was stopped. This option is available when the administrator has only one session that can be continued. If there is more than one session, see switch-session API.
Domain Use domain to login to specific domain. Domain can be identified by name or UID.
Enter Last Published Session Login to the last published session. Such login is done with the Read Only permissions.
New Password Administrator new password. Can only be used for first login, when the administrator password must be changed.
Read Only Login with Read Only permissions. This parameter is not considered in case continue-last-session is true.
Session Comments Session comments. Can be viewed only using the show-session API.
Session Description A description of the sessions purpose.
Session Name Session unique name.
Session Timeout general: General metadata about the Correlation Rule
Outputs Description
SID (sid) Session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Disk Space Message (disk_space_message) Information about the available disk space on the management server
Last Login (last_login_was_at) Timestamp when administrator last accessed the management server
Login Message (login_message) Login message
Read Only (read_only) True if this session is read only
Session Timeout (session_timeout) Session expiration timeout in seconds
Standby (standby) True if this management server is in the standby mode
UID (uid) Session object unique identifier. This identifier may be used in the discard API to discard changes that were made in this session, when administrator is working from another session, or in the switch-session API
URL (url) URL that was used to reach the API server

Checkpoint Management API/Publish method

All the changes done by this user will be seen by all users only after publish is called.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
UID Session unique identifier. Specify it to publish a different session than the one you currently use
Outputs Description
Task ID (task_id) Publish task UID. Use show-task command to check the progress of the task

Checkpoint Management API/Discard method

All changes done by user are discarded and removed from database.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
UID Session unique identifier. Specify it to discard a different session than the one you currently use
Outputs Description
Message (message) Publish task UID. Use show-task command to check the progress of the task
Number of discarded changes (number_of_discarded_changes) Publish task UID. Use show-task command to check the progress of the task

Checkpoint Management API/Logout method

Log out from the current session. After logging out the session id is not valid any more.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
Outputs Description
Message (message) Operation status

Checkpoint Management API/Disconnect method

Disconnect a private session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
UID (is required) Session unique identifier
Discard Discard all changes committed during the session
Outputs Description
Message (message) Operation status

Checkpoint Management API/Keep Alive method

Keep the session valid/alive.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
Outputs Description
Message (message) Operation status

Checkpoint Management API/Login to Domain method

Login from MDS to other domain.This command is available only after logging in to the System Data domain.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Domain (is required) Domain identified by the name or UID
Continue Last Session When continue-last-session is set to True, the new session would continue where the last session was stopped. This option is available when the administrator has only one session that can be continued. If there is more than one session, see switch-session API
Read Only Login with Read Only permissions. This parameter is not considered in case continue-last-session is true
Outputs Description
SID (sid) Session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request
API Server Version (api_server_version) API Server version
Disk Space Message (disk_space_message) Information about the available disk space on the management server
Last Login (last_login_was_at) Timestamp when administrator last accessed the management server
Login Message (login_message) Login message
Read Only (read_only) True if this session is read only.
Session Timeout (session_timeout) Session expiration timeout in seconds
Standby (standby) True if this management server is in the standby mode
UID (uid) Session object unique identifier. This identifier may be used in the discard API to discard changes that were made in this session, when administrator is working from another session, or in the switch-session API
URL (url) URL that was used to reach the API server

Checkpoint Management API/Revert to Revision method

Revert the Management Database to the selected revision.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
To session Session unique identifier. Specify the session id you would like to revert your database to
Outputs Description
Task ID (task_id) Asynchronous task unique identifier. Use show-task command to check the progress of the task

Checkpoint Management API/Set Session method

Edit users current session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Description Session description
Tags Collection of tag identifiers
Color Color of the object. Should be one of existing colors
Comments Comments string
Ignore Warnings Apply changes ignoring warnings
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored
Outputs Description
Name (name) Object name. Must be unique in the domain
UID (uid) Object unique identifier
Application (application) The name of the application serving the Management API requests.
Changes (changes) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Connected Server (connected_server) The server which the user is currently connected to.
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Session (expired_session) True if the session is expired.
In Work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login Time (last_login_time) Session description
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Phone Number (phone_number) Administrator phone number.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Username (user_name) The name of the logged in user.
Workflow History (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Domain (domain) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Icon (icon) Object icon.
Meta Info (meta_info) Object metadata.
Read Only (read_only) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Show Session method

Show session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Session unique identifier
Detailed Admin Info Session unique identifier. Specify the session id you would like to revert your database to
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier
Type (type) Object type
Administrator (administrator) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Application (application) The name of the application serving the Management API requests
Changes (changes) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Connected Server (connected_server) The server which the user is currently connected to
Connection Mode (connection_mode) Session connection mode
Description (description) Session description
Email (email) Administrator email
Expired Sessions (expired_session) True if the session is expired
In work (in_work) True if the session is in work state
IP Address (ip_address) IP address from which the session was initiated
Last Login Time (last_login_time) Session description
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server
Locks (locks) Number of locked objects
Phone Number (phone_number) Administrator phone number
Publish Time (publish_time) Timestamp when user published changes on the management server
Session Timeout (session_timeout) Session expiration timeout in seconds
State (state) Session state
Tags (tags) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Username (user_name) The name of the logged in user
Workflow History (workflow_history) Show details per each workflow action
Workflow State (workflow_state) Workflow session state
Color (color) Color of the object. Should be one of existing colors
Comments (comments) Comments string
Domain (domain) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Icon (icon) Object icon
Meta Info (meta_info) Object metadata
Read Only (read_only) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Available Actions (available_actions) Actions that are available on the object

Checkpoint Management API/Switch Session method

Switch to a disconnected Management API session of the same administrator. To switch to an open session or to a session of a different administrator use the take-over session API.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier
Type (type) Object type.
Application (application) The name of the application serving the Management API requests
Changes (changes) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Connected Server (connected_server) The server which the user is currently connected to
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Sessions (expired_session) True if the session is expired.
In work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login Time (last_login_time) Session description
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Phone Number (phone_number) Administrator phone number.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state.
Tags (tags) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Username (user_name) The name of the logged in user.
Workflow History (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Domain (domain) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Icon (icon) Object icon.
Meta Info (meta_info) Object metadata.
Read Only (read_only) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Continue Session in Smartconsole method

Logout from existing session. The session will be continued next time your open SmartConsole. In case uid is not provided, use current session. In order for the session to pass successfully to SmartConsole, make sure you dont have any other active GUI sessions.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Session unique identifier.
Outputs Description
Name (name) Object name. Must be unique in the domain.

Checkpoint Management API/Show Sessions method

Retrieve all objects.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Filter Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The logical operators in the expression (AND, OR) should be provided in capital letters. The search involves both a IP search and a textual search in name, comment, tags etc.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts results by the given field. By default the results are sorted in the descending order by the session publish time.
View Published Sessions Show a list of published sessions.
Details Level he level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
From (from) From which element number the query was done.
Objects (objects) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
To (to) To which element number the query was done.
Total (total) Total number of elements returned by the query.

Checkpoint Management API/Show Last Published Session method

Shows the last published session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application (application) The name of the application serving the Management API requests.
Changes (changes) Number of pending changes.
Connected Server (connected_server) The server which the user is currently connected to.
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Session (expired_session) True if the session is expired.
In Work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login Time (last_login_time) Session description.
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Phone Number (phone_number) Administrator phone number.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Username (user_name) The name of the logged in user.
Workflow history (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Icon (icon) Object icon.
Meta Info (meta_info) Object metadata.
Read Only (read_only) Indicates whether the object is read-only.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Assign Session method

Assign a session ownership to another administrator.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Administrator Name Assignee administrator name. Specify it to assign a session to another administrator.
UID Session unique identifier. Specify it to assign a different session than the one you currently use.
Disconnect Active Session Allows assignment of an active session, currently executed by another administrator.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Take Over Session method

Take ownership of another session and start working on it.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Disconnect Active Session Allows taking over of an active session, currently executed by another administrator.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application (application) The name of the application serving the Management API requests.
Changes (changes) Number of pending changes.
Connected Server (connected_server) The server which the user is currently connected to.
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Session (expired_session) True if the session is expired.
In Work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login time (last_login_time) Session description.
Last Logout (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Username (user_name) The name of the logged in user.
Workflow History (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.

Checkpoint Management API/Purge Published Sessions method

Permanently deletes all data which belongs to the published sessions not selected for preservation. This operation is irreversible.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Number of sessions to preserve The number of newest sessions to preserve, by the sessionss publish date. Number of sessions to preserve or Preserve to date is REQUIRED!
Preserve to date The date until which sessions are preserved, by the sessionss publish date. ISO 8601. If timezone isnt specified in the input, the Management servers timezone is used. Number of sessions to preserve or Preserve to date is REQUIRED!
Outputs Description
Task ID (task_id) Asynchronous task unique identifier. Use show-task command to check the progress of the task.

Checkpoint Management API/Submit Session method

Workflow feature - Submit the session for approval.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Session unique identifier.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Approve Session method

Workflow feature - Approve and Publish the session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Reject Session method

Workflow feature - Return the session to the submitter administrator.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Comments (is required) Reject justification.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Show Login Message method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Details Lever The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Type (type) Object type.
Header (header) Login message header
Message (message) Login message body.
Show Message (show_message) Whether to show login message.
Warning (warning) Add warning sign.
Domain (domain) Information about the domain that holds the Object.

Checkpoint Management API/Set Login Message method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Header Login message header.
Message Login message body.
Show Message Whether to show login message.
Warning Add warning sign.
Details Lever The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Type (type) Object type.
Header (header) Login message header
Message (message) Login message body.
Show Message (show_message) Whether to show login message.
Warning (warning) Add warning sign.
Domain (domain) Information about the domain that holds the Object

Checkpoint Management API/Set Login Purge method

Set Automatic Purge. NOTE! this command will permanently delete all of the data which belongs to the published sessions not selected for preservation. In Multi-Domain Server, it should be done for each domain.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Enabled (is required) Login message header.
Keep sessions by count Whether or not to keep the latest N sessions. Note: when the automatic purge feature is enabled, this field and/or the keep-sessions-by-date field must be set to true.
Number of sessions to keep When keep-sessions-by-count = true this sets the number of newest sessions to preserve, by the sessionss publish date.
Keep sessions by days Whether or not to keep the sessions for D days. Note: when the automatic purge feature is enabled, this field and/or the keep-sessions-by-count field must be set to true.
Number of days keep When keep-sessions-by-days = true this sets the number of days to keep the sessions.
Scheduling When to purge sessions that do not meet the keep criteria. Note: when the automatic purge feature is enabled, this field must be set.
Outputs Description
Enabled (enabled) Turn on/off the automatic-purge feature.
Keep session by count (keep_sessions_by_count) Whether or not to keep the latest N sessions.
Number of sessions to keep (number_of_sessions_to_keep) The number of newest sessions to preserve, by the sessionss publish date.
Keep sessions by days (keep_sessions_by_days) Whether or not to keep the sessions for D days.
Number of days to keep (number_of_days_to_keep) When keep-sessions-by-days = true this sets the number of days to keep the sessions.
Scheduling (scheduling) When to purge sessions that do not meet the keep criteria.

Checkpoint Management API/Show Automatic Purge method

Show Automatic Purge.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Outputs Description
Enabled (enabled) Turn on/off the automatic-purge feature.
Keep session by count (keep_sessions_by_count) Whether or not to keep the latest N sessions.
Number of sessions to keep (number_of_sessions_to_keep) The number of newest sessions to preserve, by the sessionss publish date.
Keep sessions by days (keep_sessions_by_days) Whether or not to keep the sessions for D days.
Number of days to keep (number_of_days_to_keep) When keep-sessions-by-days = true this sets the number of days to keep the sessions.
Scheduling (scheduling) When to purge sessions that do not meet the keep criteria.

Checkpoint Management API/Show Logs method

Showing logs according to the given filter.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
New Query Running a new query.
Query ID Get the next page of last run query with specified limit.
Ignore Warnings Ignore warnings if exist
Outputs Description
Incidents (incidents) Incident object when error or warning occur.
Logs (logs) Logs result.
Logs Count (logs_count) Number of logs in the result.
Query ID (query_id) Get the next page of last run query with specified limit.
Tops (tops) Tops result.
Tops Count (tops_count) Total logs in top response.

Checkpoint Management API/Set Access Rule method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Must be unique in the domain. Name or UID or Rule Number is REQUIRED!
UID Object unique identifier. Name or UID or Rule Number is REQUIRED!
Rule Number Rule number. Name or UID or Rule Number is REQUIRED!
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Action Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer.
Action settings Action settings.
Content List of processed file types that this rule applies on.
Content Direction On which direction the file types processing is applied.
Content Negate True if negate is set for data.
Custom Fields Custom fields.
Destination Collection of Network objects identified by the name or UID.
Destination Negate True if negate is set for destination.
Enabled Enable/Disable the rule.
Inline Layer Inline Layer identified by the name or UID. Relevant only if Action was set to Apply Layer.
Install on Which Gateways identified by the name or UID to install the policy on.
New Name The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
New position New position in the rulebase.
Service Collection of Network objects identified by the name or UID.
Service negate True if negate is set for service.
Service resource Resource of the service identified by the name or UID. When a service-resource exists, the service parameter should contains exactly one service element.
Source Collection of Network objects identified by the name or UID.
Source negate True if negate is set for source.
Tags Collection of tag objects identified by the name or UID.
Time List of time objects. For example: Weekend, Off-Work, Every-Day.
Track Track Settings.
User check UserCheck settings.
VPN Communities or Directional.
Comments Comments string.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Action (action) Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Action Settings (action_settings) Action settings.
Content (content) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Content Direction (content_direction) On which direction the file types processing is applied.
Content Negate (content_negate) True if negate is set for data.
Custom Fields (custom_fields) Custom fields.
Destination (destination) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Destination Negate (destination_negate) True if negate is set for destination.
Destination Ranges (destination_ranges) Displays the destination as ranges of IP addresses, in case show-as-ranges is set to true.In this case, destination and destination-negate parameters are omitted.
Enabled (enabled) Enable/Disable the rule.
Expiration Settings (expiration_settings) Displays the expiration date settings.
Hits (hits) Hits count object.
Inline Layer (inline_layer) Inline Layer identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Layer (layer)
Service (service) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Service Negate (service_negate) True if negate is set for service.
Service Ranges (service_ranges) Displays the services and applications as ranges of port numbers, in case show-as-ranges is set to true.In this case, service and service-negate parameters are omitted.
Service Resource (service_resource) Resource of the service.
Source (source) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Source Negate (source_negate) True if negate is set for source.
Source Ranges (source_ranges) Displays the source as ranges of IP addresses, in case show-as-ranges is set to true.In this case, source and source-negate parameters are omitted.
Tags (tags) Collection of tag objects identified by the name or UID
Time (time) List of time objects. For example: Weekend, Off-Work, Every-Day. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Track (track) Track Settings.
User Check (user_check) UserCheck settings.
VPN (vpn) VPN settings. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Show Access Rulebase method

Shows the entire Access Rules layer. This layer is divided into sections. An Access Rule may be within a section, or independent of a section (in which case it is said to be under the global section). The reply features a list of objects. Each object may be a section of the layer, with all its rules in, or a rule itself, for the case of rules which are under the global section. An optional filter field may be added in order to filter out only those rules that match a search criteria.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Must be unique in the domain. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Filter Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical operators in the expression (AND, OR) should be provided in capital letters. If an operator is not used, the default OR operator applies.
Filter Settings Sets filter preferences.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
Package Name of the package.
Show as ranges When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than network objects.Objects that are not represented using IP addresses or port numbers are presented as objects.In addition, the response of each rule does not contain the parameters: source, source-negate, destination, destination-negate, service and service-negate, but instead it contains the parameters: source-ranges, destination-ranges and service-ranges.Note: Requesting to show rules as ranges is limited up to 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request.
Show expiration settings Indicates whether to calculate and show expiration date settings field in reply.
Show hits
User object dictionary
Hits settings
Dereference group members Indicates whether to dereference members field by details level for every object in reply.
Show membership Indicates whether to calculate and show groups field for every object in reply.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Action (action) Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Action Settings (action_settings) Action settings.
Content (content) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Content Direction (content_direction) On which direction the file types processing is applied.
Content Negate (content_negate) True if negate is set for data.
Custom Fields (custom_fields) Custom fields.
Destination (destination) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Destination Negate (destination_negate) True if negate is set for destination.
Destination Ranges (destination_ranges) Displays the destination as ranges of IP addresses, in case show-as-ranges is set to true.In this case, destination and destination-negate parameters are omitted.
Enabled (enabled) Enable/Disable the rule.
Expiration Settings (expiration_settings) Displays the expiration date settings.
Hits (hits) Hits count object.
Inline Layer (inline_layer) Inline Layer identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Layer (layer)
Service (service) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Service Negate (service_negate) True if negate is set for service.
Service Ranges (service_ranges) Displays the services and applications as ranges of port numbers, in case show-as-ranges is set to true.In this case, service and service-negate parameters are omitted.
Service Resource (service_resource) Resource of the service.
Source (source) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Source Negate (source_negate) True if negate is set for source.
Source Ranges (source_ranges) Displays the source as ranges of IP addresses, in case show-as-ranges is set to true.In this case, source and source-negate parameters are omitted.
Tags (tags) Collection of tag objects identified by the name or UID
Time (time) List of time objects. For example: Weekend, Off-Work, Every-Day. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Track (track) Track Settings.
User Check (user_check) UserCheck settings.
VPN (vpn) VPN settings. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Add Access Rule method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Layer Layer that the rule belongs to identified by the name or UID.
Position Position in the rulebase.
Name Rule name.
Action Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer
Action Settings Action settings.
Content List of processed file types that this rule applies on.
Content Direction On which direction the file types processing is applied.
Content Negate True if negate is set for data.
Custom Fields Custom fields.
Destination Collection of Network objects identified by the name or UID.
Destination Negate True if negate is set for destination.
Enabled Enable/Disable the rule.
Inline Layer Inline Layer identified by the name or UID. Relevant only if Action was set to Apply Layer
Install On Which Gateways identified by the name or UID to install the policy on.
Service Collection of Network objects identified by the name or UID.
Service Negate True if negate is set for service.
Service Resource Resource of the service identified by the name or UID. When a service-resource exists, the service parameter should contains exactly one service element.
Source Collection of Network objects identified by the name or UID.
Source Negate True if negate is set for source.
Tags Collection of tag objects identified by the name or UID.
Time List of time objects. For example: Weekend, Off-Work, Every-Day.
Track Track Settings.
User Check UserCheck settings.
VPN Communities or Directional.
Comments Comments string.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
From (from) From which element number the query was done.
Object Dictionary (objects_dictionary) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Rulebase (rulebase)
To (to) To which element number the query was done.
Total (total) Total number of elements returned by the query.

Checkpoint Management API/Delete Access Rule method

Delete existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name.
UID Object unique identifier.
Rule Number (is required) Rule number.
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Message (message) Object name. Must be unique in the domain.

Checkpoint Management API/Add Access Section method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Position (is required) Position in the rulebase
Tags Collection of tag objects identified by the name or UID.
Name Object name. Must be unique in the domain.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.

Checkpoint Management API/Show Access Section method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Name REQUIRED
Name Object name. UID or Name REQUIRED
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Set Access Section method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Name REQUIRED
Name Object name. UID or Name REQUIRED
Layer (is required) Layer that the rule belongs to identified by the name or UID.
New name New name of the object.
Tags Collection of tag objects identified by the name or UID.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Delete Access Section method

Delete existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Name REQUIRED
Name Object name. UID or Name REQUIRED
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Add Access Layer method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name (is required) Object name. Must be unique in the domain.
Add default rule Indicates whether to include a cleanup rule in the new layer.
Applications and URL filtering Whether to enable Applications & URL Filtering blade on the layer.
Content Awareness Whether to enable Content Awareness blade on the layer.
Detect using x forward for Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
Firewall Whether to enable Firewall blade on the layer.
Implicit cleanup action The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile access Whether to enable Mobile Access blade on the layer.
Shared Whether this layer is shared.
Tags Collection of tag identifiers.
Color Color of the object. Should be one of existing colors.
Comments Comments string.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Show Access Layer method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application and URL filtering (applications_and_url_filtering) Whether Applications & URL Filtering blade is enabled on this layer.
Content Awareness (content_awareness) Whether Content Awareness blade is enabled on this layer.
Detect using x forward for (detect_using_x_forward_for) Whether X-Forward-For HTTP header is been used.
Firewall (firewall) Whether Firewall blade is enabled on this layer.
Implicit cleanup action (implicit_cleanup_action) The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile access (mobile_access) Whether Mobile Access blade is enabled on this layer.
Parent layer (parent_layer) Parent layer of this layer.
Shared (shared) Whether this layer is shared.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Message (message) Operation status.
Domain (domain) Information about the domain that holds the Object.
Icon (icon) Object icon.
Meta info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Set Access Layer method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Application and URL filtering Whether to enable Applications & URL Filtering blade on the layer.
Content Awareness Whether to enable Content Awareness blade on the layer.
Detect using x forward for Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
Firewall Whether to enable Firewall blade on the layer.
Implicit cleanup action The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile Access Whether to enable Mobile Access blade on the layer.
New Name New name of the object.
Shared Whether this layer is shared.
Tags Collection of tag identifiers.
Color Color of the object. Should be one of existing colors.
Comments The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application and URL filtering (applications_and_url_filtering) Whether Applications & URL Filtering blade is enabled on this layer.
Content Awareness (content_awareness) Whether Content Awareness blade is enabled on this layer.
Detect using x forward for (detect_using_x_forward_for) Whether X-Forward-For HTTP header is been used.
Firewall (firewall) Whether Firewall blade is enabled on this layer.
Implicit cleanup action (implicit_cleanup_action) The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile access (mobile_access) Whether Mobile Access blade is enabled on this layer.
Parent layer (parent_layer) Parent layer of this layer.
Shared (shared) Whether this layer is shared.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Message (message) Operation status.
Domain (domain) Information about the domain that holds the Object.
Icon (icon) Object icon.
Meta info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Delete Access Layer method

Delete existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Show Access Layers method

Retrieve all objects.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Filter Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The logical operators in the expression (AND, OR) should be provided in capital letters. The search involves both a IP search and a textual search in name, comment, tags etc.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Domain to process Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are: CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
Outputs Description
Access Layers (access_layers) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
From (from) From which element number the query was done.
To (to) Operation status.
Total (total) Total number of elements returned by the query.

Checkpoint Management API/Clone Access Layer method

Clone access layer using layer name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name The name of the layer to be cloned.
UID The uid of the layer to be cloned.
New name The name of the cloned layer.
Outputs Description
Task ID (task_id) Asynchronous task unique identifier. Use show-task command to check the progress of the task.

Checkpoint Management API/Show Nat Rulebase method

Shows the entire NAT Rules layer. This layer is divided into sections. A NAT Rule may be within a section, or independent of a section (in which case it is said to be under the global section). There are two types of sections: auto generated read only sections and general sections which are created manually. The reply features a list of objects. Each object may be a section of the layer, within which its rules may be found, or a rule itself, for the case of rules which are under the global section. An optional filter field may be added in order to filter out only those rules that match a search criteria.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Package (is required) Name of the package
Filter Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical operators in the expression (AND, OR) should be provided in capital letters. If an operator is not used, the default OR operator applies.
Filter Settings Sets filter preferences.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
Use Object Dictionary
Dereference Group Members Indicates whether to dereference members field by details level for every object in reply.
Show membership Indicates whether to calculate and show groups field for every object in reply.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
From (from) From which element number the query was done.
Objects Dictionary (objects_dictionary) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Rulebase (rulebase)
To (to) To which element number the query was done.
Total (total) Total number of elements returned by the query

Checkpoint Management API/Add Nat Rule method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Package (is required) Name of the package.
Position (is required) Position in the rulebase.
Name Rule name.
Enabled Enable/Disable the rule.
Install on Which Gateways identified by the name or UID to install the policy on.
Method Nat method.
Original Destination Original destination.
Original Service Original service.
Original Source Original source.
Tags Collection of tag objects identified by the name or UID.
Translated Destination Translated destination.
Translated Service Translated service.
Translated Source Translated source.
Comments Comments string.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Auto generated (auto_generated)
Enabled (enabled) Enable/Disable the rule.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Method (method) Nat method.
Original destination (original_destination) Original destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original service (original_service) Original service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original source (original_source) Original source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Package (package)
Tags (tags) Collection of tag objects identified by the name or UID.
Translated destination (translated_destination) Translated destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated service (translated_service) Translated service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated source (translated_source) Translated source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Show Nat Rule method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Rule number or Name is REQUIRED!
Rule number Rule number. UID or Rule number or Name is REQUIRED!
Name Rule name. UID or Rule number or Name is REQUIRED!
Package (is required) Name of the package.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Auto generated (auto_generated)
Enabled (enabled) Enable/Disable the rule.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Method (method) Nat method.
Original destination (original_destination) Original destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original service (original_service) Original service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original source (original_source) Original source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Package (package)
Tags (tags) Collection of tag objects identified by the name or UID.
Translated destination (translated_destination) Translated destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated service (translated_service) Translated service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated source (translated_source) Translated source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Set Nat Rule method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Rule number or Name is REQUIRED!
Rule number Rule number. UID or Rule number or Name is REQUIRED!
Name Rule name. UID or Rule number or Name is REQUIRED!
Package (is required) Name of the package.
Enabled Enable/Disable the rule.
Install on Which Gateways identified by the name or UID to install the policy on.
Method Nat method.
New name New name of the object.
New position New position in the rulebase.
Original destination Original destination.
Original service Original service.
Original source The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Tags The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Translated destination The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Translated service The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Translated source The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Comments The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore errors The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Auto generated (auto_generated)
Enabled (enabled) Enable/Disable the rule.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Method (method) Nat method.
Original destination (original_destination) Original destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original service (original_service) Original service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original source (original_source) Original source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Package (package)
Tags (tags) Collection of tag objects identified by the name or UID.
Translated destination (translated_destination) Translated destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated service (translated_service) Translated service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated source (translated_source) Translated source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Add Nat Section method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Package (is required) Name of the package.
Position (is required) Position in the rulebase.
Name Object name. Must be unique in the domain.
Tags Collection of tag objects identified by the name or UID.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available actions (available_actions) Actions that are available on the object.

Cymon

Cymon/Username and Password Authentication for JWT Generation method

Authenticate with username and password to get a JSON Web Token.

Inputs Description
Username (is required) The Username which is used to create JSON Web Token
Password (is required) The Password which is used to create JSON Web Token
Outputs Description
JWT(jwt) JSON Web Token
Message(message) Success message

Cymon/Search by IP Address method

Search threat reports by IP address (IPv4 and IPv6).

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
IP (is required) The query value (IP) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total(total) Total number of objects in database for query
From(from) The query offset value
Size(size) The query limit value for how many objects to return
Hits(hits) The threat reports searched by IP address

Cymon/Search by Domain method

Search threat reports by domain name.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Domain (is required) The query value (domain) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by Hostname method

Search threat reports by hostname.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Hostname (is required) The query value (hostname) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/MD5 Hash Threat Reports Search method

Search threat reports by MD5 hash.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
MD5 (is required) The query value (MD5) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by SHA1 Hash method

Search threat reports by SHA1 hash.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
SHA1 (is required) The query value (sha1) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by SHA256 Hash method

Search threat reports by SHA256 hash.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
SHA256 (is required) The query value(SHA256) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
From (from) The query offset value
Total (total) Total number of objects in database for query
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by Term method

Search threat reports by a term.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Term (is required) The query value(term) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by Feed ID method

Get threat reports in a feed.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) The query value(Feed ID) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Paginated Feeds List method

Get paginated list of feeds.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
From The offset to use for pagination
Privacy Return list of private or public feeds
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Feeds (feeds) A list of searched feeds

Cymon/Feed Details method

Get feed object.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) ID of the Feed
Outputs Description
ID (id) Feed ID
Name (name) Feed name
Slug (slug) URL-friendly slug
Description (description) Feed description tex
Tags (tags) List of tags to categorize and help others find this feed
Link (link) URL for blog or website where users can learn more about this feed
TOS (tos) Terms of Use for this feed
Privacy (privacy) Can be set to either private or public (default)
Is Owner (is_owner) Boolean indicating if current user owns this feed
Is Admin (is_admin) Boolean indicating if current user can administer this feed
Is Member (is_member) Boolean indicating if current user can contribute to this fee
Is guest (is_guest) Boolean indicating if current user can read from this feed

Cymon/Paginated User Feeds List method

Get paginated list of feeds that user has access to.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Feeds (feeds) A list of searched feeds

Cymon/Threat Report Retrieval from Feed method

Get threat report from feed.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) ID of the Feed
Report ID (is required) ID of the report
Outputs Description
Feed (feed) Feed details
Report (report) The reports from feed

Cymon/Feed Creation method

Create a new feed for threat reports.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Name (is required) Feed name
Link (is required) URL for blog or website where users can learn more about this feed
Terms of Use Terms of Use for this feed
Logo URL for small thumbnail for this feed (must be hosted on imgur CDN)
Privacy (is required) Can be set to either private or public (default)
Tags List of tags to categorize and help others find this feed
Outputs Description
Message (message) Success message
Feed (feed) Feed details

Cymon/Feed Details Update method

Update details of an existing feed.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) The ID of the Feed which will be updated
Link URL for blog or website where users can learn more about this feed
Terms of Use Terms of Use for this feed
Logo URL for small thumbnail for this feed (must be hosted on imgur CDN)
Privacy Can be set to either private or public (default)
Tags List of tags to categorize and help others find this feed
Admins List of usernames that have update, post, and read permissions to this feed
Members List of usernames that have post and read permissions to this feed
Guests List of usernames that have read permission to this feed
Outputs Description
Message (message) Success message
Feed (feed) Feed details

Cymon/Threat Report Upload method

Upload a threat report with observables.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID The Feed ID to post this report in
Title Short report title
Description Long technical description
Tags List of tags to categorize and help others find this report
Timestamp An ISO8601 date string for when this IoC was observed
IP IPv4 or IPv6
URL Malicious URL indicator
Hostname Domain with all subdomains
Domain Root domain
MD5 MD5 hash of a malicious binary
SHA1 SHA1 hash of a malicious binary
SHA256 SHA256 hash of a malicious binary
SSDEEP SSDEEP hash of a malicious binary
Outputs Description
Message (message) Success message.
Report (report) Details about submitted report

Cymon/Bulk Threat Report Upload method

Upload multiple threat reports in one request.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Body (is required) The body of this method
Outputs Description
Message(message) Success message
Reports(reports) Details of submitted reports

DShield

DShield/IP Address Information Summary method

Returns a summary of the information our database holds for a particular IP address.

Inputs Description
IP (is required) The IP that is being searched
Outputs Description
IP Results(ip) The results of the API call

DShield/Open Threat Feeds Retrieval method

The DShield server is the source of retrieval for open threat feeds.

Outputs Description
values(values) The results of the API call

Feodo Tracker

FeodoTracker/IP Blocklist Retrieval method

Get IP Blocklist.

Outputs Description
values(values) The results of the API call

FeodoTracker/IoC Retrieval method

Get Indicators of Compromise(IOC).

Outputs Description
values(values) The results of the API call

FeodoTracker/IoC Retrieval Comprehensive method

Feodo Tracker provides a comprehensive list of botnet C2s ever detected. However, due to IP address recycling, there is a higher risk of false positives in this dataset.

Outputs Description
values(values) The results of the API call

GeoIP

GeoIP/Country Informations method

Receives information about the country of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
Continent Details(continent) A JSON object containing information about the continent associated with the IP address.
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/City Informations method

Receives information about the city of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
City Details(city) A JSON object containing details about the city associated with the IP address
Continent Details(continent) A JSON object containing information about the continent associated with the IP address.
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Location Details(location) A JSON object containing specific details about the location associated with the IP address
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Postal Details(postal) A JSON object containing details about the postal code associated with the IP address
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Subdivisions Details(subdivisions) An array of JSON objects. Each of these objects contains details about a subdivision of the country in which the IP address resides. Subdivisions are arranged from largest to smallest.
For instance, the response for Oxford in the United Kingdom would have an object for England as the first element in subdivisions array and an object for Oxfordshire as the second element. The subdivisions array for Minneapolis in the United States will have a single object for Minnesota.
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/Insights method

Receives information about the insights of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
City Details(city) A JSON object containing details about the city associated with the IP address
Continent Details(continent) A JSON object containing information about the continent associated with the IP address
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Location Details(location) A JSON object containing specific details about the location associated with the IP address
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Postal Details(postal) A JSON object containing details about the postal code associated with the IP address
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Subdivisions Details(subdivisions) An array of JSON objects. Each of these objects contains details about a subdivision of the country in which the IP address resides. Subdivisions are arranged from largest to smallest.
For instance, the response for Oxford in the United Kingdom would have an object for England as the first element in subdivisions array and an object for Oxfordshire as the second element. The subdivisions array for Minneapolis in the United States will have a single object for Minnesota.
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/Country Informations Lite method

Receives information about the country of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
Continent Details(continent) A JSON object containing information about the continent associated with the IP address
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/City Informations Lite method

Receives information about the city of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
City Details(city) A JSON object containing details about the city associated with the IP address
Continent Details(continent) A JSON object containing information about the continent associated with the IP address
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Location Details(location) A JSON object containing specific details about the location associated with the IP address
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Postal Details(postal) A JSON object containing details about the postal code associated with the IP address
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Subdivisions Details(subdivisions) An array of JSON objects. Each of these objects contains details about a subdivision of the country in which the IP address resides. Subdivisions are arranged from largest to smallest.
For instance, the response for Oxford in the United Kingdom would have an object for England as the first element in subdivisions array and an object for Oxfordshire as the second element. The subdivisions array for Minneapolis in the United States will have a single object for Minnesota.
Traits Details(traits) A JSON object containing general traits associated with the IP address

Github

Github/Create Organization Repository method

Creates a new repository in the specified organization. The authenticated user must be a member of the organization.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Organisation (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Name (is required) The name of the repository
Description A short description of the repository
Homepage The organization name. The name is not case sensitive.
Private Whether the repository is private
Has Issues Either true to enable issues for this repository or false to disable them
Has projects Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Wiki Either true to enable the wiki for this repository or false to disable it
Has Downloads Whether downloads are enabled
Is template Either true to make this repo available as a template repository or false to prevent it
Team ID The id of the team that will be granted access to this repository. This is only valid when creating a repository in an organization
Auto init Pass true to create an initial commit with empty README
Gitignore Template Desired language or platform .gitignore template to apply
License Template Choose an open source license template that best suits your needs
Allow Squash Merge Either true to allow squash-merging pull requests, or false to prevent squash-merging
Allow Merge Commit Either true to allow merging pull requests with a merge commit, or false to prevent merging pull requests with merge commits
Allow Rebase Merge Either true to allow rebase-merging pull requests, or false to prevent rebase-merging
Allow Auto Merge Either true to allow auto-merge on pull requests, or false to disallow auto-merge
Delete Branch on Merge Either true to allow automatically deleting head branches when pull requests are merged, or false to prevent automatic deletion. The authenticated user must be an organization owner to set this property to true
Use Squash Title as Default Either true to allow squash-merge commits to use pull request title, or false to use commit message. **This property has been deprecated. Please use squash_merge_commit_title instead.
Squash Merge Commit Title The default value for a squash merge commit title:PR_TITLE - default to the pull requests title.COMMIT_OR_PR_TITLE - default to the commits title (if only one commit) or the pull requests title (when more than one commit)
Squash Merge Commit Message The default value for a squash merge commit message:PR_BODY - default to the pull requests body.COMMIT_MESSAGES - default to the branchs commit messages.BLANK - default to a blank commit messagE
Merge Commit Title The default value for a merge commit title.PR_TITLE - default to the pull requests title.MERGE_MESSAGE - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name
Merge Commit Message The default value for a merge commit message.PR_TITLE - default to the pull requests title.PR_BODY - default to the pull requests body.BLANK - default to a blank commit messagE
Outputs Description
Name(name) The name of the organization repository
Full Name(full_name) The full name of the organization repository
Private(private) True if the repository is private, otherwise is false
Owner Login Name(owner_login) The owner login name
Visibility(visibility) The visibility of the repository ( public or private)
Default Branch(default_branch) The name of the default branch
Organization Login Name(organization_login) The organization login name

Github/Create Repository Using Template method

Creates a new repository using a repository template.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Template Owner (is required) The account owner of the template
Template Repo (is required) The name of the repository without the .git extension
Name (is required) The name of the repository
Private Either true to create a new private repository or false to create a new public one
Owner The organization or person who will own the new repository. To create a new repository in an organization, the authenticated user must be a member of the specified organization
Description A short description of the new repository
Include all Branches The name of the new repository
Outputs Description
Name(name) The name of repository template
Full Name(full_name) The full name of repository template
Private(private) True if the repository is private, otherwise is false
Description(description) The description of the templetate repository
Visibility(visibility) The visibility of the repository ( public or private)
Default Branch(default_branch) The name of the default branch
Organization Login Name(organization_login) The organization login name
Has Issues(has_issues) Either true to enable issues for this repository or false to disable them
Has Projects(has_projects) Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Downloads(has_downloads) Whether downloads are enabled
Has Wiki(has_wiki) Either true to enable the wiki for this repository or false to disable it
Has Pages(has_pages) True if the repository has pages, otherwise false
Has Discussions(has_discussions) True if the repository has discussions
Allow Forking(allow_forking) True if the repository allows forking

Github/List Repositories for a User method

Lists public repositories for the specified user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Username (is required) The handle for the GitHub user account
Type Limit results to repositories of the specified type
Sort The property to sort the results by
Direction The order to sort by. Default: asc when using full_name, otherwise desc.
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/List Repositories Authenticated User method

Lists repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Type Limit results to repositories of the specified type
Sort The property to sort the results by
Direction The order to sort by. Default: asc when using full_name, otherwise desc.
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Visibility Limit results to repositories with the specified visibility
Affiliation Comma-separated list of values. Can include:owner: Repositories that are owned by the authenticated user.collaborator: Repositories that the user has been added to as a collaborator.organization_member: Repositories that the user has access to through being a member of an organization. This includes every repository on every team that the user is on
Since Only show repositories updated after the given time
Before Only show repositories updated before the given time
Outputs Description
values(values) The results of the API call

Github/Update Repository method

Update he repository given by user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Name The name of the repository
Organisation The organization name. The name is not case sensitive
Description A short description of the repository
Homepage The organization name. The name is not case sensitive
Private Whether the repository is private
Has Issues Either true to enable issues for this repository or false to disable them
Has projects Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Wiki Either true to enable the wiki for this repository or false to disable it
Has Downloads Whether downloads are enabled
Is template Either true to make this repo available as a template repository or false to prevent it.
Team ID The id of the team that will be granted access to this repository. This is only valid when creating a repository in an organization
Auto init Pass true to create an initial commit with empty README
Gitignore Template Desired language or platform .gitignore template to apply
License Template Choose an open source license template that best suits your needs
Allow Squash Merge Either true to allow squash-merging pull requests, or false to prevent squash-merging
Allow Merge Commit Either true to allow merging pull requests with a merge commit, or false to prevent merging pull requests with merge commits
Allow Rebase Merge Either true to allow rebase-merging pull requests, or false to prevent rebase-merging
Allow Auto Merge Either true to allow auto-merge on pull requests, or false to disallow auto-merge
Delete Branch on Merge Either true to allow automatically deleting head branches when pull requests are merged, or false to prevent automatic deletion. The authenticated user must be an organization owner to set this property to true
Use Squash Title as Default Either true to allow squash-merge commits to use pull request title, or false to use commit message. **This property has been deprecated. Please use squash_merge_commit_title instead
Squash Merge Commit Title The default value for a squash merge commit title:PR_TITLE - default to the pull requests title.COMMIT_OR_PR_TITLE - default to the commits title (if only one commit) or the pull requests title (when more than one commit)
Squash Merge Commit Message The default value for a squash merge commit message:PR_BODY - default to the pull requests body.COMMIT_MESSAGES - default to the branchs commit messages.BLANK - default to a blank commit message
Merge Commit Title The default value for a merge commit title.PR_TITLE - default to the pull requests title.MERGE_MESSAGE - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name)
Merge Commit Message The default value for a merge commit message.PR_TITLE - default to the pull requests title.PR_BODY - default to the pull requests body.BLANK - default to a blank commit message
Archived Whether to archive this repository. false will unarchive a previously archived repository
Web Commit Sign off Either true to require contributors to sign off on web-based commits, or false to not require contributors to sign off on web-based commits
Outputs Description
Name(name) The name of the repository
Full Name(full_name) The full name of repository
Private(private) Whether the repository is private
Owner Login Name(owner.login) The account owner of the repository
Description(description) A short description of the repository
Has Issues(has_issues) Either true to enable issues for this repository or false to disable them
Has Projects(has_projects) Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Wiki(has_wiki) Either true to enable the wiki for this repository or false to disable it
has_discussions(has_discussions) True if the repository has discussions
Allow Forking(allow_forking) True if the repository allows forking
Visibility(visibility) The visibility of the repository ( public or private)
Created at(created_at) The timestamp when the update of the repository was initialised
Updated at(updated_at) The timestamp when the update of the repository was updated
Pushed at(pushed_at) The timestamp when the update of the repository was pushed

Github/Delete Repository method

Delete the repository given by user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension

Github/Create Fork method

Create a fork for the authenticated user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Organization (is required) Parameter to specify the organization name if forking into an organization
Name (is required) When forking from an existing repository, a new name for the fork
Default Branch Only (is required) When forking from an existing repository, fork with only the default branch
Outputs Description
Name(name) The name of the fork
Full Name(full_name) The full name of the fork
Owner Login Name(owner_login) The login name of the owner of the fork
Number of Forks(size) The number of the forks created
Organization Login(organization_login) The login name of the organization
Parent Full Name(parent_full_name) The full name of the fork parent
Parent Owner Login(parent_owner_login) The owner login name of the fork parent
Source Name(source_name) The source name of the fork
Source Full Name(source_full_name) The source full name of the fork
Source Owner Login(source_owner_login) Source owner login name of the fork

Github/List Forks method

List Forks for a repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Sort The sort order. stargazers will sort by star count
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/Add Repository Collaborator method

Add a external colaborator to the repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Username (is required) The handle for the GitHub user account.
Permission (is required) The permission to grant the collaborator
Outputs Description
Repository Full Name(repository.full_name) The full name of the repository
Repository Owner Login(repository.owner.login) The login name of the owner of the repository
Repository Invitee Login Name(repository.invitee.login) The login name of the invitee
Repository Inviter Login Name(repository.inviter.login) The login name of the inviter

Github/List Repository Collaborators method

This applies to organization-owned repositories. Collaborators encompass outside collaborators, direct/indirect organization members, and owners. Members with certain privileges can employ this endpoint.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Affiliation Filter collaborators returned by their affiliation
Permission Filter collaborators by the permissions they have on the repository. If not specified, all collaborators will be returned
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Get a Branch method

Returns a branch selected by the user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Branch (is required) Filter collaborators returned by their affiliation
Outputs Description
Name of Branch(name) The name of the branch
Author Name(author_name) The author of the branch
Author Email(author_email) The email of the author
Author Date(author_date) The timestamp when the branch was created
Committer Name(committer_name) The name of the commiter
Committer Email(committer_email) The committer email
Committer Login(login) The committer login name
Committer Type(type) The committer type
Commit Parents(parents) The parent of the branch
Protected(protected) True if the branch is protected

Github/List Branches method

List branches for the selected repository and user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Protected Setting to true returns only protected branches. When set to false, only unprotected branches are returned. Omitting this parameter returns all branches
Outputs Description
values(values) The result of the API call

Github/Rename Branch method

Rename a branch, selected by the user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Branch Name (is required) The name of the repository without the .git extension
New Branch Name (is required) The new name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
Name(name) The new name of the branch
Commit Author Name(author_name) The author name of the rename
Commit Author Email(author_email) The author mail
Commit Author Date(author_date) The timestamp when the author executed the operation
Committer Name(committer_name) The name of the committer
Committer Email(committer_email) The email of the committer
Committer Date(committer_date) The timestamp when the commiter did actions
Login Author Name(author_login) The name of login of author

Github/Merge Branch method

Merge selected branch.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Base (is required) The name of the base branch that the head will be merged into
Head (is required) The head to merge. This can be a branch name or a commit SHA1
Commit Message Commit message to use for the merge commit. If omitted, a default message will be used
Outputs Description
Commit Author Name(author_name) The author name of the rename
Commit Author Email(author_email) The author mail
Commit Author Date(author_date) The timestamp when the author executed the operation
Committer Name(committer_name) The name of the committer
Committer Email(committer_email) The email of the committer
Committer Date(committer_date) The timestamp when the commiter did actions
Commit Message(commit_message) Commit message added by the user
Commit Author Login Name(author_login) The name of login of author

Github/Sync Fork Branch method

Sync a branch of a forked repository to keep it up-to-date with the upstream repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Branch (is required) The name of the branch which should be updated to match upstream
Outputs Description
Message(message) The message with details about sync process
Merge Type(merge_type) The type of the merge
Base Branch(base_branch) The name of the base branch

Github/Create Pull Request method

Creation of a Pull Request.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Head (is required) The name of the branch where your changes are implemented
Base (is required) The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository
Title The title of the new pull request. Required unless issue is specified
Body The contents of the pull request
Head Repo The name of the repository where the changes in the pull request were made. This field is required for cross-repository pull requests if both repositories are owned by the same organization.
Draft Indicates whether the pull request is a draft
Issue An issue in the repository to convert to a pull request. The issue title, body, and comments will become the title, body, and comments on the new pull request. Required unless title is specified
Maintainer can modify Indicates whether maintainers can modify the pull request
Outputs Description
ID(id) The ID of the pull request
Number(number) The number of the pull request
State(state) The state of request
Locked(locked) True if the pull requests are false, otherwise false
User Login(user_login) The user login name
Body(body) The content of the pull reuquest
Created at(created_at) The timestamp when the pull request was created
Updated at(updated_at) The timestamp when the pull request was updated
Closed at(closed_at) The timestamp when the pull request was closed
Merged at(merged_at) The timestamp when the merged was accomplished
Head Name(head_label) The head name of the dead
User Login Name(label_user_login) The user login name
Repo Full Name(repo_full_name) The full name of the repository
Is repo private(repo_private) True if the repository is private, otherwise is false
Repo Owner Login Name(repo_owner_login) The login name of the repository owner

Github/List Pull Requests method

List all pull requests for the repo provided by the user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
State Either open, closed, or all to filter by state
Head Filter pulls by head user or head organization and branch name in the format of user:ref-name or organization:ref-name
Base Filter pulls by base branch name
Sort What to sort results by
Direction The direction of the sort
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/Merge a Pull Requests method

Merges a pull request into the base branch.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Pull number (is required) The number that identifies the pull request
Commit Title Title for the automatic commit message
Commit Message Extra detail to append to automatic commit message
SHA SHA that pull request head must match to allow merge
Merge Method The merge method to use
Outputs Description
SHA(sha) The SHA of the action
Merged(merged) True if the merged was accomplished, otherwise false
Message(message) The message with details about merge process

Github/Create Review Pull Request method

Create a review for a pull request.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Pull number (is required) The number that identifies the pull request
Commit ID The SHA of the commit needing a comment. Not using the latest commit SHA may render your comment outdated if a subsequent commit modifies the line you specify as the position
Body The relative path to the file that necessitates a comment
Event The number that identifies the pull request
Comments The number that identifies the pull request
Outputs Description
User Login Name(user_login) The user login name
Body(body) The description the release
State(state) Either open, closed, or all to filter by state.

Github/Create Issue method

Any user with pull access to a repository can create an issue. If issues are disabled in the repository, the API returns a 410 Gone status.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Title (is required) The title of the issue
Body (is required) The contents of the issue
Assignee Login for the user that this issue should be assigned to
Milestone The number of the milestone to associate this issue with
Labels Labels to associate with this issue
Assignees Logins for Users to assign to this issue.
Outputs Description
Number of Issues(number) The number of the issues
Tile(title) The title of the issues
User Login Name(user.login) The login name of the user
Labels(labels) Labels to associate with this issue. Pass one or more labels to replace the set of labels on this issue. Send an empty array ([]) to clear all labels from the issue. Only users with push access can set labels for issues. Without push access to the repository, label changes are silently dropped
Assignee(assignee) Can be the name of a user. Pass in none for issues with no assigned user, and * for issues assigned to any user
Assignees(assignees) Usernames to assign to this issue. Pass one or more user logins to replace the set of assignees on this issue. Send an empty array ([]) to clear all assignees from the issue. Only users with push access can set assignees for new issues. Without push access to the repository, assignee changes are silently dropped
Milestone(milestone) The number of the milestone to associate this issue with or use null to remove the current milestone. Only users with push access can set the milestone for issues. Without push access to the repository, milestone changes are silently dropped
Created at(created_at) The timestamp when the issue was created
Updated at(updated_at) The timestamp when the issue was updated
Body(body) The contents of the issue
Closed By(closed_by) The name of the person who resolved/closed the issue

Github/List Repository Issue method

List issues in a repository. Only open issues will be listed.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Milestone If an integer is passed, it should refer to a milestone by its number field. If the string * is passed, issues with any milestone are accepted. If the string none is passed, issues without milestones are returned
State Indicates the state of the issues to return
Assignee Can be the name of a user. Pass in none for issues with no assigned user, and * for issues assigned to any user
Creator The user that created the issue
Mentioned A user thats mentioned in the issue
Labels A list of comma separated label names
Sort What to sort results by
Direction The direction to sort the results by
Since Only show results that were last updated after the given time
Per Page The number of results per page
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Update an Issue method

Issue owners and users with push access can edit an issue.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Issue Number (is required) The number that identifies the issue.
Title The title of the issue
Body The contents of the issue
State The open or closed state of the issue
State Reason The reason for the state change. Ignored unless state is changed
Milestone The number of the milestone to associate this issue with or use null to remove the current milestone. Only users with push access can set the milestone for issues. Without push access to the repository, milestone changes are silently dropped
Labels Labels to associate with this issue. Pass one or more labels to replace the set of labels on this issue. Send an empty array ([]) to clear all labels from the issue. Only users with push access can set labels for issues. Without push access to the repository, label changes are silently dropped
Assignees Usernames to assign to this issue. Pass one or more user logins to replace the set of assignees on this issue. Send an empty array ([]) to clear all assignees from the issue. Only users with push access can set assignees for new issues. Without push access to the repository, assignee changes are silently dropped
Outputs Description
Number(number) The number of the issues
Title(title) The title of the issue
User Login(user.login) The login name of the user
Labels(labels) Labels to associate with this issue. Pass one or more labels to replace the set of labels on this issue. Send an empty array ([]) to clear all labels from the issue. Only users with push access can set labels for issues. Without push access to the repository, label changes are silently dropped
State(state) The open or closed state of the issue
Assignee(assignee) Can be the name of a user. Pass in none for issues with no assigned user, and * for issues assigned to any user
Assignees(assignees) Usernames to assign to this issue. Pass one or more user logins to replace the set of assignees on this issue. Send an empty array ([]) to clear all assignees from the issue. Only users with push access can set assignees for new issues. Without push access to the repository, assignee changes are silently dropped
Milestone(milestone) The number of the milestone to associate this issue with or use null to remove the current milestone. Only users with push access can set the milestone for issues. Without push access to the repository, milestone changes are silently dropped
Created at(created_at) The timestamp when the issue was created
Updated at(updated_at) The timestamp when the issue was updated
Closed at(closed_at) The timestamp when repository was created
Body(Body) The contents of the issue
Closed By(closed_by) The name of the person who resolved/closed the issue

Github/Create Issue Comment method

You can use the REST API to create comments on issues and pull requests. Every pull request is an issue, but not every issue is a pull request.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Issue Number (is required) The number that identifies the issue.
Body (is required) The contents of the comment
Outputs Description
User Login Name(user.login) The login name of the user
Created at(created_at) The timestamp when the issue comment was created
Updated at(updated_at) The timestamp when the issue comment was updated
Body(Body) The contents of the issue comment
User(user) User details
Reactions(reactions) A list with reactions of different users for the comment

Github/Create Release method

Users with push access to the repository can create a release.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Tag Name (is required) The name of the tag
Target Commitish Specifies the commitish value that determines where the Git tag is created from. Can be any branch or commit SHA. Unused if the Git tag already exists. Default: the repositorys default branch
Name The name of the release
Body The name of the tag
Draft True to create a draft (unpublished) release, false to create a published one.
Prerelease True to identify the release as a prerelease. false to identify the release as a full release.
Generate Release Notes Whether to automatically generate the name and body for this release. If name is specified, the specified name will be used; otherwise, a name will be automatically generated. If body is specified, the body will be pre-pended to the automatically generated notes
Discussion Category Name If specified, a discussion of the specified category is created and linked to the release. The value must be a category that already exists in the repository
Make Latest Specifies whether this release should be set as the latest release for the repository
Outputs Description
Author Login Name(author.login) The login name of the author
Tag Name(tag_name) The version of the release
Target Commitish(target_commitish) The name of the branch which is used for release
Release Name(name) The name of the release
Draft(draft) True if the release is draft, otherwise false
Prerelease(prerelease) True if it is prerelease, otherwise false
Created At(created_at) The timestamp when the release was created
Published At(published_at) The timestamp when the release was published
Body(body) The description the release

Github/List Releases method

This returns a list of releases, which does not include regular Git tags that have not been associated with a release.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/List Stargazers method

Lists the people that have starred the repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Star Repository by Authenticated User method

Lists repositories the authenticated user has starred.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension

Github/List Watchers method

Lists the people watching the specified repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Set Repository Subscription method

If you would like to watch a repository, set subscribed to true.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Subscribed (is required) The number of results per page (max 100)
Ignored (is required) Page number of the results to fetch
Outputs Description
Subscribed(subscribed) Determines if notifications should be received from this repository
Ignored(ignored) Determines if all notifications should be blocked from this repository
Reason(reason) Description about why the action was taken
Created at(created_at) The timestamp when you subscribed to a repository

GreyNoise

GreyNoise/CommunityAPI method

The Community API provides community users with a free tool to query IPs in the GreyNoise dataset and retrieve a subset of the full IP context data returned by the IP Lookup API.

Inputs Description
Token (is required) To use GreyNoise API you need to have a API Key
IP (is required) IP address to query
Outputs Description
IP(ip) The investigated IP
Noise(noise) If true, this IP has been observed scanning the internet
Riot(riot) If true, this IP was found in the RIOT project dataset
Classification(classification) The GreyNoise classification for this IP (e.g., “malicious”)
Name(name) Name of the Organization that owns the IP
Link(link) A link to the GreyNoise Visualizer for that IP
Last seen(last_seen) The last date the IP was observed by GreyNoise
Message(message) The status of the API call

HoneyDB

HoneyDB/Bad Hosts method

Retrieve a list of bad hosts from HoneyDB.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs.The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Bad Hosts Filtered method

Returns the data provided by the user to HoneyDB and enables you to download bad-host data generated by the sensors you operate.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Bad Hosts by Service method

Retrieve bad hosts by service name.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Service (is required) Provide the service name
Outputs Description
values(values) The results of the API call

HoneyDB/Bad Hosts by Service Filtered method

Returns bad hosts by service name provided by the user to HoneyDB and enables you to download bad-host data, by service name, generated by the sensors you operate.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Service (is required) Provide the service name
Outputs Description
values(values) The results of the API call

HoneyDB/IP Address History method

IP (bad host) history is a summary of all interaction activity for a certain IP address recorded by the HoneyDB network.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
values(values) The results of the API call

HoneyDB/Sensor Event Data Count method

If you have sensors that log data to HoneyDB, you can use this API to get a count of sensor event data collected for a specified date.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Sensor Data Date (is required) The date on which to count events. Format: YYYY-MM-DD
Outputs Description
values(values) The results of the API call

HoneyDB/Sensor Event Data Date method

If you have sensors that log data to HoneyDB, you may use this endpoint to get all sensor event data collected for a specified date.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Sensor Data Date (is required) The date on which to count events. Format: YYYY-MM-DD
From ID The id used as a starting point to retrieve the next 1000 results
Outputs Description
values(values) The results of the API call

HoneyDB/Sensor Event Data Date Filtered method

If you have sensors that log data to HoneyDB, you may use this endpoint to get all your sensor event data collected for a specified date.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Sensor Data Date (is required) The date on which to count events. Format: YYYY-MM-DD
From ID The id used as a starting point to retrieve the next 1000 results
Outputs Description
values(values) The results of the API call

HoneyDB/Services method

Returns services which are the network protocols emulated by honeypot sensors.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Tor IP Address Information method

Returns true or false to indicate if the IP address provided is a Tor exit node.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
values(values) The results of the API call

HoneyDB/Stats method

Returns services which are the network protocols emulated by honeypot sensors.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Year The year published. Format: YYYY
Month The month published. Format: MM

HoneyDB/Stats ASN method

Return a list of Average Sample Number.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
raw(raw) The results of the API call

HoneyDB/Twitter Threat Feed method

The Twitter threat feed includes a list of problematic hosts that have connected or attempted to connect to other honeypots on the Internet (including honeypots that do not submit data directly to HoneyDB).

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Twitter Threat Feed by Host method

Twitter threat feed data filtered by host (IP address).

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
values(values) The results of the API call

HoneyDB/Agent Sensor Nodes method

Honeydb-agent sensors are deployed on nodes. This endpoint delivers all nodes viewed within the last three days.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Agent Sensor Nodes with user information method

Honeydb-agent sensors are deployed on nodes. This endpoint delivers all nodes viewed within the last three days. Informations provided by the user.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Payload History on year/month method

IP (bad host) history (month with year) is a list of all interactions recorded by the HoneyDB network for a specific IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Year (is required) The year from which you want to receive results
Month (is required) The month from which you want to receive results
Outputs Description
values(values) The results of the API call

HoneyDB/Payload History Hash method

IP (bad host) history (hash) is a list of all interactions recorded by the HoneyDB network for a specific IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Hash (is required) Payload hash (unique identifier)
Outputs Description
values(values) The results of the API call

HoneyDB/Internet Scanner method

Returns true or false depending on if the provided IP address is part of a known Internet scanning service.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Internet Scanner(internet_scanner) True if the investigated IP is part of a known Internet scanning service, otherwise false

HoneyDB/Internet Scanner Information method

Returns true or false to indicate if the IP provided is part of a known Internet scanning service as well as additional information about the scanning entity.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Internet Scanner(internet_scanner) True if the investigated IP is part of a known Internet scanning service, otherwise false

HoneyDB/IP Address Information method

Returns true or false to show whether the provided IP address is on a known IP list.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is Bogon(is_bogon) True if the investigated IP is Bogon, otherwise false
Is TOR(is_tor) True if the investigated IP is TOR, otherwise false
Is Threat(is_threat) True if the investigated IP is a Threat, otherwise false
Is SANS IP(threat_lists.is_sansip) True if the investigated IP is from SANS, otherwise false
Is Ciarmy(threat_lists.is_ciarmy) True if the investigated IP is from Ciarmy, otherwise false
Is ET Compromised(threat_lists.is_et_compromised) True if the investigated IP is from ET Compromised, otherwise false
Is Project Honeypot(threat_lists.is_project_honeypot) True if the investigated IP is part of a Honeypot Project, otherwise false

HoneyDB/Bogon IP Address Information method

Returns true or false to indicate if the IP provided is bogon IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is Bogon(is_bogon) True if the investigated IP is Bogon, otherwise false

HoneyDB/SANS IP Address Information method

Returns true or false to indicate if the IP provided is on the SANS IP list.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is SANS IP(is_sansip) True if the investigated IP is from SANS, otherwise false
Attacks(attacks) The attack where the investigated IP was seen
Count(count) The number of attacks
First Seen(firstseen) The timestamp when the investigated IP was first time seen
Last Seen(lastseen) The timestamp when the investigated IP was last time seen
SANSI Intel(sansintel.is_sansintel) True if the investigated IP is part of SANSI Intel
Intel(sansintel.intel) The details about the investigated IP

HoneyDB/Ciarmy IP Address Information method

Returns true or false to indicate if the IP provided is on the The CINS Army List.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is Ciarmy(is_ciarmy) True if the investigated IP is from Ciarmy, otherwise false

HoneyDB/Emerging Threats Compromised IP Address Information method

Returns true or false to indicate if the IP provided is on the Emerging Threats Compromised IP list.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is ET Compromised(is_et_compromised) True if the investigated IP is from ET Compromised, otherwise false

HoneyDB/Project Honeypot IP Address Information method

Returns true or false to indicate if the IP provided is on the Project Honeypot list and additional threat data.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is project Honeypot(is_project_honeypot) True if the investigated IP is part of a Honeypot Project, otherwise false
Answer(answer) Additional Threat Data
Days(days) Additional Threat Data
Threat(threat) The category where is classified the investigated IP
Type(type) The type of threat

HoneyDB/Lookup Network Information method

Returns AS, network information and geolocation for an IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
AS Name(as_name) The AS name where of the investigated IP
AS Num(as_num) The AS number where of the investigated IP
City(city) The city where is located the investigated IP
Country ISO(country_iso) The ISO country code where is located the investigated IP
Country Name(country_name) The country name where is located the investigated IP
IP(ip) The investigated IP
IP HEX(ip_hex) The investigated IP in hexadecimal format
IP Version(ip_version) The version fo the investigated IP
Network(network) The network of the investigated IP
Network Broadcast(network_broadcast) The broadcast network of the investigated IP
Network Hostmask(network_hostmask) The hostmask network of the investigated IP
Network Netmask(network_netmask) The netmask network of the investigated IP
Network Size(network_size) The size of network of the investigated IP
Region ISO(region_iso) The ISO Region name where is located the investigated IP
Region Name(region_name) The region name where is located the investigated IP

HoneyDB/Network Address Information method

Returns all IP addresses as part of a network range.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
CIDR (is required) The Classless Inter-Domain Routing (CIDR) that is being searched
Outputs Description
CIDR(cidr) The CIDR Value
Network Addresses(network_addresses) A list of network addresses

HoneyDB/Prefixes Network Information method

Returns all prefixes advertised for a specific Autonomous System (AS) network.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
ASN (is required) The ASN that is being searched
Outputs Description
AS Number(as_num) The investigated AS number
Count(count) The number of prefixes
Prefixes(prefixes) A list of prefixes that resulted from the API call

HoneyDB/AS Network Name Information method

Returns the name of the Autonomous System (AS) network.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
ASN (is required) The ASN that is being searched
Outputs Description
AS Name(as_name) The name of the AS
AS Number(as_num) The investigated AS number

HoneyDB/Geolocation Network Information method

Geolocation information for an IP address is returned.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
City(city) The city where is located the investigated IP
Country ISO(country_iso) The ISO country code where is located the investigated IP
Country Name(country_name) The country name where is located the investigated IP
Postal Code(postal_code) The postal code where is located the investigated IP
Region ISO(region_iso) The ISO Region name where is located the investigated IP
Region Name(region_name) The region name where is located the investigated IP

HoneyDB/AWS Datacenter method

Returns AWS IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Sync Token(syncToken) The synchronization token
Create Date(createDate) The timestamp when the Sync Token was created
Prefixes(prefixes) A list of prefixes that resulted from the API call

HoneyDB/Azure Datacenter method

Returns Azure IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Azure China Datacenter method

Returns Azure China IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Azure Germany Datacenter method

Returns Azure Germany IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Azure Gov Datacenter method

Returns Azure Gov IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Google Cloud Platform Datacenter method

Returns Google Cloud IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Created(created) The timestamp when the datacenter was created
Prefixes(prefixes) A list of IPs from that datacenter

HoneyDB/Oracle Datacenter method

Returns Oracle Cloud IP ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Lat Updated Timestamp(last_updated_timestamp) -> de modificat (LAST) The timestamp when was last time updated
Regions(regions) Details about dataceter

Host.io

Hostio/Web Domain method

Metadata scraped from a domain homepage.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
Domain(domain) The investigated domain
Rank(rank) Position in host.io 10M domains ranking, https://host.io/rankings
URL(url) URL scraped from the data
IP(ip) Actual IP scraped from the data
Date(date) Date when the data was scraped
Length(length) Length of the HTML content scraped
Encoding(encoding) Encoding of the scraped data
Title(title) HTML title
Description(description) HTML meta description
Links(links) Domains of links on the homepage

Hostio/DNS Domain method

Get all the DNS records stored for a domain.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
Domain(domain) The investigated domain
IPv4 Address(a) A list of IPv4 addresses
IPv6 Address(aaaa) A list of IPv6 addresses
Mail Server(mx) A list of mail servers
Name Server(ns) A list of name servers

Get a count of the number of related domains for all supported lookups offered by Host.io.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
IP(ip) A list of related IPs
ASN(asn) A list of ASN values
Name Server(ns) A list of name servers
Mail Server(mx) A list of mail servers
Email(email) A list of emails
Backlinks(backlinks) Domains that include a link to the domain on their homepage
Redirects(redirects) Domains that redirect to the domain from their homepage

Hostio/Full Domain method

A single endpoint that includes the data from Web Domain, DNS Domain, Related Domain.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
Domain(domain) The Domain that is being searched
DNS(dns) DNS Details
IP Info(ipinfo) IP info details
Web(web) Web details
Related(related) Related Details

Hostio/Domains Field Value method

Get all domains associated with field, and a count of the total. The value should be according to the field and not necessarily a domain.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Field (is required) Domains associated with a field
Value (is required) The value should be according to the field and not necessarily a domain
Outputs Description
Google Analystics(googleanalytics) Domains that include a googleanalytics ID on their homepage
Total(total) The number of domains
Domains(domains) A list of domains

HybridAnalysis

HybridAnalysis/Search Hash method

Summary for given hash.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Hash (is required) MD5, SHA1 or SHA256
Outputs Description
values(values) The results of the API call

HybridAnalysis/Search Terms method

Search the database using the search terms.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
File Name Filename e.g. invoice.exe
File Type Filetype e.g. docx Available options: 64bits, android, assembly, bat, cmd, com, csv, data, doc, docker, docx, elf, empty, executable, flash, html, hwp, hwpx, img, iqy, java, javascript, library, lnk, macho, mshelp, msi, native, neexe, office, outlook, pdf, pedll, peexe, perl, ppt, pptx, ps, pub, python, rtf, script, sct, sh, svg, text, url, vbe, vbs, wsf, xls, xlsx
File Type Description Filetype description e.g. PE32 executable
Environment ID Environment Id
Country Country (3 digit ISO) e.g. swe
Verdict Verdict e.g. 1 Available options: 1 whitelisted, 2 no verdict, 3 no specific threat, 4 suspicious, 5 malicious
Vx Family AV Family Substring e.g. nemucod
Tag Hashtag e.g. ransomware
Date From Date from in format: Y-m-d H:i e.g. 2018-09-28 15:30
Date To Date to in format: Y-m-d H:i e.g. 2018-09-28 15:30
Port Port e.g. 8080
Host Host e.g. 192.168.0.1
Domain Domain e.g. checkip.dyndns.org
URL HTTP Request Substring e.g. google
Similar to
Context
Important Hash Unique value for a file based on the libraries and functions that it imports. It is useful for identifying and categorizing malware samples
SSDEEP Technique for comparing files based on their similarity, not their exact content. It uses a special hash function that divides the file into segments and calculates a value for each segment
Authentication Hash Authentication hash is a feature of hybrid analysis that allows users to search for malware samples based on their cryptographic hash values
Uses Tactic Uses MITRE ATT&CK® Tactic. Please check they website to get current Tactics
Uses Technique Uses MITRE ATT&CK® Technique. Please check they website to get current Techniques
Outputs Description
values(values) The results of the API call

HybridAnalysis/Quick Scan State method

Return list of available scanners.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results the API call

HybridAnalysis/Quick Scan URL method

Submit a websites url or url with file for analysis.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Scan Type (is required) Type of scan, please see /quick-scan/state to see available scanners
URL (is required) Websites url or url with file to submit
No Share Third Party When set to true, the sample is never shared with any third party. Default: true
Allow Community Access When set to true, the sample will be available for the community. Default: true (Note: when no_share_third_party is set to false, it wont be possible to set different value than true)
Comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
Submit Name Optional submission name field that will be used for file type detection and analysis
Outputs Description
SHA256(sha256) The investigated SHA
Scanners(scanners) The scanners used in analysis
Scanners V2(scanners_v2) The scanners used in analysis

HybridAnalysis/Quick Scan ID method

Some scanners need time to process file, if in response finished is set to false, then you need use this endpoint to get final results.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
ID ID of scan
Outputs Description
SHA256(sha256) The investigated SHA
Scanners(scanners) The scanners used in analysis
Scanners V2(scanners_v2) The scanners used in analysis

HybridAnalysis/Convert Quick Scan to Full Scan method

Convert quick scan to sandbox report.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
ID (is required) ID of quick scan to convert
Environment ID (is required) Environment ID. Available environments ID: 400: Mac Catalina 64 bit (x86), 310: Linux (Ubuntu 20.04, 64 bit), 300: Linux (Ubuntu 16.04, 64 bit), 200: Android Static Analysis, 160: Windows 10 64 bit, 120: Windows 7 64 bit, 110: Windows 7 32 bit (HWP Support), 100: Windows 7 32 bit
No Hash Lookup Default: false
Action Script Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie
Hybrid Analysis When set to false, no memory dumps or memory dump analysis will take place. Default: true
Experimental Anti Evasion When set to true, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
Script Logging When set to true, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
Input Sample Tampering When set to true, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
Network Settings Network settings, by the default, fully operating network is set. Available options: default: Fully operating network, tor: Route network traffic via TOR, simulated: Simulate network traffic
Email Optional E-Mail address that may be associated with the submission for notification
Comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
Custom CMD Line Optional commandline that should be passed to the analysis file
Custom Run Time Optional runtime duration (in seconds)
Submit Name Optional submission name field that will be used for file type detection and analysis
Priority Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority
Document Password Optional document password that will be used to fill-in Adobe/Office password prompts
Outputs Description
Job ID(job_id) The job ID
Submission ID(submission_id) The submission ID of the request
Environment ID(environment_id) The environment ID
SHA256(sha256) The SHA generated for this scan

HybridAnalysis/Overview SHA256 method

Return overview for hash.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
SHA 256 (is required) SHA256 for lookup
Outputs Description
Last File Name(last_file_name) The last known name
SHA256(sha256) The investigated SHA
Other File Name(other_file_name) Possible other name of the file
Threat Score(threat_score) The threat score calculated by HybridAnalysis
Verdict(verdict) Verdict e.g. 1 Available options: 1 whitelisted, 2 no verdict, 3 no specific threat, 4 suspicious, 5 malicious
Scanners(scanners) The scanners used in analysis
Scanners V2(scanners_v2) The scanners used in analysis
Submit Context(submit_context) Details about submission of investigation
Related Parent Hashes(related_parent_hashes) A list of parent related hashes
Related Children hashes(related_children_hashes) A list of children related hashes
Reports(reports) A list of reports for the investigated hash
Whitelisted(whitelisted) True if the SHA is whitelisted
Related Reports(related_reports) A list of reports related

HybridAnalysis/Overview Refresh method

Refresh overview and download fresh data from external services.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
SHA 256 (is required) SHA256 for lookup
Outputs Description
values(values) The results of the API call

HybridAnalysis/Overview Summary method

Return overview for hash.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
SHA 256 (is required) SHA256 for lookup
Outputs Description
Threat Score(threat_score) The threat score calculated by HybridAnalysis
Verdict(verdict) Verdict e.g. 1 Available options: 1 whitelisted, 2 no verdict, 3 no specific threat, 4 suspicious, 5 malicious
Analysis Start Time(analysis_start_time) The timestamp when the analysis start
Last Multi Scan(last_multi_scan) The timestamp of tha last multi scan
Multiscan Result(multiscan_result) The number of results from multi scan

HybridAnalysis/Create File Collection method

Create file collection.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Collection Name Optional collection name
Comment Optional comment text that may be associated with the file collection (Note: you can use #tags here)
No Share Third Party When set to true, samples within collection will never be shared with any third party. Default: true
Allow Community Access When set to true, samples within collection will be available for the community. Default: true
Outputs Description
ID(id) The ID of the new Collection Created

HybridAnalysis/File Collection Search method

Search the database using the search terms.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Collection Name Collection Name
Tag Hashtag e.g. ransomware
Outputs Description
Result(result) The results of the API call

HybridAnalysis/File Collection ID method

Return a summary of file collection.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
ID (is required) File collection id
Outputs Description
ID(id) File collection id
Name(name) The name of collection
Comment(comment) Details about collection
Files(files) A list of files from this collection
Created At(created_at) The timestamp when the collection was created
Tags(tags) A list of possible tags assigned to the collection

HybridAnalysis/Submit URL method

Submit a websites url or url with file for analysis.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
URL (is required) URL for analyze or url of file to submit
Environment ID (is required) Environment ID. Available environments ID: 400: Mac Catalina 64 bit (x86), 310: Linux (Ubuntu 20.04, 64 bit), 300: Linux (Ubuntu 16.04, 64 bit), 200: Android Static Analysis, 160: Windows 10 64 bit, 120: Windows 7 64 bit, 110: Windows 7 32 bit (HWP Support), 100: Windows 7 32 bit
No Share Third Party When set to true, the sample is never shared with any third party. Default: true
Allow Community Access When set to true, the sample will be available for the community. Ignored unless url contains a file, in other case, there will be a true value. Default: true
No Hash Lookup Default: false
Action Script Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie
Hybrid Analysis When set to false, no memory dumps or memory dump analysis will take place. Default: true
Experimental Anti Evasion When set to true, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
Script Logging When set to true, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
Input Sample Tempering When set to true, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
Network Settings Network settings, by the default, fully operating network is set. Available options: default: Fully operating network, tor: Route network traffic via TOR, simulated: Simulate network traffic
Email Optional E-Mail address that may be associated with the submission for notification
Comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
Custom Date Time Optional custom date/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm
Cstom CMD Line Optional commandline that should be passed to the analysis file
Custom Run Time Optional runtime duration (in seconds)
Submit Name Optional submission name field that will be used for file type detection and analysis. Ignored unless url contains a file
Priority Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority
Document Password Optional document password that will be used to fill-in Adobe/Office password prompts. Ignored unless url contains a file
Environment Variable Optional system environment value. The value is provided in the format: name: value
Outputs Description
Job ID(job_id) The job ID
Submission ID(submission_id) The submission ID of the request
Environment ID(environment_id) The environment ID
SHA256(sha256) The SHA generated for this scan

HybridAnalysis/Submit Hash For URL method

Determine a SHA256 that an online file or URL submission will have when being processed by the system. Note: this is useful when looking up URL analysis.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
URL (is required) Url to check
Outputs Description
SHA256(sha256) The SHA generated for URL checked

HybridAnalysis/System Version method

Return system elements versions.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results of the API call

HybridAnalysis/System Environments method

Return information about available execution environments.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results of the API call

HybridAnalysis/System Action Scripts method

Return information about available action scripts.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results of the API call

HybridAnalysis/Key Current method

Return information about the used API key and it limits.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
API Key(api_key) The API key used for this API call
Authority Level(auth_level) Authority level of the API key
Authority Level Name(auth_level_name) Authority name level of the API key
User ID(user_id) The user ID which has the API key associated
User Email(user_email) The user email which has the API key associated
User Name(user_name) The user name which has the API key associated

HybridAnalysis/Submission Quota method

Return information about quota and current usage.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
Detonation(detonation) Details about usage of API Key
Quick Scan(quick_scan) DEmails about Quick Scans

HybridAnalysis/Feed method

Access a JSON feed (summary information) of last 250 reports from 24h.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
Data(data) The results of the aPI call

HybridAnalysis/Abuse Reports Feed method

Returns hashes of samples that were qualified for removal due to abuse or were containing private data and dates when it happened.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Page Page if there more results than we can display in one request
Outputs Description
Results(results) The results of the API call
Number of results(number_of_results) The total number of results
Number of pages(number_of_pages) The total number of pages
Link to previous page(link_to_previous_page) URL to the previous page
Link to next page(link_to_next_page) URL to the next page

IP-API

IPAPI/IP Geolocation method

Return Geolocation informations.

Inputs Description
Format (is required) The format in which you want to receive the result
Query The query can be a single IPv4/IPv6 address or a domain name. If you dont supply a query the current IP address will be used
Fields If you do not require all the returned fields, use the GET parameter fields to specify which data should be returned
Outputs Description
Query(query) The investigated IP
Status(status) The status of the API call
Country(country) The country of origin of IP
Country Code(countryCode) The country code of origin of IP
Region(region) The region of origin of IP
Region Name(regionName) The region name of origin of IP
City(city) The city of origin of IP
ZIP(zip) The zip of origin of IP
Timezone(timezone) The timezone of origin of IP
ISP(isp) The ISP who provided the IP

IPinfo.io

IPinfoio/Geolocation Data method

It includes country, region, city, and postal code of the target IP.

Inputs Description
Token (is required) To use the IPinfo.io API, you must have an API key
IP Address (is required) The IP Address that is being searched
Outputs Description
IP(ip) The investigated IP
Hostname(hostname) Hostname of the investigated IP
Anycast(anycast) True if the investigated IP is anycast
City(city) The city of origin of IP
Region(region) The region of origin of IP
Country(country) The country of origin of IP
Loc(loc) The latitude and longitude
ORG(org) The organisation that issued the IP
Postal(postal) The postal code of origin of IP
Timezone(timezone) The timezone of origin of IP

IPQualityScore

IP Quality Score/Proxy and VPN Detection method

List the syslog servers for a network.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Strictness
User Language You can optionally provide us with the users language header. This allows us to evaluate the risk of the user as judged in the fraud_score
User Agent You can optionally provide us with the user agent string (browser). This allows us to run additional checks to see if the user is a bot or running an invalid browser. This allows us to evaluate the risk of the user as judged in the fraud_score
Allow Public Access Points
Fast When this parameter is enabled our API will not perform certain forensic checks that take longer to process. Enabling this feature greatly increases the API speed without much impact on accuracy. This option is intended for services that require decision making in a time sensitive manner and can be used for any strictness level
Lighter Penalties Is your scoring too strict? Enable this setting to lower detection rates and Fraud Scores for mixed quality IP addresses. If you experience any false-positives with your traffic then enabling this feature will provide better results
Mobile You can optionally specify that this lookup should be treated as a mobile device. Recommended for mobile lookups that do not have a user agent attached to the request. NOTE: This can cause unexpected and abnormal results if the device is not a mobile device
Transaction Strictness Adjusts the weights for penalties applied due to irregularities and fraudulent patterns detected on order and transaction details that can be optionally provided on each API request. This feature is only beneficial if you are passing order and transaction details
Outputs Description
Success(success) Was the request successful?
Message(message) A generic status message, either success or some form of an error notice
Fraud Score(fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold
Country Code(country_code) Two character country code of IP address or N/A if unknown
Region(region) Region (state) of IP address if available or N/A if unknown
City(city) City of IP address if available or N/Aif unknown
ISP(ISP) ISP if one is known. Otherwise N/A
ASN(ASN) Autonomous System Number if one is known. Null if nonexistent
Organization(organization) Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise N/A
Is Crawler(is_crawler) Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification
Timezone(timezone) Timezone of IP address if available or N/A if unknown
Mobile(mobile) Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)
Host(host) Hostname of the IP address if one is available
Proxy(proxy) Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)
VPN(vpn) Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The proxy status will always be true when this value is true
Tor(tor) Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The proxy status will always be true when this value is true
Active VPN(active_vpn) Identifies active VPN connections used by popular VPN services and private VPN servers
Active Tor(active_tor) Identifies active TOR exits on the TOR network
Recent Abuse(recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days
Bot Status(bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious
Connection Type(connection_type) Classification of the IP address connection type as Residential, Corporate, Education, Mobile, or Data Center
Abuse Velocity(abuse_velocity) How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be high, medium, low, or none. Can be used in combination with the Fraud Score to identify bad behavior
ZIP code(zip_code) Postal code of IP address if available or N/A if unknown. IP addresses can relate to multiple postal codes in a city, so we recommend performing analysis of similar postal codes nearby

IP Quality Score/User Payment Transaction History method

User Payment Transaction History.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Strictness Uses the lowest strictness (0-3) for Fraud Scoring. Increasing this value will expand the tests we perform. Levels 2+ have a higher risk of false-positives. We recommend using level 0 or 1 for the best results
Billing First Name The customers billing first name
Billing Last Name The customers billing last name
Billing Company The customers billing company
Billing Country The customers billing country name or billing country ISO-Alpha2. (EG: United States or US)
Billing Address 1 The customers billing street address part 1
Billing Address 2 The customers billing street address part 2
Billing City The customers billing city
Billing Region The customers billing region or state
Billing Postcode The customers billing postcode or zipcode
Billing Email The customers billing email address
Billing Phone The customers billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by IP Quality Score AI.)
Shipping First Name The customers shipping first name
Shipping Last Name The customers shipping last name
Shipping Company The customers shipping company
Shipping Country The customers shipping country name or shipping country ISO-Alpha2. (EG: United States or US)
Shipping Address 1 The customers shipping street address part 1
Shipping Address 2 The customers shipping street address part 2
Shipping City The customers shipping city
Shipping Region The customers shipping region or state
Shipping Postcode The customers shipping postcode or zipcode
Shipping Email The customers shipping email address
Shipping Phone The customers shipping phone number
Username The customers username
Password Hash For security reasons and following industry best practices, a SHA256 hash of the users password for better user analysis
Credit Card Bin First six digits of the credit or debit card, referred to ask the Bank Identification Number
Credit Card Hash For security reasons and following industry best practices, a SHA256 hash of the credit card number is accepted to check against blacklisted cards
Credit Card Expiration Month Two letter format of the credit cards expiration month. For example, May would be 05
Credit Card Expiration Year Two letter format of the credit cards expiration year. For example, 2023 would be 23
AVS Code One letter Address Verification Service (AVS) response code provided by the credit card processor or bank
CVV Code One letter Card Verification Value (CVV2) response code provided by the credit card processor or bank
Order Amount Total balance of the entire order without currency symbols
Quantity of items for this order Quantity of items for this order
Recurring Is this a recurring order that automatically rebills?
Recurring Times If this is a recurring order, then how many times has this recurring order rebilled? For example, if this is the third time the user is being billed, please enter this value as 3. If this is the initial recurring order, please leave the value as blank or enter 1
Outputs Description
Success(success) Was the request successful?
Message(message) A generic status message, either success or some form of an error notice
Fraud Score(fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold
Country Code(country_code) Two character country code of IP address or N/A if unknown
Region(region) Region (state) of IP address if available or N/A if unknown
City(city) City of IP address if available or N/A if unknown
ISP(ISP) ISP if one is known. Otherwise N/A
Organization(organization) Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise N/A
Is Crawler(is_crawler) Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification.
Mobile(mobile) Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)
Host(host) Hostname of the IP address if one is available
Proxy(proxy) Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)
VPN(vpn) Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The proxy status will always be true when this value is true
Tor(tor) Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The proxy status will always be true when this value is true
Active VPN(active_vpn) Identifies active VPN connections used by popular VPN services and private VPN servers
Active Tor(active_tor) Identifies active TOR exits on the TOR network
Recent Abuse(recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days
Bot Status(bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious
Connection Type(connection_type) Classification of the IP address connection type as Residential, Corporate, Education, Mobile, or Data Center
Abuse Velocity(abuse_velocity) How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be high, medium, low, or none. Can be used in combination with the Fraud Score to identify bad behavior
Transaction Details(transaction_details) Physical address validation and reputation analysis

IP Quality Score/Phone Reputation method

Generate a phone number reputation score to verify users, payments, & sign ups to prevent fraudulent behavior.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Billing Country The customers billing country name or billing country ISO-Alpha2. (EG: United States or US)
Billing Phone The customers billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by IP Quality Score AI.)
Billing Phone Country Code Country dialing code associated with the billing phone. Typically 1-3 digits
Shipping Country The customers shipping country name or shipping country ISO-Alpha2. (EG: United States or US)
Shipping Phone Country Code Country dialing code associated with the shipping phone. Typically 1-3 digits
Shipping Phone The customers shipping phone number
Outputs Description
Success(success) Was the request successful?
Message(message) A generic status message, either success or some form of an error notice
Fraud Score(fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold
Country Code(country_code) Two character country code of IP address or N/A if unknown
Region(region) Region (state) of IP address if available or N/A if unknown
City(city) City of IP address if available or N/A if unknown
ISP(ISP) ISP if one is known. Otherwise N/A
Organization(organization) Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise N/A
Is Crawler(is_crawler) Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification
Mobile(mobile) Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)
Host(host) Hostname of the IP address if one is available
Proxy(proxy) Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)
VPN(vpn) Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The proxy status will always be true when this value is true
Tor(tor) Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The proxy status will always be true when this value is true
Active VPN(active_vpn) Identifies active VPN connections used by popular VPN services and private VPN servers
Active Tor(active_tor) Identifies active TOR exits on the TOR network
Recent Abuse(recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days
Bot Status(bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious
Connection Type(connection_type) Classification of the IP address connection type as Residential, Corporate, Education, Mobile, or Data Center
Abuse Velocity(abuse_velocity) How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be high, medium, low, or none. Can be used in combination with the Fraud Score to identify bad behavior
Transaction Details(transaction_details) A generic status message, either success or some form of an error notice

IP Quality Score /Proxy Detection method

Instantly detect invalid addresses, misformatted user data and typos, and physical addresses that have recently been reported for fraudulent behavior.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Billing Address 1 Users billing or primary street address part 1.
Billing Address 2 Users billing or primary street address part 2.
Billing City Users billing or primary city.
Billing Region Users billing or primary region or state.
Billing Postcode Users billing or primary postcode or zipcode.
Billing Country Users billing or primary country name or billing country ISO-Alpha2. (EG: United States or US)
Shipping Address 1 Users billing or primary street address part 1.
Shipping Address 2 Users billing or primary street address part 2.
Shipping City Users billing or primary city.
Shipping Region Users billing or primary region or state.
Shipping Postcode Users billing or primary postcode or zipcode.
Shipping Country Users billing or primary country name or shipping country ISO-Alpha2. (EG: United States or US)
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Fraud Score (fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold.
Recent Abuse (recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days.
Bot Status (bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious.
Transaction Details (transaction_details) Physical address validation and reputation analysis.

IP Quality Score /Validate Email method

IPQualityScores Email Validation API boosts deliverability by detecting invalid, fraudulent emails, spam traps, and more. It offers real-time verification to prevent fake accounts, errors, and misuse on your platform.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
Email to check (is required) The email which is verified
Fast When this parameter is enabled our API will not perform an SMTP check with the mail service provider, which greatly increases the API speed. Syntax and DNS checks are still performed on the email address as well as our disposable email detection service. This option is intended for services that require decision making in a time sensitive manner.
Timeout Maximum number of seconds to wait for a reply from a mail service provider. If your implementation requirements do not need an immediate response, we recommend bumping this value to 20. Any results which experience a connection timeout will return the timed_out variable as true. Default value is 7 seconds.
Suggest Domain Force analyze if the email addresss domain has a typo and should be corrected to a popular mail service. By default, this test is currently only performed when the email is invalid or if the recent abuse status is true.
Strictness Sets how strictly spam traps and honeypots are detected by our system, depending on how comfortable you are with identifying emails suspected of being a spam trap. 0 is the lowest level which will only return spam traps with high confidence. Strictness levels above 0 will return increasingly more strict results, with level 2 providing the greatest detection rates.
Abuse Strictness Set the strictness level for machine learning pattern recognition of abusive email addresses with the recent_abuse data point. Default level of 0 provides good coverage, however if you are filtering account applications and facing advanced fraudsters then we recommend increasing this value to level 1 or 2.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Valid (valid) Does this email address appear valid?
Disposable (disposable) Is this email suspected of belonging to a temporary or disposable mail service? Usually associated with fraudsters and scammers.
SMTP Score (smtp_score) Validity score of email servers SMTP setup. Range: -1 - 3. Scores above -1 can be associated with a valid email.-1 = invalid email address0 = mail server exists, but is rejecting all mail1 = mail server exists, but is showing a temporary error2 = mail server exists, but accepts all email3 = mail server exists and has verified the email address
Overall Score (overall_score) Overall email validity score. Range: 0 - 4. Scores above 1 can be associated with a valid email.0 = invalid email address1 = dns valid, unreachable mail server2 = dns valid, temporary mail rejection error3 = dns valid, accepts all mail4 = dns valid, verified email exists
First Name (first_name) Suspected first name based on email. Returns CORPORATE if the email is suspected of being a generic company email. Returns UNKNOWN if the first name was not determinable.
DNS Valid (dns_valid) Does the emails hostname have valid DNS entries? Partial indication of a valid email.
Honeypot (honeypot) Is this email believed to be a honeypot or SPAM trap? Bulk mail sent to these emails increases your risk of being blacklisted by large ISPs & ending up in the spam folder.
Frequent Complainer (frequent_complainer) Indicates if this email frequently unsubscribes from marketing lists or reports email as SPAM.
Fraud Score (fraud_score) The overall Fraud Score of the user based on the emails reputation and recent behavior across the IPQS threat network. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent.
Recent Abuse (recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this email address. Abuse could be a confirmed chargeback, fake signup, compromised device, fake app install, or similar malicious behavior within the past few days.
Domain Age in human readable format (domain_age_human) A human description of when this domain was registered. (Ex: 3 months ago)
Domain Age Timestamp (domain_age_timestamp) The unix time since epoch when this domain was first registered. (Ex: 1568061634)
First seen in human readable format (first_seen_human) A human description of the email address age, using an estimation of the email creation date when IPQS first discovered this email address. (Ex: 3 months ago)
First Seen Timestamp (first_seen_timestamp) The unix time since epoch when this email was first analyzed by IPQS. (Ex: 1568061634)
Sanitized Email (sanitized_email) Sanitized email address with all aliases and masking removed, such as multiple periods for Gmail.com.
Domain Velocity (domain_velocity) Indicates the level of legitimate users interacting with the email address domain. Values can be high, medium, low, or none. Domains like IBM.com, Microsoft.com, Gmail.com, etc. will have high scores as this value represents popular domains. New domains or domains that are not frequently visited by legitimate users will have a value as none.
User Activity (user_activity) Frequency at which this email address makes legitimate purchases, account registrations, and engages in legitimate user behavior online. Values can be high, medium, low, or none. Values of high or medium are strong signals of healthy usage. New email addresses without a history of legitimate behavior will have a value as none. This field is restricted to higher plan tiers.
Status Associated Phone Numbers (associated_phone_numbers_status) Status of phone numbers associated with investigated email address
List Associated Phone Numbers (associated_phone_numbers_phone_numbers) A list with associated phone numbers with investigated email address
Associated names (associated_names) Displays first and last names linked to the email address, if available in our data sources. Match rates vary by country. This field is restricted to upgraded plans. Object value contains, status, and names as an array.
Spam Trap Score (spam_trap_score) Intelligent confidence level of the email address being an active SPAM trap. Values can be high, medium, low, or none. We recommend scrubbing emails with a high status, typically for any promotional mailings. This data is meant to provide a more accurate result for the frequent_complainer and honeypot data points, which collect data from spam complaints, spam traps, and similar techniques.

IP Quality Score /Phone Number Validation

Perform carrier lookups by API in any region to detect disconnected phone numbers and retrieve important carrier info including line types to determine if a number is a VOIP, landline, mobile.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
Number to check (is required) To use IP Quality Score you need to have an API Key
Country You can optionally provide us with the default country or countries this phone number is suspected to be associated with. Our system will prefer to use a country on this list for verification or will require a country to be specified in the event the phone number is less than 10 digits.
Strictness How in depth (strict) do you want this reputation check to be? Stricter checks may provide a higher false-positive rate. We recommend starting at 0, the lowest strictness setting, and increasing to 1 or 2 depending on your levels of fraud.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Active (active) Is this phone number a live usable phone number that is currently active?
Formatted (formatted) The phone number formatted in the international dialing code. N/A if not formattable.
Local Format (local_format) The phone number formatted in the countrys local routing rules with area code. N/A if not formattable.
Valid (valid) Is the phone number properly formatted and considered valid based on assigned phone numbers available to carriers in that country?
Fraud Score (fraud_score) The IPQS risk score which estimates how likely a phone number is to be fraudulent. Scores 85+ are risky while Fraud Scores 90+ are high risk.
Recent Abuse (recent_abuse) Has this phone number been associated with recent or ongoing fraud?
VOIP (VOIP) Is this phone number a Voice Over Internet Protocol (VOIP) or digital phone number?
Prepaid (prepaid) Is this phone number associated with a prepaid service plan?
Risky (risky) Is this phone number associated with fraudulent activity, scams, robo calls, fake accounts, or other unfriendly behavior?
Carrier (carrier) The carrier (service provider) this phone number has been assigned to or N/Aif unknown.
Line Type (line_type) The type of line this phone number is associated with (Toll Free, Mobile, Landline, Satellite, VOIP, Premium Rate, Pager, etc...) or N/Aif unknown.
Country (country) The two character country code for this phone number.
City (city) City of the phone number if available or N/A if unknown.
Zip Code (zip_code) Zip or Postal code of the phone number if available or N/A if unknown.
Region (region) Region (state) of the phone number if available or N/A if unknown.
Dialing code (dialing_code) The 1 to 4 digit dialing code for this phone number or null if unknown.
Active Status (active_status) Additional details on the status of the subscriber connection when enhanced active line checks are enabled. Contact your account manager to enable this add-on feature. These values can be Active Line, Disconnected Line, Phone Turned Off, Inconclusive Status, or N/A if unknown.
Status of associated email address (associated_email_addresses.status) The status of associated emails
Associated Emails (associated_email_addresses.emails) A list with associated emails
User Activity (user_activity) Frequency at which this phone number makes legitimate purchases, account registrations, and engages in legitimate user behavior online. Values can be high, medium, low, or none. Values of high or medium are strong signals of healthy usage. New phone numbers without a history of legitimate behavior will have a value as none
Mobile Network Code (mnc) The Mobile Network Code(MNC) is a concise identifier that represents a specific mobile carrier or network within a given country. It helps quickly identify the mobile service provider associated with a mobile device, enabling efficient routing of communication and services
Mobile Country Code (mcc) The Mobile Country Code is a numerical identifier that succinctly represents the specific country associated with a mobile phones network. This code helps in identifying the nation where the mobile device is registered or operational, facilitating accurate routing of mobile communications and services
Leaked (leaked) Has this phone number recently been exposed in an online database breach or act of compromise
Spammer (spammer) Indicates if the phone number has recently been reported for spam or harassing calls/texts
Do not call (do_not_call) Indicates if the phone number is listed on any Do Not Call (DNC) lists. Only supported in US and CA. This data may not be 100% up to date with the latest DNC blacklists. Contact your account manager to enable better DNC data and TCPA litigator removal

IP Quality Score /Malicious URL Scanner method

Scans links in real-time to detect suspicious URL.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
URL (is required) The URL which will be investigated
Fast When this parameter is enabled our API will not perform an SMTP check with the mail service provider, which greatly increases the API speed. Syntax and DNS checks are still performed on the email address as well as our disposable email detection service. This option is intended for services that require decision making in a time sensitive manner.
Timeout Maximum number of seconds to perform live page scanning and follow redirects. If your implementation requirements do not need an immediate response, we recommend bumping this value to 5. Default value is 2 seconds.
Strictness How strict should we scan this URL? Stricter checks may provide a higher false-positive rate. We recommend defaulting to level 0, the lowest strictness setting, and increasing to 1 or 2 depending on your levels of abuse.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Unsafe (unsafe) Is this domain suspected of being unsafe due to phishing, malware, spamming, or abusive behavior? View the confidence level by analyzing the Risk Score.
Domain (domain) Domain name of the final destination URL of the scanned link, after following all redirects.
IP Address (ip_address) The IP address corresponding to the server of the domain name.
Server (server) The server banner of the domains IP address. For example: nginx/1.16.0. Value will be N/A if unavailable.
Content Type (content_type) MIME type of URLs content. For example text/html; charset=UTF-8. Value will be N/A if unavailable.
Domain Rank (domain_rank) Estimated popularity rank of website globally. Value is 0 if the domain is unranked or has low traffic.
DNS Valid (dns_valid) The domain of the URL has valid DNS records.
Parking (parking) Is the domain of this URL currently parked with a for sale notice?
Spamming (spamming) Is the domain of this URL associated with email SPAM or abusive email addresses?
Malware (malware) Is this URL associated with malware or viruses?
Phishing (phishing) Is this URL associated with malicious phishing behavior?
Suspicious (suspicious) Is this URL suspected of being malicious or used for phishing or abuse? Use in conjunction with the risk_score as a confidence level.
Adult (adult) Is this URL or domain hosting dating or adult content?
Risk Score (risk_score) The IPQS risk score which estimates the confidence level for malicious URL detection. Risk Scores 85+ are high risk, while Risk Scores = 100 are confirmed as accurate.
Country Code (country_code) The country corresponding to the servers IP address.
Category (category) Website classification and category related to the content and industry of the site. Over 70 categories are available including Video Streaming, Trackers, Gaming, Privacy, Advertising, Hacking, Malicious, Phishing, etc. The value will be N/A if unknown.
Domain Age in human readable format (domain_age_human) A human description of when this domain was registered. (Ex: 3 months ago)
Domain Age Timestamp (domain_age_timestamp) The unix time since epoch when this domain was first registered. (Ex: 1568061634)
Redirected (redirected) Does the URL redirect to another domain when loaded in a browser?

IP Quality Score /Fraud Reporting method

List the syslog servers for a network.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP The IPv4 or IPv6 address you wish to report. (optional, one required)
Email The email address you wish to report. (optional, one required)
Request ID The Request ID you wish to report. (optional, one required)
Phone The 9 to 20 digit phone number you wish to report. Must include country field below.(optional, one required, required with country below)
Country The 2 letter country code (preferred method) or full properly formatted name (capitalization and spacing required) of the phone number you wish to report. Must include phone field above.(optional, one required, required with phone above)
Billing First Name The customers billing first name.
Billing Last Name The customers billing last name.
Billing Company The customers billing company.
Billing Country The customers billing country name or billing country ISO-Alpha2. (EG: United States or US)
Billing Address 1 The customers billing street address part 1.
Billing Address 2 The customers billing street address part 2.
Billing City The customers billing city.
Billing Region The customers billing region or state.
Billing Postcode The customers billing postcode or zipcode.
Billing Email The customers billing email address.
Billing Phone The customers billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by IP Quality Score AI.)
Shipping First Name The customers shipping first name.
Shipping Last Name The customers shipping last name.
Shipping Company The customers shipping company.
Shipping Country The customers shipping country name or shipping country ISO-Alpha2. (EG: United States or US)
Shipping Address 1 The customers shipping street address part 1.
Shipping Address 2 The customers shipping street address part 2.
Shipping City The customers shipping city.
Shipping Region The customers shipping region or state.
Shipping Postcode The customers shipping postcode or zipcode.
Shipping Email The customers shipping email address.
Shipping Phone The customers shipping phone number
Username The customers username.
Password Hash For security reasons and following industry best practices, a SHA256 hash of the users password for better user analysis.
Credit Card Bin First six digits of the credit or debit card, referred to ask the Bank Identification Number.
Credit Card Hash For security reasons and following industry best practices, a SHA256 hash of the credit card number is accepted to check against blacklisted cards.
Credit Card Expiration Month Two letter format of the credit cards expiration month. For example, May would be 05.
Credit Card Expiration Year Two letter format of the credit cards expiration year. For example, 2023 would be 23.
AVS Code One letter Address Verification Service (AVS) response code provided by the credit card processor or bank.
CVV Code One letter Card Verification Value (CVV2) response code provided by the credit card processor or bank.
Order Amount Total balance of the entire order without currency symbols.
Order Quantity Quantity of items for this order.
Recurring Is this a recurring order that automatically rebills?
Recurring Times If this is a recurring order, then how many times has this recurring order rebilled? For example, if this is the third time the user is being billed, please enter this value as 3. If this is the initial recurring order, please leave the value as blank or enter 1.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Request ID (request_id) A unique identifier for this request that can be used to lookup the request details or send a postback conversion notice.

IP Quality Score /Credit Usage method

Access your accounts total number of available credits and current usage for this billing period.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API KeyTo use IP Quality Score you need to have an API Key
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Credits (credits) The remaining credits on the API Key
Usage (usage) How many times were used the APIs calls
Proxy Usage (proxy_usage) How many times was used proxy api
Email Usage (email_usage) How many times was used email usage
Fingerprint Usage (fingerprint_usage) How many times was used fingerprint usage

IPStack

IPStack/Standard IP Address Lookup method

Standard Lookup is used to look up single IPv4 or IPv6 addresses.

Inputs Description
Token (is required) To use the IPStack API, you must have an API key.
IP Address (is required) Any IPv4 or IPv6 address; you can also enter a domain URL to have ipstack resolve the domain to the underlying IP address.
Fields Set to your preferred output field(s) according to the Specify Output Fields section.
Hostname Set to 1 to enable Hostname Lookup.
Security Set to 1 to enable the Security module.
Language Set to a 2-letter language code according to the Specify Output Language section to change output language.
Callback Specify a JSONP callback function name according to the JSONP Callbacks section.
Outputs Description
IP (ip) Returns the requested IP address
Type (type) Returns the IP address type IPv4 or IPv6
Continent Code (continent_code) Returns the 2-letter country code associated with the IP
Continent Name (continent_name) Returns the name of the country associated with the IP
Country Code (country_code) Returns the 2-letter country code associated with the IP
Country Name (country_name) Returns the name of the country associated with the IP
Region Name (region_code) Returns the region code of the region associated with the IP (e.g. CA for California)
City (city) Returns the name of the city associated with the IP
ZIP (zip) Returns the ZIP code associated with the IP
Location (location) Returns multiple location-related objects

IPStack/Requester IP Address Lookup method

Look up for the IP from which the request comes.

Inputs Description
Token (is required) To use the IPStack API, you must have an API key.
Fields Set to your preferred output field(s) according to the Specify Output Fields section.
Hostname Set to 1 to enable Hostname Lookup.
Security Set to 1 to enable the Security module.
Language Set to a 2-letter language code according to the Specify Output Language section to change output language.
Callback Specify a JSONP callback function name according to the JSONP Callbacks section.
Outputs Description
IP (ip) Returns the requested IP address
Type (type) Returns the IP address type IPv4 or IPv6
Continent Code (continent_code) Returns the 2-letter country code associated with the IP
Continent Name (continent_name) Returns the name of the country associated with the IP
Country Code (country_code) Returns the 2-letter country code associated with the IP
Country Name (country_name) Returns the name of the country associated with the IP
Region Code (region_code) Returns the region code of the region associated with the IP (e.g. CA for California)
Region Name (region_name) Returns the name of the region associated with the IP
City (city) Returns the name of the city associated with the IP
ZIP (zip) Returns the ZIP code associated with the IP
Location (location) Returns multiple location-related objects

Kuudos

Kuudos/APKs List of Applications method

List of applications (APKs).

Inputs Description
Token (is required) To use the Kuudos API, you must have an API key.
Search Allow advanced search.
Outputs Description
Next (next) URL to the next page
Previous (previous) URL to the previous page
Results (results) The results of the API call

Kuudos/Detailed Information about an APK method

An APKs detailed information.

Inputs Description
Token (is required) To use the Kuudos API, you must have an API key.
SHA256 (is required) Identify APK based on sha256
Outputs Description
ID (id) The ID of the investigated APK SHA
URL (url) The URL of the investigated APK
SHA256 (sha256) The SHA256 of the investigated APK
MD5 (md5) The MD5 of the investigated APK
SHA1 (sha1) The SHA1 of the investigated APK
APP (app) The name of the investigated APK
Package Name (package_name) The package name of the investigated APK
Company (company) The OS where the APK can be installed
Is trusted (is_trusted) True if the app is not a malware, otherwise false
Is Installed (is_installed) True if the app is installed, otherwise false
Rating (rating) The value assigned by Koodous
Is Detected (is_detected) True if the APK is detected, otherwise false
Is Corrupted (is_corrupted) True if the APK is detected, otherwise false
Is Static Analyzed (is_static_analyzed) True if the APK is static analyzed, otherwise false
Is Dynamic Analyzed (is_dynamic_analyzed) True if the APK is static analyzed, otherwise false
Last Yara Analysis at (last_yara_analysis_at) The results of the last Yara Analysis
Created at (created_at) The timestamp when report was created
Last Scan (last_scan) The results of the last scan

Kuudos/Static and Dynamic Analysis Reports method

Get a copy of the static and dynamic analysis reports.

Inputs Description
Token To use the Kuudos API, you must have an API key.
SHA256 (is required) Identify APK based on sha256
Outputs Description
Cuckoo (cuckoo) The results from Cuckoo
Androguard (androguard) The results from Androguard
Droidbox (droidbox) The results from Droidbox

MacVendors

MACVendors /MAC Address Lookup method

This API performs a quick and easy vendor lookup for mac addresses.

Inputs Description
Token (is required) To use the MacVendors API, you must have an API key.
MAC address (is required) The MAC address that is being searched.
Outputs Description
Data (data) The results of the API call

Mailboxlayer

MailBoxLayer/Email Check method

Validates and verifies an email address in order to determine deliverability and quality.

Inputs Description
Token (is required) To use the Mailboxlayer API, you must have an API key.
Email (is required) Email to check
Outputs Description
catch_all (catch_all) Returns true or false depending on whether or not the requested email address is found to be part of a catch-all mailbox
did_you_mean (did_you_mean) Contains a did-you-mean suggestion in case a potential typo has been detected
disposable (disposable) Returns true or false depending on whether or not the requested email address is a disposable email address. (e.g. [email protected])
Returns true or false depending on whether or not the requested email address is a disposable email address. (e.g. [email protected])
domain (domain) Returns the domain of the requested email address. (e.g. company.com in [email protected])
email (email) Contains the exact email address requested
format_valid (format_valid) Returns true or false depending on whether or not the general syntax of the requested email address is valid
free (free) Returns true or false depending on whether or not the requested email address is a free email address. (e.g. [email protected], [email protected])
mx_found (mx_found) Returns true or false depending on whether or not MX-Records for the requested domain could be found
role (role) Returns true or false depending on whether or not the requested email address is a role email address. (e.g. [email protected], [email protected])
score (score) Returns a numeric score between 0 and 1 reflecting the quality and deliverability of the requested email address.
smtp_check (smtp_check) Returns true or false depending on whether or not the SMTP check of the requested email address succeeded
user (user) Returns the local part of the request email address. (e.g. paul in [email protected])

MailBoxLayer/Email method

Validates and verifies an email address in order to determine deliverability and quality.

Inputs Description
Token (is required) To use the Mailboxlayer API, you must have an API key.
Email (is required) Email to check
Outputs Description
can_connect_smtp (can_connect_smtp) True if it is possible to connect to SMTP
did_you_mean (did_you_mean) Contains a did-you-mean suggestion in case a potential typo has been detected
domain (domain) Returns the domain of the requested email address. (e.g. company.com in [email protected])
email (email) Contains the exact email address requested
free (free) Returns true or false depending on whether or not the requested email address is a free email address. (e.g. [email protected], [email protected])
is_catch_all (is_catch_all) Returns true or false depending on whether or not the requested email address is found to be part of a catch-all mailbox
is_deliverable (is_deliverable) True if the email is deliverable, otherwise false
is_disabled (is_disabled) True if the email is disabled, otherwise false
is_disposable (is_disposable) True if the email is disposable, otherwise false
is_inbox_full (is_inbox_full) True if the inbox is full, otherwise false
is_role_account (is_role_account) True if it is role account, otherwise false
mx_records (mx_records) True if it has MX Records
score (score) Returns a numeric score between 0 and 1 reflecting the quality and deliverability of the requested email address
syntax_valid (syntax_valid) True if the syntax of mail correct, otherwise false
user (user) Returns the local part of the request email address. (e.g. paul in [email protected])

Malshare

Malshare/Get List method

List hashes from the past 24 hours in JSON Format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
values (values) The results of the API call

Malshare/List Hashes for a Specific Format method

List MD5/SHA1/SHA256 hashes of a specific type from the past 24 hours, in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Type (is required) Type of file
Outputs Description
values (values) The results of the API call

Malshare/File Types and Count method

Get list of file types & count from the past 24 hours, in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
Android (Android) The number of Android files detected in the last 24 hours
ASCII (ASCII) The number of ASCII files detected in the last 24 hours
Bourne (Bourne) The number of Bourne files detected in the last 24 hours
Composite (Composite) The number of Composite files detected in the last 24 hours
Dalvik (Dalvik) The number of Dalvik files detected in the last 24 hours
data (data) The number of data files detected in the last 24 hours
DOS (DOS) The number of DOS files detected in the last 24 hours
ELF (ELF) The number of ELF files detected in the last 24 hours
Hitachi (Hitachi) The number of Hitachi files detected in the last 24 hours
HTML (HTML) The number of HTML files detected in the last 24 hours
Java (Java) The number of Java files detected in the last 24 hours
JPEG (JPEG) The number of JPEG files detected in the last 24 hours
Little (Little) The number of Little files detected in the last 24 hours
MS-DOS (MS-DOS) The number of MS-DOS files detected in the last 24 hours
PDF (PDF) The number of PDF files detected in the last 24 hours
PE32+ (PE32_plus) The number of PE32+ files detected in the last 24 hours
PE32 (PE32) The number of PE32 files detected in the last 24 hours
PNG (PNG) The number of PNG files detected in the last 24 hours
RAR (RAR) The number of RAR files detected in the last 24 hours
Rich (Rich) The number of RIFF files detected in the last 24 hours
RIFF (RIFF) The number of RIFF files detected in the last 24 hours
TrueType (TrueType) The number of TrueType files detected in the last 24 hours
UTF (UTF) The number of UTF files detected in the last 24 hours
XML (XML) The number of XML files detected in the last 24 hours
Zip (Zip) The number of ZIP files detected in the last 24 hours

Malshare/Stored File Details method

Get stored file details in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Hash (is required) Identify file based on hash
Outputs Description
MD5 (MD5) MD5 of the file
SHA1 (SHA1) SHA1 of the file
SHA256 (SHA256) SHA256 of the file
SSDEEP (SSDEEP) SSDEEP of the file
File Type (F_TYPE) File Type of the file
FILENAMES (FILENAMES) A list of filenames

Malshare/Get Sources method

List of sample sources from the past 24 hours, in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
values (values) The results of the API call

Malshare/Get Search and Query method

Search sample hashes, sources and file names in Raw data format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Query (is required) Search query
Outputs Description
values (values) The results of the API call

Malshare/Get File Names List method

Returns a list of file names from recent uploads.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
values (values) The results of the API call

MetaDefender Cloud

MetaDefender Cloud/API Key Info method

Retrieve information about your apikey such as (but not limited to): max file size, API limits, created date, expiration date, and account nickname.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Maximum Upload File Size (max_upload_file_size) The maximum upload size for files (expressed in MB)
Maximum Archive File size (max_archive_file_size) The maximum upload size for archives (expressed in MB)
Maximum Archive File Number (max_archive_file_number) The maximum number of files contained in an archive
Limit Prevention (limit_prevention) The daily limit of Prevention API calls. The daily limit is reset 24 hours after the first call on a given day.
Limit Reputation (limit_reputation) The daily limit of Reputation API calls. The daily limit is reset 24 hours after the first call on a given day.
Limit Sandbox (limit_sandbox) The daily limit of Sandbox API calls. The daily limit is reset 24 hours after the first call on a given day.
Limit feed (limit_feed) The daily limit of Feed API calls. The daily limit is reset 24 hours after the first call on a given day.
QoS Scan (qos_scan) The selected scan queue, based on the apikey type
Updated at (updated_at) The last date when the apikey information was updated
Created at (created_at) The date when the apikey was created
Portal API Key (portal_api_key) The apikey that has been queried
Source (source) Provides information about the remaining usage limits for an API key. It indicates how many more API requests can be made using the specific API key, helping users manage their resource allocation effectively.
Workflow Rule (workflow_rule) Signifies the defined set of rules or conditions that determine the workflow or sequence of actions that the API key is allowed to perform. This parameter helps manage and control the usage of the API key by specifying the specific actions, restrictions, or processes that can be executed within the given limits.
Votes (votes) Refers to the count or allowance of votes that a user or API key has for certain actions or decisions within the platform.
Vulnerability Submissions (vulnerability_submissions) Number of vulnerability submissions done by the user correlated to the queried apikey
Expiration Date (expiration_date) The expiration date of the apikey. For paid apikeys this date is in the future.
Time interval (time_interval) The duration of time your apikey limit lasts for (daily for most)
Nickname (nickname) The nickname of the user correlated to the queried apikey
Paid User (paid_user) This parameter helps distinguish between paid and free users, potentially affecting usage limits, features, or privileges within the API based on the subscription level.
License Change Note (license_change_note) Informations about the licenses changes
MDC Licence Type (mdc_license_type) Informations about the Modification Detection Code license
SSO User ID (sso_user_id) The SSO user id corresponding to the apikey
User ID (userid) The userid corresponding to the apikey

MetaDefender Cloud/API Key Limits method

Retrieve information about the consumed limits for an apikey.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Reputation API (reputation_api) The consumed Reputation API limits for the apikey
Prevention API (prevention_api) The consumed Prevention API limits for the apikey
Feed API (feed_api) The consumed Feed API limits for the apikey
Download File (download_file) The consumed limits for file downloads for the apikey
Sandbox API (sandbox_api) The consumed Dynamic Analysis API limits for the apikey

MetaDefender Cloud/API Key Scan History method

Retrieve a paginated list of files uploaded by the user in reverse chronological order (newest to oldest).

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
limit How many entries you want to return per request (default is 10000)
offset How many files you want to skip from the latest request (default is 0)
Outputs Description
API Key History (data) The History of API Key

MetaDefender Cloud/API Key Remaining Limits method

Retrieve information about the remaining limits for an apikey.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Reputation API (reputation_api) The remaining Reputation API limits for the apikey
Threat Intel Search API (threat_intel_search_api) The remaining Threat Intel Search API limits for the apikey
Prevention API (prevention_api) The remaining Prevention API limits for the apikey
Download File (download_file) The remaining limits for file downloads for the apikey
Sandbox API (sandbox_api) The remaining Dynamic Analysis API limits for the apikey
Feed API (feed_api) The remaining Feed API limits for the apikey
Throttling Limit (throttling_limit) The remaining Throttling limits for the apikey

MetaDefender Cloud/API Version method

This endpoint shows the current version of the API.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Version (version) The version of the current API

MetaDefender Cloud/Engine Definitions method

Returns a list of active anti-malware engines available, as well as the day and time of the engine definition.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
AegisLab (AegisLab) Engine used for analysis
AhnLab (AhnLab) Engine used for analysis
Antiy (Antiy) Engine used for analysis
Avira (Avira) Engine used for analysis
Bitdefender (Bitdefender) Engine used for analysis
ClamAV (ClamAV) Engine used for analysis
Comodo (Comodo) Engine used for analysis
CrowdStrike Falcon ML (CrowdStrike_Falcon_ML) Engine used for analysis
Cyren (Cyren) Engine used for analysis
Emsisoft (Emsisoft) Engine used for analysis
ESET (ESET) Engine used for analysis
Filseclab (Filseclab) Engine used for analysis
Huorong (Huorong) Engine used for analysis
IKARUS (IKARUS) Engine used for analysis
K7 (K7) Engine used for analysis
Kaspersky (Kaspersky) Engine used for analysis
McAfee (McAfee) Engine used for analysis
Microsoft Defender (Microsoft_Defender) Engine used for analysis
NANOAV (NANOAV) Engine used for analysis
Quick Heal (Quick_Heal) Engine used for analysis
RocketCyber (RocketCyber) Engine used for analysis
Scrutiny (Scrutiny) Engine used for analysis
Sophos (Sophos) Engine used for analysis
TACHYON (TACHYON) Engine used for analysis
Trend Micro (Trend_Micro) Engine used for analysis
Trend Micro HouseCall (Trend_Micro_HouseCall) Engine used for analysis
Varist (Varist) Engine used for analysis
Vir.IT eXplorer (Vir_IT_eXplorer) Engine used for analysis
Vir.IT ML (Vir_IT_ML) Engine used for analysis
VirusBlokAda (VirusBlokAda) Engine used for analysis
Webroot SMD (Webroot SMD) Engine used for analysis
Xvirus Anti-Malware (Xvirus_Anti_Malware) Engine used for analysis
Zillya! (Zillya) Engine used for analysis

MetaDefender Cloud/Latest Clean Hashes method

Sorted chronologically, this feed exposes the latests clean hashes up to 30 days old and is updated continuously. This feed is designed to be used as a live allowlist of hashes to be quarantined.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Page This denotes the page number that the data is on (each page has 1000 entries)
Date Date when the hash was last scanned
Category File type category. When used, only return hashes of this file type
Outputs Description
From (from) Timestamp of the starting point of the data retrieved from the API call.
To (to) Timestamp of the finishing point of the data retrieved from the API call.
Hashes (hashes) The list of hashes of the cleaned files

MetaDefender Cloud/Latest Infected Hashes method

This feed exposes the latest infected hashes up to 30 days old and is updated continuously. This feed is designed to be used as a live blocklist of hashes to be quarantined.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Page This denotes the page number that the data is on (each page has 1000 entries)
Date Date when the hash was last scanned
Category File type category. When used, only return hashes of this file type
Outputs Description
From (from) Timestamp of the starting point of the data retrieved from the API call.
To (to) Timestamp of the finishing point of the data retrieved from the API call.
Hashes (hashes) The list of hashes of the infected files

MetaDefender Cloud/Download Sanitized Files method

Download Sanitized File. The sanitized version of the file is deleted after 24 hours.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Data ID (is required) The dataId assigned to the file that underwent data sanitization
Outputs Description
Sanitized File Path (sanitizedFilePath) The sanitized file
File Expired (file_expired) The sanitized file

MetaDefender Cloud/EXIF Lookup method

Look up the EXIF of a hash by md5, sha1 or sha256. EXIF is an open standard for storing metadata in images, information like date and time when the image was taken, geolocation of device hardware ID.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
EXIF Hash (is required) The MD5, SHA1 or SHA256 hash that you need exif info for
Outputs Description
Megapixels (Megapixels) Provides the resolution information of an image by calculating the total number of pixels in the image.
Image Size (ImageSize) This parameter provides quick insight into the physical size of the image
Chroma Sampling (YCbCrSubSampling) This output parameter that indicates the chroma subsampling scheme used in an images color representation. It determines how color information is sampled and compressed, influencing the images quality and file size.
Color Components (ColorComponents) Provides information about the number and type of color components present in image files metadata. This parameter helps understand the color composition of images and can assist in identifying any anomalies or inconsistencies in color representation within the analyzed images.
Bits Per Sample (BitsPerSample) This output parameter refers to the information about the number of bits used to represent color or grayscale values in an images pixel data. This parameter helps determine the color depth and quality of the image, aiding in image analysis and understanding its visual characteristics
Encoding Process (EncodingProcess) It provides insights into the techniques and algorithms employed during the images creation or modification. This parameter can offer valuable metadata for understanding the images origin and processing history.
Image Height (ImageHeight) Refers to the vertical dimension or height, in pixels, of an image files resolution. This parameter provides essential information about the images size and aspect ratio, aiding in understanding and processing visual content effectively.
Image Width (ImageWidth) This output parameter that provides the width dimension of an image file in pixels. This parameter offers quick access to the images horizontal size, aiding in understanding its visual characteristics and assisting in further analysis or processing.
Y Resolution (YResolution) This output parameter represents the vertical resolution of an image. It indicates the number of pixels per unit of measurement (usually inches or centimeters) along the vertical axis. This parameter helps to determine the images clarity and quality in terms of its vertical detail.
X Resolution (XResolution) This output parameter refers to the horizontal resolution information stored in the Exchangeable Image File Format (EXIF) metadata of an image. This parameter provides details about the number of pixels per unit along the horizontal axis, offering insights into the images quality and dimensions.
Resolution Unit (ResolutionUnit) This output parameter that indicates the unit of measurement used for image resolution information stored in the Exchangeable Image File Format (EXIF) metadata of an image. This parameter helps determine how the resolution values (width and height) of the image should be interpreted and displayed, whether in pixels per inch (PPI) or pixels per centimeter (PPCM).
JFIF Version (JFIFVersion) Refers to the version information associated with the JPEG File Interchange Format (JFIF) used in an image files metadata. This parameter indicates the specific version of the JFIF standard that the image follows, providing insights into the images format and compatibility.
MIME Type (MIMEType) The MIME type provides information about the nature and format of the file, helping to determine how it should be handled or interpreted. This parameter assists in identifying the files content type and guiding appropriate processing or security measures based on the detected MIME type.
File Type Extension (FileTypeExtension) This output parameter refers to the specific file extension associated with the analyzed image or file
File Type (FileType) This output parameter provides information about the specific type or format of the image file being analyzed.
File Size (FileSize) Provides information about the size of the file being analyzed
File Name (FileName) This output parameter represents the name of the file being analyzed.
ExifToolVersion (ExifToolVersion) Version information of the ExifTool software used to extract and process metadata from files

MetaDefender Cloud/PE Info Lookup method

Look up the PE (portable executable file format) info of a hash by MD5, SHA1 or SHA256. With PE info specifications for executable files information like executable headers, section headers, import and export tables, application resources and others can be viewed and analyzed.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
PE Info Hash (is required) The MD5, SHA1 or SHA256 hash that you need PE info for
Outputs Description
Section Headers (section_headers) Metadata and characteristics of the sections within the PE file
Number of relocations (number_of_relocations) This parameter helps analyze potential code modifications or tampering in the file, aiding in identifying suspicious or altered software components
Characteristics (characteristics) Provides key attributes and properties of a Portable Executable (PE) file. These characteristics include information about the files structure, behavior, and capabilities, aiding in the analysis and understanding of the files potential impact on a system
Virtual address (virtual_address) This output parameter represents the memory address where a specific element within a Portable Executable (PE) file is loaded when the file is executed. This parameter provides crucial information about the files internal structure and layout, aiding in understanding how the file functions within a computers memory during runtime
MD5 (md5) Provide the MD5 hash of the PE file being analyzed
Imported Dlls (imported_dlls) Refers to a list of Dynamic Link Libraries (DLLs) that a Portable Executable (PE) file, often an executable or a binary, depends on. These DLLs are external components that the PE file needs to execute properly
Original Filename (original_filename) This information offers insights into the initial name of the file before any potential renaming or modification occurred
Infomartion Comments (comments) Parameter provides supplementary textual notes or comments associated with the version information of a PE file, offering insights into the purpose, updates, or other relevant details about the executable
Product Version (product_version) This data reveals the version of the software or application that created the file, aiding in software identification and compatibility assessment
Company Name (company_name) This parameter provides insight into the company or organization associated with the creation or distribution of the analyzed file, aiding in identifying its source and potential legitimacy.
Product Name (product_name) The name of the product from the version information embedded within a PE file
File Description (file_description) Description of file
OS Version (os_version) This parameter offers insights into the specific version of the operating system for which the PE file was designed, aiding in compatibility and security assessments
Characteristics (characteristics) This parameter offers valuable insights into the structural and operational aspects of the PE file
Machine Type (machine_type) This helps identify the target architecture for which the file is intended, aiding in compatibility and analysis

MetaDefender Cloud/APK Manifest Lookup method

Look up the APK manifest analysis of a hash by MD5, SHA1 or SHA256.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
APK Hash (is required) The MD5, SHA1 or SHA256 hash containing the Android Manifest information
Outputs Description
Version Code (versionCode) This value helps uniquely identify and track different versions of the app, assisting in app management, updates, and compatibility checks.
Version Name (versionName) Refers to a field that specifies the human-readable version of an Android application. It helps users identify and understand the version of the app being analyzed.
Package (package) Refers to the unique identifier assigned to an Android application. This identifier is crucial for distinguishing and managing different apps, aiding in their proper installation, updates, and security assessment.
User Permissions (usesPermissions) A list of permissions requested by an Android app (APK). These permissions indicate what actions or resources the app can access on a users device, helping to assess potential security and privacy risks associated with the apps behavior.
Permissions (permissions) A list of permissions requested by an Android apps APK file. These permissions indicate the actions and resources the app can access on a users device, helping to assess potential security and privacy implications.
Permission Trees (permissionTrees) Refers to a specific output parameter that provides information about hierarchical permission relationships within an Android application (APK). It outlines the permissions requested by the app and their interconnections, helping to understand how different permissions relate to one another in the apps structure.
Permission Groups (permissionGroups) The Sets of permissions within Android apps that share related functionalities.
Minimum SDK Version (minSdkVersion) Indicates the minimum Android operating system version required for the analyzed Android app (APK file) to function correctly.
Target SDK Version (targetSdkVersion) This parameter refers to the designated version of the Android software development kit (SDK) that the Android app is specifically designed to target.
Use features (usesFeatures) This parameter indicates the hardware and software features that an Android application (APK) utilizes or requires to function properly on a device.
Application (application)

MetaDefender Cloud/Scan Reports via Multiple Hashes method

Look up the scan results based on MD5, SHA1, or SHA256 for multiple data hashes.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) A list of hashes what is used to identify files (MD5, SHA1 or SHA256)
Outputs Description
Data (data) The results of the reports

MetaDefender Cloud/Scan Report via Hash method

Retrieve scan reports by looking up a hash using MD5, SHA1 or SHA256.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) The MD5, SHA1 or SHA256 hash you want to look up information for
Outputs Description
Scan History Length (scan_result_history_length) How many historical scan results for a particular file or resource are stored and accessible.
Votes Down (votes_down) The number of the votes from community
Votes Up (votes_up) The number of the votes from community
Threat Name (threat_name) The name of the threat detected
Malware Type (malware_type) Provides essential information gained from analyzing malicious software.
Malware Family (malware_family) This output parameter categorizes specific types of malicious software based on shared characteristics and behaviors
Blocked Reason (blocked_reason) The reason of the block
Progress Percentage (progress_percentage) The progress of the analyses
Informations Result (process_info_result) The action what was taken after the scan of the file
File Size (file_info_file_size) The size of file
File Upload Timestamp (file_info_upload_timestamp) The exact date and time when the file was uploaded to platform
File Type Description (file_info_file_type_description) Descriptive representation of the format of a file
Display Name (file_info_display_name) User-friendly label associated with a particular entity

MetaDefender Cloud/Scan History method

Look up the scan history of a hash by MD5, SHA1, or SHA256 (some scan histories can have hundreds of entries).

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) The MD5, SHA1 or SHA256 hash for the file that you want the scan history for
Limit Pagination - how many entries you want to return
Offset Pagination - how many entries to skip (sorted chronologically)
Outputs Description
Result History (scan_result_history) Scan history of the hash

MetaDefender Cloud/IP Lookup method

Retrieve information about given IP (IPv4 + IPv6) from a CIF server.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
IP (is required) MD5 or SHA256 hash of a submitted file
Outputs Description
IP (address) The IP which is investigated
Start time (lookup_results_start_time) The start time of the investigations
Detected By (lookup_results_detected_by) The number of antiviruses used in scan
Sources (lookup_results_sources) The result of antiviruses used in analysis
Country Name (country_name) The country where the IP originates
City Name (city_name) The city where the IP originates
Subdivisions (city_subdivisions) More details about geolocations

MetaDefender Cloud/IP Bulk Lookup method

Retrieve information about a list of IPs (Pv4/IPv6).

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
IPs (is required) An array of IPs for investigations
Outputs Description
Results (data) The result of the lookup

MetaDefender Cloud/URL Lookup method

Retrieve information about given observable (URL) from a CIF server.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
URL (is required) The URL which is investigated
Outputs Description
URL (address) The URL investigated
Start time (lookup_results_start_time) The start time of the investigation
Detected By (lookup_results_detected_by) The number of antiviruses used in scan
Sources (lookup_results_sources) The result from antiviruses used in analysis

MetaDefender Cloud/URL Bulk Lookup method

Retrieve information about a list of given observables (URLs) from a CIF server.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
URLs (is required) An array of URLs which will be investigated
Outputs Description
Results (data) The results of the lookup

MetaDefender Cloud/Domain Lookup method

Retrieve information about a given fully qualified domain name (FQDN) from a CIF server including but not limited to: provider of the FQDN, a security assessment about the FQDN, and time of detection.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Domain (is required) The investigated domain
Outputs Description
Domain (address) The investigated result
Start time (lookup_results_start_time) The start time of the investigation
Detected By (lookup_results_detected_by) The number of antiviruses used in scan
Sources (lookup_results_sources) The result of antiviruses used in analysis

MetaDefender Cloud/Domain Bulk Lookup method

Retrieve information about a list of fully qualified domain names (FQDNs) from a CIF server including but not limited to: provider of the FQDNs, a security assessment about the FQDNs, and time of detection.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
FQDNs (is required) An array with investigated domain
Outputs Description
Results (data) The result of the lookup

MetaDefender Cloud/File Analysis Data method

Provides file analysis data on hashes (MD5, SHA1, or SHA256). Metadata can include relevant portions of static and dynamic analysis, AV scan information, file sources.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) A hash is used to identify a file (MD5, SHA1 or SHA256)
Outputs Description
MD5 (md5) MD5 of analyzed file
SHA1 (sha1) SHA1 of analyzed file
SHA256 (sha256) SHA256 of analyzed file
First Seen (first_seen) The timestamp when the file was first time seen
Last Seen (last_seen) The timestamp when the file was first last time seen
Update Timestamp (update_timestamp) The timestamp when the previous timestamp was updated
File Info (file_info) Information about the file
File Sources (file_sources) Informations about the file sources
Last Antivirus Scan (last_av_scan) Informations about last antivirus scan
Trust Factor (trust_factor) The value of trust calculated by MetaDegfender
Dynamic Analysis Data (dynamic_analysis_data) The value of Dynamic Analysis Data
Static Analysis Data (static_analysis_data) The value of Static Analysis Data
Network Access Data (network_access_data) The value of Network Access Data
Mutex Data (mutex_data) Informations about mutex
Certificate Data (certificate_data) The timestamp of certificate

MetaDefender Cloud/File Analysis Data Bulk Lookup method

Bulk lookup of file analysis data on hashes (MD5, SHA1, or SHA256). Metadata can include relevant portions of static and dynamic analysis, AV scan information, file sources.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) A hash is used to identify a file (MD5, SHA1 or SHA256)
Outputs Description
Results from analysis (data) The results from analysis

MetaDefender Cloud/Search for Hashes method

Search for hashes using multi-part search criteria.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Greater than (>) (is required) Comparison Operator
Less than (<) (is required) Comparison Operator
File Extension Type (is required) The extension of the file
Standard Threat Name (is required) This parameter refers to the recognized and standardized name given to a specific type of threat or malware
Limit (is required) Maximum Responses Received
Outputs Description
The Hashes resulted from API call (data) The result of the request

MyIp.ms

MyIP.ms/IP Address Information method

Get information about IP addresses.

Inputs Description
IP or Website Name (is required) The IP or Website Name which is investigated
Outputs Description
Query (query) The investigated IP or Domain
Website (website) Full site name
Status (status) The status of the API call
Popularity(popularity) Details about popularity of the investigated IP or Domain
IPv4 Address(ip_address) IPv4 address
IPv6 Address(ipv6_address) IPv6 address
Location(location) The location of the investigated IP or Domain
Reverse DNS(reverse_dns) Details about Reverse DNS
Owners(owners) Details about the owners of the IP or Domain investigated
DNS(dns) A list of multiple DNS servers
IP Change History(ip_change_history) Details about IP changes

Neutrino API

NeutrinoAPI/Domain Lookup method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Host (is required) A domain name, hostname, FQDN, URL, HTML link or email address to lookup
Live For domains that we have never seen before then perform various live checks and realtime reconnaissance.NOTE: this option may add additional non-deterministic delay to the request, if you require consistently fast API response times or just want to check our domain blocklists then you can disable this option
Outputs Description
FQDN (fqdn) The fully qualified domain name (FQDN)
DNS Provider (dns_provider) The primary domain of the DNS provider for this domain
Blocklists (blocklists) An array of strings indicating which blocklist categories this domain is listed on. Current categories are: phishing, malware, spam, anonymizer, nefarious
TLD (tld) The top-level domain (TLD)
Is Adult (is_adult) This domain is hosting adult content such as porn, webcams, escorts, etc
Valid (valid) True if a valid domain was found. For a domain to be considered valid it must be registered and have valid DNS NS records
Is Malicious (is_malicious) Consider this domain malicious as it is currently listed on at least 1 blocklist
Is Governmental (is_gov) Is this domain under a government or military TLD
Is Open Network Information Center (is_opennic) Is this domain under an OpenNIC TLD
Is Subdomain (is_subdomain) Is the FQDN a subdomain of the primary domain
Registar Name (registrar_name) The name of the domain registrar owning this domain

NeutrinoAPI/Email Verify method

SMTP based email address verification. Verify real users and filter out low-quality email addresses.Email verify does everything the Email Validate API does but takes validation one step further and performs a realtime SMTP based lookup. This process is similar to how a real email is delivered, so it can verify if an email would actually make it to the recipient address. Our SMTP process will identify if the username exists at the email service provider and can also check if the domain is setup as a catch-all (will accept mail for any address).

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Email (is required) An email address
Fix Typos Automatically attempt to fix typos in the address
Outputs Description
SMTP Status (smtp_status) The SMTP username verification status for this address:ok - verification was successful, this is a real username that can receive mailabsent - this username or domain is not registered with the email service providerinvalid - not a valid email address, check the domain-status field for specific detailsunresponsive - the mail servers for this domain have repeatedly timed-out or refused multiple connection attemptsunknown - sorry, we could not reliably determine the status of this username
Typos Fixed (typos_fixed) True if any typos have been fixed. The fix-typos option must be enabled for this to work
Domain Error (domain_error) True if this address has any domain name or DNS related errors. Check the domain-status field for the detailed error reason
Verified (verified) True if this email address has passed SMTP username verification. Check the smtp-status and domain-status fields for specific verification details
Is Free Email (is_freemail) True if this address is from a free email provider
Is Disposable (is_disposable) True if this address is a disposable, temporary or darknet related email address
Valid (valid) Is this a valid email address. To be valid an email must have: correct syntax, a registered and active domain name, correct DNS records and operational MX servers
Is Catch All (is_catch_all) True if this email domain has a catch-all policy. A catch-all domain will accept mail for any username so therefor the smtp-status will always be ok
Is deferred (is_deferred) True if the mail server responded with a temporary failure (either a 4xx response code or unresponsive server). You can retry this address later, we recommend waiting at least 15 minutes before retrying
Provider (provider) The domain name of the email hosting provider
Domain (domain) The domain name of this email address
SMTP Response (smtp_response) The raw SMTP response message received during verification
Syntax Error (syntax_error) True if this address has any syntax errors or is not in RFC compliant formatting
Is Personal (is_personal) True if this address likely belongs to a person. False if this is a role based address, e.g. admin@, help@, office@, etc.
Email (email) The complete email address. If you enabled the fix-typos option then this will be the corrected address
MX IP (mx_ip) The first resolved IP address of the primary MX server, may be empty if there are domain errors present

NeutrinoAPI/IP Probe method

Execute a realtime network probe against an IPv4 or IPv6 address.This API will run a series of live network scans and service probes to extract useful details about the host provider.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
IP (is required) IPv4 or IPv6 address
Outputs Description
Region Code (region_code) ISO 3166-2 region code (if detectable)
Country (country) Full country name
Country Code (country_code) ISO 2-letter country code
Provider Domain (provider_domain) The domain name of the provider
City (city) Full city name (if detectable)
VPN Domain (vpn_domain) The domain of the VPN provider (may be empty if the VPN domain is not detectable)
Is VPN (is_vpn) True if this IP ia a VPN
Is Classless Inter-Domain Routing (CIDR) (as_cidr) The autonomous system (AS) CIDR range
Valid (valid) True if this is a valid IPv4 or IPv6 address
Provider Type (provider_type) The detected provider type, possible values are:isp - IP belongs to an internet service provider. This includes both mobile, home and business internet providershosting - IP belongs to a hosting company. This includes website hosting, cloud computing platforms and colocation facilitiesvpn - IP belongs to a VPN providerproxy - IP belongs to a proxy service. This includes HTTP/SOCKS proxies and browser based proxiesuniversity - IP belongs to a university/college/campusgovernment - IP belongs to a government department. This includes military facilitiescommercial - IP belongs to a commercial entity such as a corporate headquarters or company officeunknown - could not identify the provider type
Hostname (hostname) The IPs full hostname (PTR)
Is Bogon (is_bogon) True if this is a bogon IP address such as a private network, local network or reserved address
Provider Description (provider_description) A description of the provider (usually extracted from the providers website)
AS Country Code 3 (as_country_code3) The autonomous system (AS) ISO 3-letter country code
Is V4 Mapped (is_v4_mapped) True if this is a IPv4 mapped IPv6 address
Is ISP (is_isp) True if this IP belongs to an internet service provider. Note that this can still be true even if the provider type is VPN/proxy, this occurs in the case that the IP is detected as both types
AS Description (as_description) The autonomous system (AS) description / company name
As Domains (as_domains) Array of all the domains associated with the autonomous system (AS)
Host Domain (host_domain) The IPs host domain
Is Proxy (is_proxy) True if this IP ia a proxy
ASN (asn) The autonomous system (AS) number
Is V6 (is_v6) True if this is a IPv6 address. False if IPv4

NeutrinoAPI/IP Block List method

The IP Blocklist API will detect potentially malicious or dangerous IP addresses.Use this API for identifying malicious hosts, anonymous proxies, tor, botnets, spammers and more.Block, filter or flag traffic to help reduce attacks on your networks and software stacks. IP addresses are automatically removed from the blocklist after 7 days provided no other malicious activity is detected.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
IP (is required)
VPN Lookup Include public VPN provider IP addresses.NOTE: For more advanced VPN detection including the ability to identify private and stealth VPNs use the IP Probe API
Outputs Description
Is Hijacked (is_hijacked) IP is part of a hijacked netblock or a netblock controlled by a criminal organization
Is Spider (is_spider) IP is running a hostile web spider / web crawler
Is TOR (is_tor) IP is a Tor node or running a Tor related service
Is Dshield (is_dshield) IP has been flagged as a significant attack source by DShield (dshield.org)
Is VPN (is_vpn) IP belongs to a public VPN provider (only set if the vpn-lookup option is enabled)
Is Spyware (is_spyware) IP is involved in distributing or is running spyware
Is VPN (is_vpn) IP belongs to a public VPN provider (only set if the vpn-lookup option is enabled)
Is Spam Bot (is_spam_bot) IP address is hosting a spam bot, comment spamming or any other spamming type software
Blocklists (blocklists) An array of strings indicating which blocklist categories this IP is listed on
Is Bot (is_bot) IP is hosting a malicious bot or is part of a botnet. This is a broad category which includes brute-force crackers
Sensors (sensors) An array of objects containing details on which specific sensors detected the IP
CIDR (cidr) The CIDR address for this listing (only set if the IP is listed)
Is Malware (is_malware) IP is involved in distributing or is running malware
Is Exploit Bot (is_exploit_bot) IP is hosting an exploit finding bot or is running exploit scanning software
Is Proxy (is_proxy) IP has been detected as an anonymous web proxy or anonymous HTTP proxy
Is Listed (is_listed) Is this IP on a blocklist

NeutrinoAPI/Host Reputation method

Check the reputation of an IP address, domain name or URL against a comprehensive list of blacklists and blocklists.The majority of the lists we check are geared towards filtering hosts involved in the sending or operation of spam however some of the lists are more specialized and will list hosts involved in other forms of cybercrime too. These lists are most commonly known as DNSBLs (Domain Name System Blackhole Lists) or RBLs (Real-time Blackhole Lists) and work using DNS based lookups. All DNSBLs have different listing and removal criteria, if you are trying to delist a host youll need to do this directly with the DNSBL operator. You can usually find more details about an active listing in the txt-record response field. If you want to only check some specific DNSBLs you can supply those using the zones option or you can use the list-rating option to check a range of different lists using our built-in rating system.This API currently checks more than 150 different DNSBLs.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Host (is required) An IP address, domain name, FQDN or URL.If you supply a domain/URL it will be checked against the URI DNSBL lists
List Ranting Only check lists with this rating or better
Zones Only check these DNSBL zones/hosts. Multiple zones can be supplied as comma-separated values
Outputs Description
Lists (lists) Array of objects for each DNSBL (Domain Name System Blacklist)

NeutrinoAPI/IP Info method

Get location information about an IP address and do reverse DNS (PTR) lookups.Identify the geolocation of an IP address down to the city level, including the geographic coordinates (latitude, longitude) and detailed locale information. Our geolocation database is continuously updated in realtime as Internet address allocation changes and as new IP ranges come online. The API supports both IPv4 and IPv6.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
IP (is required) IPv4 or IPv6 address
Reverse Lookup Do a reverse DNS (PTR) lookup. This option can add extra delay to the request so only use it if you need it
Outputs Description
Region Code (region_code) ISO 3166-2 region code (if detectable)
Country (country) Full country name
Country Code (country_code) ISO 2-letter country code
City (city) Name of the city (if detectable)
IP (ip) The IP address
Valid (valid) True if this is a valid IPv4 or IPv6 address
Is V4 Mapped (is_v4_mapped) True if this is a IPv4 mapped IPv6 address
Hostname (hostname) The IPs full hostname (only set if reverse-lookup has been used)
Host Domain (host_domain) The IPs host domain (only set if reverse-lookup has been used)
Is Bogon (is_bogon) True if this is a bogon IP address such as a private network, local network or reserved address
Is V6 (is_v6) True if this is a IPv6 address. False if IPv4
Timezone (timezone) Map containing timezone details for the location

NeutrinoAPI/Geocode Address method

Geocode an address, partial address or just the name of a place.Address geocoding is the process of taking a string and attempting to match this with possible real world locations. This is the opposite process of reverse geocoding. Once a location is found you can then retrieve the geographic coordinates as latitude and longitude. If more than one location is found for a given string then results are ordered by most relevant to the original search address and with the highest geographic accuracy.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Address The full address, partial address or name of a place to try and locate. Comma separated address components are preferred.
House Number The house/building number to locate
Street The street/road name to locate
City The city/town name to locate
Country The county/region name to locate
State The state name to locate
Postal Code The postal code to locate
Country Code Limit result to this country (the default is no country bias)
Language Code The language to display results in, available languages are:de, en, es, fr, it, pt, ru, zh
Fuzzy Search If no matches are found for the given address, start performing a recursive fuzzy search until a geolocation is found. This option is recommended for processing user input or implementing auto-complete. We use a combination of approximate string matching and data cleansing to find possible location matches
Outputs Description
Locations (locations) A list of locations that meet the search criteria

NeutrinoAPI/Geocode Reverse method

Convert a geographic coordinate (latitude and longitude) into a real world address.This API is ideal for applications which process raw location data like coordinates obtained from mobile GPS devices. Reverse geocoding is the opposite process of address geocoding, you can get detailed location data right down to a specific building or zoomed out to the street, city or country level.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Latitude (is required) The location latitude in decimal degrees format
Longitude (is required) The location longitude in decimal degrees format
Language code The language to display results in, available languages are:de, en, es, fr, it, pt, ru
Zoom The zoom level to respond with:address - the most precise address availablestreet - the street levelcity - the city levelstate - the state levelcountry - the country level
Outputs Description
Region Code (region_code) The ISO 3166-2 region code for the location
Country (country) The country of the location
Country Code (country_code) The ISO 2-letter country code of the location
Address (address) The complete address using comma-separated values
City (city) The city of the location
Address Components (address_components) The components which make up the address such as road, city, state, etc
Timezone (timezone) Map containing timezone details for the location:
Address Road (address_road) Component which make up the address: road
Address City (address_city) Component which make up the address: city
Address Country (address_county) Component which make up the address: country
Address Suburban (address_suburb) Component which make up the address: suburb
House Number (address_house_number) Component which make up the address: house number
Postal Code (postal_code) The postal code for the location
Found (found) True if these coordinates map to a real location

NeutrinoAPI/Phone Verify method

Make an automated call to any valid phone number and playback a unique security code.Use this API to verify personal details, help reduce fraud and in authentication systems for implementing multi-factor (MFA and 2FA) authentication. Supply your own security code for use in TOTP systems (the most common standard for 2FA implementations) or let us auto generate a secure random code. To then verify a delivered code you can either implement this on your side or use use the verify security code endpoint.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Number (is required) The phone number to send the verification code to
Code Length The number of digits to use in the security code (between 4 and 12)
Security Cod Pass in your own security code. This is useful if you have implemented TOTP or similar 2FA methods. If not set then we will generate a secure random code
Playback Delay The delay in milliseconds between the playback of each security code
Country Code ISO 2-letter country code, assume numbers are based in this country.If not set numbers are assumed to be in international format (with or without the leading + sign)
Language Code The language to playback the verification code in, available languages are:de - Germanen - Englishes - Spanishfr - Frenchit - Italianpt - Portugueseru - Russian
Limit Limit the total number of calls allowed to the supplied phone number, if the limit is reached within the TTL then error code 14 will be returned
Limit TTL Set the TTL in number of days that the limit option will remember a phone number (the default is 1 day and the maximum is 365 days)
Outputs Description
Security Code (security_code) The security code generated, you can save this code to perform your own verification or you can use the Verify Security Code API
Calling (calling) True if the call is being made now
Number Valid (number_valid) The security code generated, you can save this code to perform your own verification or you can use the Verify Security Code API

NeutrinoAPI/SMS Verify method

Send a unique security code to any mobile device via SMS.Use this API to verify personal details, help reduce fraud and in authentication systems for implementing multi-factor (MFA and 2FA) authentication. Supply your own security code for use in TOTP (the most common standard for 2FA implementations) or let us auto generate a secure random code. To then verify a delivered code you can either implement this on your side or use use the verify security code endpoint.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Number (is required) The phone number to send a verification code to
Code Length The number of digits to use in the security code (must be between 4 and 12)
Security Cod Pass in your own security code. This is useful if you have implemented TOTP or similar 2FA methods. If not set then we will generate a secure random code
Country Code ISO 2-letter country code, assume numbers are based in this country.If not set numbers are assumed to be in international format (with or without the leading + sign)
Language Code The language to send the verification code in, available languages are:de - Germanen - Englishes - Spanishfr - Frenchit - Italianpt - Portugueseru - Russian
Limit Limit the total number of SMS allowed to the supplied phone number, if the limit is reached within the TTL then error code 14 will be returned
Limit TTL Set the TTL in number of days that the limit option will remember a phone number (the default is 1 day and the maximum is 365 days)
Outputs Description
Security Code (security_code) The security code generated, you can save this code to perform your own verification or you can use the Verify Security Code API
Sent (sent) True if the SMS has been sen
Number Valid (number_valid) True if this a valid phone number

NeutrinoAPI/HLR Lookup method

Connect to the global mobile cellular network and retrieve the status of a mobile device.The home location register (HLR) is a central database that contains details of each mobile phone subscriber connected to the global mobile network. You can use this API to validate that a mobile number is live and registered on a mobile network in real-time. Find out the carrier name, ported number status and fetch up-to-date device status.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Number (is required) A phone number
Country Code ISO 2-letter country code, assume numbers are based in this country.If not set numbers are assumed to be in international format (with or without the leading + sign)
Outputs Description
Country (country) The phone number country
Is Ported (is_ported) Has this number been ported to another network
Country Code (country_code) ISO 4217 currency code associated with the country
Mobile Network Code (mnc) The mobile MNC number (Mobile Network Code)
Mobile Country Code (mcc) The mobile MCC number (Mobile Country Code)
Number Type (number_type) The number type, possible values are:mobilefixed-linepremium-ratetoll-freevoipunknown
International Number (international_number) The number represented in full international format
Origin Network (origin_network) The origin network/carrier name
Roaming Country Code (roaming_country_code) If the number is currently roaming, the ISO 2-letter country code of the roaming in country
International Mobile Subscriber Identity (imsi) The mobile IMSI number (International Mobile Subscriber Identity)
Local Number (local_number) The number represented in local dialing format
HLR Status (hlr_status) The HLR lookup status, possible values are:ok - the HLR lookup was successful and the device is connectedabsent - the number was once registered but the device has been switched off or out of network range for some timeunknown - the number is not known by the mobile networkinvalid - the number is not a valid mobile MSISDN numberfixed-line - the number is a registered fixed-line not mobilevoip - the number has been detected as a VOIP linefailed - the HLR lookup has failed, we could not determine the real status of this number
HLR Valid (hlr_valid) Was the HLR lookup successful. If true then this is a working and registered cell-phone or mobile device (SMS and phone calls will be delivered)
Current Network (current_network) The currently used network/carrier name
Location (location) The number location. Could be a city, region or country depending on the type of number
International Calling Code (international_calling_code) The international calling code
Ported Network (ported_network) The ported to network/carrier name (only set if the number has been ported)
Is mobile (is_mobile) True if this is a mobile number (only true with 100% certainty, if the number type is unknown this value will be false)

NeutrinoAPI/BIN Lookup method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Bin Number The BIN or IIN number. This is the first 6, 8 or 10 digits of a card number, use 8 (or more) digits for the highest level of accuracy
Customer IP Pass in the customers IP address and we will return some extra information about them
Outputs Description
Country (country) The full country name of the issuer
Country Abbreviation 2 (country_code) The ISO 2-letter country code of the issuer
Card Brand (card_brand) The card brand (e.g. Visa or Mastercard)
IP City (ip_city) The city of the customers IP (if detectable)
IP Blacklists (ip_blocklists) An array of strings indicating which blocklists this IP is listed on
IP Country Code 3 (ip_country_code3) The ISO 3-letter country code of the customers IP
Is Commercial (is_commercial) Is this a commercial/business use card
IP Country (ip_country) The country of the customers IP
Bin Number (bin_number) The BIN or IIN number
Issuer (issuer) The card issuer
Valid (valid) Is this a valid BIN or IIN number
Card Type (card_type) The card type, will always be one of: DEBIT, CREDIT, CHARGE CARD
Is Prepaid (is_prepaid) Is this a prepaid or prepaid reloadable card
IP Blacklisted (ip_blocklisted) True if the customers IP is listed on one of our blocklists
Card Category (card_category) The card category. There are many different card categories the most common card categories are: CLASSIC, BUSINESS, CORPORATE, PLATINUM, PREPAID
Issuer Phone (issuer_phone) The card issuers phone number
IP Matches BIN (ip_matches_bin) True if the customers IP country matches the BIN country
Country Abbreviations 3 (country_code3) The ISO 3-letter country code of the issuer

NeutrinoAPI/Currency Convert method

A currency and unit conversion tool.Convert between currency, cryptocurrency and various other units using an up-to-date data feed.All major currencies are updated every 15 minutes with exchange rates aggregated from multiple international exchanges and averaged out.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Value to convert (is required) The value to convert from (e.g. 10.95)
Convert From The type of the value to convert from (e.g. USD)
Convert To The type to convert to (e.g. EUR)
Outputs Description
Result (result) The result of the conversion in string format
Convert To (to_type)
Value to convert (from_value)
Convert From (from_type)
Result Float (result_float) The result of the conversion as a floating-point number

NeutrinoAPI/Browser Bot method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
URL (is required) The URL to load
Timeout Timeout in seconds. Give up if still trying to load the page after this number of seconds
Delay Delay in seconds to wait before capturing any page data, executing selectors or JavaScript
Selector Extract content from the page DOM using this selector. Commonly known as a CSS selector
Exec Execute JavaScript on the website. This parameter accepts JavaScript as either a string containing JavaScript or for sending multiple separate statements a JSON array or POST array can also be used. If a statement returns any value it will be returned in the exec-results response. You can also use the following specially defined user interaction functions:sleep(seconds); Just wait/sleep for the specified number of seconds.click(selector); Click on the first element matching the given selector.focus(selector); Focus on the first element matching the given selector.keys(characters); Send the specified keyboard characters. Use click() or focus() first to send keys to a specific element.enter(); Send the Enter key.tab(); Send the Tab key.
User Agent Override the browsers default user-agent string with this one
Ignore Certificate Errors Ignore any TLS/SSL certificate errors and load the page anyway
Outputs Description
Security Details (security_details) Map containing details of the TLS/SSL setup
Exec Results (exec_results) If you executed any JavaScript this array holds the results as objects
Server IP (server_ip) The HTTP servers IP address
Elements (elements) Array containing all the elements matching the supplied selector.Each element object will contain the text content, HTML content and all current element attributes
Is HTTP Ok (is_http_ok) True if the HTTP status is OK (200)
Is HTTP Redirect (is_http_redirect) True if the URL responded with an HTTP redirect

NeutrinoAPI/URL Info method

Parse, analyze and retrieve content from the supplied URL.Determine if a URL is well-formed and actually hosting real content. Determine many of the URLs properties such as its current HTTP status, content size, type, encoding and load time. You can also use this API to fetch the actual URL response data for further processing or storage.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
URL (is required) The URL to probe
Fetch Content If this URL responds with html, text, json or xml then return the response. This option is useful if you want to perform further processing on the URL content (e.g. with the HTML Extract or HTML Clean APIs)
Ignore Certificate Errors Ignore any TLS/SSL certificate errors and load the URL anyway
Timeout Timeout in seconds. Give up if still trying to load the URL after this number of seconds
Retry If the request fails for any reason try again this many times
Outputs Description
HTTP Redirect (http_redirect) True if this URL responded with an HTTP redirect
Server IP (server_ip) True if this URL responded with an HTTP redirect
Title (title) The document title
Server Name (server_name) The name of the server software hosting this URL
Valid (valid) Is this a valid well-formed URL
Server Country Cod (server_country_cod) The servers IP geo-location: ISO 2-letter country code
Server Region (server_region) The servers IP geo-location: full region name (if detectable)
Server Hostname (server_hostname) The servers hostname (PTR record)
URL Protocol (url_protocol) The URL protocol, usually http or https
URL Port (url_port) The URL port

NeutrinoAPI/Email Validate method

Parse, validate and clean an email address.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Email (is required) An email address
Fix Typos Automatically attempt to fix typos in the address
Outputs Description
Valid (valid) Is this a valid email address. To be valid an email must have: correct syntax, a registered and active domain name, correct DNS records and operational MX servers
Provider (provider) The domain name of the email hosting provider
Typos Fixed (typos_fixed) The complete email address. If you enabled the fix-typos option then this will be the corrected address
Domain Error (domain_error) True if this address has any domain name or DNS related errors. Check the domain-status field for the detailed error reason
Domain (domain) The domain name of this email address
Is Free Email (is_freemail) True if this address is from a free email provider
Syntax Error (syntax_error) True if this address has any syntax errors or is not in RFC compliant formatting
Is disposable (is_disposable) True if this address is a disposable, temporary or darknet related email address
Is personal (is_personal) True if this address likely belongs to a person. False if this is a role based address, e.g. admin@, help@, office@, etc.

NeutrinoAPI/Phone Validate method

Parse, validate and get location information about a phone number.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Number (is required) A phone number. This can be in international format (E.164) or local format. If passing local format you must also set either the country-code OR ip options as well
Country Code ISO 2-letter country code, assume numbers are based in this country. If not set numbers are assumed to be in international format (with or without the leading + sign)
IP Pass in a users IP address and we will assume numbers are based in the country of the IP address
Outputs Description
Valid (valid) Is this a valid phone number
Country (country) The phone number country
Country Abbreviation 2 Letters (country_code) The phone number country as an ISO 2-letter country code
Prefix Network (prefix_network) The network/carrier who owns the prefix (this only works for some countries, use HLR lookup for global network detection)
International Number (international_number) The number represented in full international format (E.164)
Location (location) The phone number location. Could be the city, region or country depending on the type of number
Local Number (local_number) The number represented in local dialing format
Type (type) The number type based on the number prefix.Possible values are:mobilefixed-linepremium-ratetoll-freevoipunknown (use HLR lookup)
Currency Code (currency_code) ISO 4217 currency code associated with the country
International Calling Code (international_calling_code) The international calling code
Is Mobile (is_mobile) True if this is a mobile number. If the number type is unknown this value will be false
Country Abbreviation 3 Letters (country_code3) The phone number country as an ISO 3-letter country code

NeutrinoAPI/User Agent Lookup method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
UA (is required) The user-agent string to lookup. For client hints use the UA header or the JSON data directly from navigator.userAgentData.brands or navigator.userAgentData.getHighEntropyValues()
UA Version For client hints this corresponds to the UA-Full-Version header or uaFullVersion from NavigatorUAData
UA Platform For client hints this corresponds to the UA-Platform header or platform from NavigatorUAData
UA Platform Version For client hints this corresponds to the UA-Platform-Version header or platformVersion from NavigatorUAData
UA Mobile For client hints this corresponds to the UA-Mobile header or mobile from NavigatorUAData
Device Model For client hints this corresponds to the UA-Model header or model from NavigatorUAData.You can also use this parameter to lookup a device directly by its model name, model code or hardware code, on android you can get the model name from: https://developer.android.com/reference/android/os/Build.html#MODEL
Device Brand This parameter is only used in combination with device-model when doing direct device lookups without any user-agent data. Set this to the brand or manufacturer name, this is required for accurate device detection with ambiguous model names. On android you can get the device brand from: https://developer.android.com/reference/android/os/Build#MANUFACTURER
Outputs Description
Device Model (device_model) The device model
OS (os) The full operating system name
Device Brand (device_brand) The device brand / manufacturer
Browser Release (browser_release) If the client is a web browser which year was this browser version released
OS Family (os_family) The operating system family. The major OS families are: Android, Windows, macOS, iOS, Linux
Device Pixel Ration (device_pixel_ratio) The device display pixel ratio (the ratio of the resolution in physical pixels to the resolution in CSS pixels)
Device Height Px (device_height_px) The device display height in CSS px
UA (ua) The user agent string
Type (type) The user agent type, possible values are:desktopphonetabletwearabletvconsoleemaillibraryrobotunknown
Device PPI (device_ppi) The device display PPI (pixels per inch)
Version (version) The client software full version
Version Major (version_major) The client software major version
OS Version Major (os_version_major) The operating system major version
Browser Engine (browser_engine) If the client is a web browser which underlying browser engine does it use
Device Model Code (device_model_code) The device model code
OS Version (os_version) The operating system full version
Device Release (device_release) The year when this device model was released
Name (name) The client software name
Is Webview (is_webview) Is this a WebView / embedded software client
Is Mobile (is_mobile) Is this a mobile device (e.g. a phone or tablet)

NeutrinoAPI/Bad Word Filter method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Content (is required) The content to scan. This can be either a URL to load from, a file upload (multipart/form-data) or an HTML content string
Censor Character The character to use to censor out the bad words found
Catalog hich catalog of bad words to use, we currently maintain two bad word catalogs:strict - the largest database of bad words which includes profanity, obscenity, sexual, rude, cuss, dirty, swear and objectionable words and phrases. This catalog is suitable for environments of all ages including educational or childrens contentobscene - like the strict catalog but does not include any mild profanities, idiomatic phrases or words which are considered formal terminology. This catalog is suitable for adult environments where certain types of bad words are considered OK
Outputs Description
Censored Content (censored_content) The censored content (only set if censor-character has been set)
Bad Words Total (bad_words_total) Total number of bad words detected
Bad Words List (bad_words_list) An array of the bad words found

OCR

OCR/Image Conversion from URL method

Convert a image from an URL.

Inputs Description
Token (is required) To use the OCR API, you must have an API key
Language Language used for OCR
Required Overlay If true, returns the coordinates of the bounding boxes for each word. If false, the OCRed text is returned only as a text block (this makes the JSON reponse smaller). Overlay data can be used, for example, to show text over the image
URL The URL from where it is retrieved the image
Create Searchable PDF Default = FalseIf true, API generates a searchable PDF. This parameter automatically sets isOverlayRequired = true
Hide Text Layer Searchable PDF Default = False. If true, the text layer is hidden (not visible)
File Type Overwrites the automatic file type detection based on content-type. Supported image file formats are png, jpg (jpeg), gif, tif (tiff) and bmp. For document ocr, the api supports the Adobe PDF format. Multi-page TIFF files are supported
Outputs Description
Parsed Results (ParsedResults) The OCR results for the image or for each page of PDF. For PDF: Each page has its own OCR result and error message (if any)
Is Error Processing (IsErroredOnProcessing) True if the API call was successful, otherwise false

OCR/PDF Conversion from URL method

Convert a PDF from a URL.

Inputs Description
Token (is required) To use the OCR API, you must have an API key.
URL The URL from where it is converted the pdf
Create Searchable PDF Default = FalseIf true, API generates a searchable PDF. This parameter automatically sets isOverlayRequired = true.
Hide Text Layer Searchable PDF Default = False. If true, the text layer is hidden (not visible)
File Type Overwrites the automatic file type detection based on content-type. Supported image file formats are png, jpg (jpeg), gif, tif (tiff) and bmp. For document ocr, the api supports the Adobe PDF format. Multi-page TIFF files are supported.
Outputs Description
Parsed Results (ParsedResults) The OCR results for the image or for each page of PDF. For PDF: Each page has its own OCR result and error message (if any)
Is Error Processing (IsErroredOnProcessing) True if the API call was successful, otherwise false

OCR/Image Conversion from BASE64 method

Convert a image from an BASE64 String.

Inputs Description
Token (is required) To use the OCR API, you must have an API key.
URL The BASE64 string from where it is converted the image
Create Searchable PDF Default = FalseIf true, API generates a searchable PDF. This parameter automatically sets isOverlayRequired = true.
Hide Text Layer Searchable PDF Default = False. If true, the text layer is hidden (not visible)
File Type Overwrites the automatic file type detection based on content-type. Supported image file formats are png, jpg (jpeg), gif, tif (tiff) and bmp. For document ocr, the api supports the Adobe PDF format. Multi-page TIFF files are supported.
Outputs Description
Parsed Results (ParsedResults) The OCR results for the image or for each page of PDF. For PDF: Each page has its own OCR result and error message (if any)
Is Error Processing (IsErroredOnProcessing) True if the API call was successful, otherwise false

OCR/Searchable PDF Creation from Image method

Create Searchable PDF from image.

Inputs Description
Token (is required) To use the OCR API, you must have an API key
Language Language used for OCR
Required Overlay If true, returns the coordinates of the bounding boxes for each word. If false, the OCRed text is returned only as a text block (this makes the JSON reponse smaller). Overlay data can be used, for example, to show text over the image
URL The image from where it is created Searchable PDF
Create Searchable PDF Default = FalseIf true, API generates a searchable PDF. This parameter automatically sets isOverlayRequired = true
Hide Text Layer Searchable PDF Default = False. If true, the text layer is hidden (not visible)
File Type Overwrites the automatic file type detection based on content-type. Supported image file formats are png, jpg (jpeg), gif, tif (tiff) and bmp. For document ocr, the api supports the Adobe PDF format. Multi-page TIFF files are supported.
Outputs Description
Parsed Results (ParsedResults) The OCR results for the image or for each page of PDF. For PDF: Each page has its own OCR result and error message (if any)
Is Error Processing (IsErroredOnProcessing) True if the API call was successful, otherwise false

Phishing Initiative

Phishing Initiative/URL Reputation Retrieval method

Retrieving the reputation of a URL that you have specified.

Inputs Description
Token (is required) To use the PhishingInitiative API, you must have an API key.
URL (is required) The URL that is being searched
Outputs Description
values (values) The results of the API call

RIPEstat

RIPEstat/Internet Number Resource Abuse Contact Information Retrieval method

This data calls primary goal is to return abuse contact information for an Internet number resource.

Inputs Description
Resource (is required) This is the resource the query is based on.
Outputs Description
Data (data) The results of the API call

RIPEstat/Address Space Usage Hierarchy method

This data call returns address space objects (inetnum or inet6num) from the RIPE Database related to the queried resource.

Inputs Description
Resource (is required) The prefix or IP range the address space hierarchy should be returned for.
Outputs Description
Data (data) The results of the API call

RIPEstat/Address Space Usage method

This data call displays the usage of a prefix or IP range based on the objects currently in the RIPE database.

Inputs Description
Resource (is required) States the prefix or IP range the address space usage should be returned for
Outputs Description
Data (data) The results of the API call

RIPEstat/Location History method

This data call returns information supplied by IANA and RIRs for allocations and direct assignments of prefixes and AS numbers of time.

Inputs Description
Resource (is required) This is the resource the query is based on.
Start Time Defines the starttime for the query
End Time Defines the endtime for the query
Outputs Description
Data (data) The results of the API call

RIPEstat/Announced IP Prefixes by ASN Retrieval method

This API request provides a list of announced IP prefixes associated with a given ASN. The results can be filtered based on a specific time frame if desired.

Inputs Description
Resource (is required) The Autonomous System Number for which to return prefixes.
Start Time The start time for the query.
End Time The end time for the query.
Minimum Peers Seeing Minimum number of RIS peers seeing the prefix for it to be included in the results. Excludes low-visibility/localized announcements
Outputs Description
Data (data) The results of the API call

RIPEstat/ASN Overview Retrieval method

This data call provides an overview of an ASN, including its announcement status and the name of its holder based on the WHOIS service.

Inputs Description
Resource (is required) States the as you want to get the resource info for
Outputs Description
Data (data) The results of the API call

RIPEstat/AS-Path Metrics Retrieval method

This data call retrieves AS-path metrics for the queried ASN, such as the shortest or longest AS-path to other ASNs that we are peering with.

Inputs Description
Resource (is required) AS number to query
Sort By Sort by the given field. In the case of geo, sort by approximating a world map on to a circle.
Outputs Description
Data (data) The results of the API call

RIPEstat/ASN Registration Consistency Check method

This data call examines the consistency between the registration information for an ASN in the internet routing registry (IRR) and what is observed in RIS BGP tables.

Inputs Description
Resource (is required) The ASN to query
Outputs Description
Data (data) The results of the API call

RIPEstat/ASN Network Neighbors Information Retrieval method

This data call provides information on the network neighbors for a given ASN as observed in RIS. It includes statistical information and the list of observed ASN neighbors.

Inputs Description
Resource (is required) The data call will return all neighbours found for this ASN.
Query Time Defines the query time for the query.If not set, the start time will be set to the latest available data point.
Outputs Description
Data (data) The results of the API call

RIPEstat/Historical ASN Neighbors Information Retrieval method

This data call provides information about the neighboring ASNs of a queried ASN, extended with historical data. It includes details about the ASNs that have been observed as neighbors over time.

Inputs Description
Resource (is required) This is the ASN the neighbours are shown for.
Start Time Defines the query starttime for the query
End Time Defines the query endtime for the query
Max Rows Defines the limit of neighbours to be included in the result, e.g. max_rows=50 means the result will be truncated to 50 neighbours. Has not effect if there are less neighbours anyway.
Outputs Description
Data (data) The results of the API call

RIPEstat/Atlas Probes Count by Region/Country/ASN method

This data call provides information on the number of RIPE Atlas probes in a region, a country or network (ASN).

Inputs Description
Resource (is required) Due to the ambigious nature of abbreviated identifiers for regions and countries (e.g. me for Middle East and Montenegro) region and country resources should be prefixes with region_ or cc_.Looking up a network can be specified on the IP version by using the prefix asn4_ for IP v4 networks and asn6_ for IP v6 networks.For mixed results the resources just need to be comma separated
Start Time / End Time Can be used to set the time range of the lookup and the output.
Outputs Description
Data (data) The results of the API call

RIPEstat/Atlas Probes Information Retrieval method

This data call returns information on RIPE Atlas probes in an ASN, a prefix, or a country.

Inputs Description
Resource (is required) Prefix, network (ASN) or country
Outputs Description
Data (data) The results of the API call

RIPEstat/Atlas Measurements Information Retrieval method

This data call provides information on the RIPE Atlas measurements that target an network (ASN), a prefix or a hostname.

Inputs Description
Resource (is required) Prefix, network (ASN) or hostname
Outputs Description
Data (data) The results of the API call

RIPEstat/BGP Route State Retrieval method

This data call delivers the state of BGP routes for a resource as observed by all RIS collectors at a given point in time.

Inputs Description
Resource (is required) Defines the resource that the query is performed for. If a list of resources is supplied, the results will be combined for all of them
Timestamp Defines the time for when to perform the query
RRCs The list of Route Collectors (RRCs) to get the results from
Unix Timestamp If TRUE, will format the timestamps in the result as Unix timestamp
Outputs Description
Data (data) The results of the API call

RIPEstat/BGP Updates Count over Time Retrieval method

The number of BGP updates seen over time is returned by this data request. The aggregated results are shown in time intervals whose length is determined by the input parameters.

Inputs Description
Resource (is required) Defines the resource the query is carried out on
Start Time Defines the starttime for the query
End Time Defines the endtime for the query
Max Samples BGP events are aggregated in to at most this number of sampling periods
Minimum Sampling Period The smallest possible time period for each interval. It will be automatically increased to satisfy max_samples
Number of Hours Number of hours to look back. If no starttime and endtime are provided this parameter will be used to calculate starttime from the deafult endtime (which is now).
Hide Empty Samples If true (default) then samples with 0 updates will not be returned - they are simply implied by the returned query_startendtime/query_endtime.
Outputs Description
Data (data) The results of the API call

RIPEstat/BGP Updates Retrieval method

This data call returns the BGP updates for a resource over a specified time period.

Inputs Description
Resource (is required) Defines the resource that the query is performed for. If a list of resources is supplied, the results will be combined for all of them.
Start Time Defines the starttime for the query
End Time Defines the endtime for the query
RRCs The list of Route Collectors (RRCs) to get the results from
Unix Timestamps If TRUE, will format the timestamps in the result as Unix timestamp.
Outputs Description
Data (data) The results of the API call

RIPEstat/BGP Route Changes Over Time Retrieval method

This data call represents the scenario of what occurred to the BGP routes of a resource over a period of time.

Inputs Description
Resource (is required) Defines the resource that the query is performed for. If a list of resources is supplied, the results will be combined for all of them.
Start Time Defines the starttime for the query
End Time Defines the endtime for the query
RRCs The list of Route Collectors (RRCs) to get the results from.
Unix Timestamps If TRUE, will format the timestamps in the result as Unix timestamp.
Outputs Description
Data (data) The results of the API call

RIPEstat/Blocklist Data Retrieval method

This data call returns blocklist related data for a queried resource.

Inputs Description
Resource (is required) States the prefix or IP range you want to get blocklist information for
Start Time Defines the starttime for the query
End Time Defines the endtime for the query
Outputs Description
Data (data) The results of the API call

RIPEstat/Country ASNs Information Retrieval method

This data call returns information on the registered and routed ASNs of a country.

Inputs Description
Resource (is required) The country has to be provided as an ISO-3166-1 alpha-2 country code.
Query Time Defines the time of the lookup. This value needs to be or will be aligned to the RIS dump times!
Level of detail Defines the level of detail in which the data is being returned.Levels are: 0 - Least detailed output 1 - Most detailed output
Outputs Description
Data (data) The results of the API call

RIPEstat/Country Internet Resources Information Retrieval method

This data call returns information about the Internet resources associated with a country, such as ASNs, IPv4 ranges, and IPv4/6 CIDR prefixes.

Inputs Description
Resource (is required) The country to find IP prefixes and AS numbers for.
Time The time to query. By default, returns the latest available data. This value is truncated to midnight
IPv4 Format Describes the formatting for the output of IPv4 space.
Outputs Description
Data (data) The results of the API call

RIPEstat/Country Internet Resources Statistics Retrieval method

This data call returns statistics on Internet resources for a country, this includes:number of ASNs seen in routing data and registration data;number of prefixes in routing data and registration data (split into IPv4 and IPv6);amount of IPv4 space seen in routing data as well as registration data.

Inputs Description
Resource (is required) This is the resource the query is based on.
Start Time Defines the country that the stats are returned for
End Time The end time for the query. See Default Values for Time Parameters for details.
Resolution Possible values: 5m - 5 minutes 1h - 1 hour 1d - 1 day 1w - 1 week
Outputs Description
Data (data) The results of the API call

RIPEstat/Whois Object Last Update Information Retrieval method

This data call returns information of when a certain object was last updated in the whois database.

Inputs Description
Object The exact object to query for
Type Examples: aut-num, inetnum, person, etc
Source RIPE or APNIC
Timestamp Defines the time for which to perform the query
Compare with live When True (default), the version at the last changed time will be compared with the current live object and indicate if its different. This will indicate whether there has been at least one modification between query_time and now.
Outputs Description
Data (data) The results of the API call

RIPEstat/Whois Information Retrieval method

This data call returns whois information from the relevant Regional Internet Registry and Routing Registry.

Inputs Description
Resource (is required) ASN/IPv4/IPv6/IP Range
Outputs Description
Data (data) The results of the API call

RIPEstat/Requester IP Address Retrieval method

This data call returns the IP address of the requester.

Outputs Description
Data (data) The results of the API call

RIPEstat/Resource Visibility in RIS Information Retrieval method

This data call provides information on the visibility of a resource as observed from RIS.

Inputs Description
Resource (is required) This is the resource the query is based on.
Query Time Defines the time of the lookup. This value will be automatically aligned to a RIS colletion time.
Include This parameter defines additional data to be included.peers_seeing includes details on peers that are seeing a resource as only the peers that are not seeing a resource. By default it is not set because the output become significantly bigger.
Outputs Description
Data (data) The results of the API call

RIPEstat/SpeedChecker Bandwidth Measurement Results Retrieval method

This data call provides bandwidth measurement results collected on the SpeedChecker platform.

Inputs Description
Resource (is required) At this moment the data call only supports prefixes but aggregations for ASNs and countries is planned.
Start Time / End Time The start/end time defining the upper and lower boundary of the lookup.
Outputs Description
Data (data) The results of the API call

RIPEstat/Related Resource Examples Retrieval method

This data call returns example resource that are directly or indirectly related to the given input.

Inputs Description
Resource (is required) This is the resource the query is based on.
Limit Defines how many suggestions are returned per category
Outputs Description
Data (data) The results of the API call

RIPEstat/RIS Collector Node Information Retrieval method

This data call provides (meta) information on collector nodes (RRCs) of the RIS network.

Outputs Description
Data (data) The results of the API call

RIPEstat/RPKI Validity State Lookup method

This data call returns the RPKI validity state for a combination of prefix and Autonomous System. This combination will be used to perform the lookup against the RPKI validator Routinator, and then return its RPKI validity state.

Inputs Description
Resource (is required) The ASN used to perform the RPKI validity state lookup.
Prefix (is required) The prefix to perform the RPKI validity state lookup. Note the prefixs length is also taken from this field.
Outputs Description
Data (data) The results of the API call

RIPEstat/VRP Count Time-Series Retrieval method

This data call returns a time-series with the count of VRPs (Validated ROA Payload) for the requested resource.

Inputs Description
Resource (is required) The resource to query for. The query returns only matches, for each case:Prefix: those VRPs which have an exact matching prefixASN: those VRPs which have a matching origin.Country code: those VRPs which are registered under a certain country (according to delegated files).Trust anchor: those VRPs which have ROAs under a certain trust anchor.
Delegated If present, the response will include registration information for that resource.
Family IP address family to filter for
Resolution Time bin to group the result by. All values except d will return a response with min, avg, max, first, last, and samples.This option doesnt apply when using include=ranges.
Include count: return the count of VRPs for the queried resource.ranges: the VRPs related to the queried resource, in the form of time ranges.
Outputs Description
Data (data) The results of the API call

RIPEstat/Current BGP Routing State Summary Retrieval method

This data call returns a summary of the current BGP routing state of a given IP prefix or ASN, as observed by the RIS route collectors.

Inputs Description
Resource (is required) The resource to query. This is a prefix (v4/v6), IP address or AS number
Timestamp Defines the time of the lookup. This value will be automatically aligned to a RIS collection time.
Minimum Peers Seeing Minimum number of peers seeing the route for it to be included in the results. Excludes low-visibility/localized announcements.
Outputs Description
Data (data) The results of the API call

RIPEstat/Prefix Announcement History Retrieval method

This data call shows the history of announcements for prefixes, including the origin ASN and the first hop.

Inputs Description
Resource (is required) The resource to query. This is a prefix (v4/v6), IP address or AS number.
Maximum Rows The maximum number of routes to return. This is a soft limit: all recorded routes for each origin ASN are returned, but when the row limit is reached no more origins will be returned.
Include First Hop Include the first hop ASN in the route, instead of just the origin ASN
Visibility Add a visibility field to each timeline indicating the visibility of the route (according to RIS) at that point in time. The visibility is computed as the peers_seeing divided by the number of RIS full table peers at the time.
Minimum Peers Minimum number of full-feed RIS peers seeing the route for the segment to be included in the results. Excludes low-visibility/localized announcements.
Start Time Defines the starttime for the query
End Time Defines the endtime for the query
Outputs Description
Data (data) The results of the API call

This data call provides information on prefixes related to an ASN. The data call distinguishes prefixes in the originated and transited ASN.

Inputs Description
Resource (is required) The ASN to be looked up.
Query Time Defines the time of the lookup. This value needs to be aligned to the RIS dump times!
List of Prefixes If true, the data call will return all prefixes and not only the total counts. This might be further separated into originating and transiting.
Types o will show originating prefixes and t transiting. The combination shows both, which is the default.
Filter Address Family This parameter lets you filter the address family: v4 shows only IPv4 and v6 only IPv6.
Noise Noise refers to routed prefixes that are either coming from private IP space, single IP addresses or the entire IP space (/0). filter will remove these prefixes from the output, keep will not remove any prefixes.
Outputs Description
Data (data) The results of the API call

RIPEstat/RIS Peers Information by RIS Collectors Retrieval method

This data call provides information on the peers of RIS - ASN, IP address and number of shared routes. The data is grouped by RIS collectors.

Inputs Description
Query Time Defines the time of the lookup. This value will be automatically aligned to a RIS collection time.
Outputs Description
Data (data) The results of the API call

RIPEstat/NCC Route Collectors Route Advertisements Retrieval method

This data call returns routes for advertisements of a given IP resource, or that are originated from a given ASN, as seen by the RIPE NCC route collectors.

Inputs Description
Resource (is required) This is the resource the query is based on.
Query Time Defines the time of the lookup. This value will be automatically aligned to a RIS collection time.
Outputs Description
Data (data) The results of the API call

RIPEstat/Number of Peers in RIS Information Retrieval method

This data call provides information on the number of peers as seen by RIS.

Inputs Description
Start Time / End Time Defines the start and end time for the query window
IPv4 / IPv6 Thresholds Defines the thresholds (IPv4 and IPv6) used to calculate the number of full-table peers.
Outputs Description
Data (data) The results of the API call

RIPEstat/BGP Full-Table Peer Cut-Off Threshold Retrieval method

This data call provides the cut-off threshold for the number of prefixes that a BGP full-table peer requires to have. Peers to RIS that share less than this amount of prefixes are not considered full-table peers and hence are not considered in calculations like routing visibility. The threshold is obviously different between address families (IPv4 and IPv6) and time. For this reason the data call also supports historical lookups.

Inputs Description
Query Time Defines the time of the lookup. This value needs to be aligned to the RIS dump times (00:00, 08:00, 16:00) and will automatically be adjusted.
Outputs Description
Data (data) The results of the API call

RIPEstat/Prefix/ASN First and Last Seen in RIS Data Retrieval method

This data call provides information on when a prefix or ASN was first and last seen in RIS data.

Inputs Description
Resource (is required) A prefix or ASN to be looked up.The output for ASNs distinguishes between how an ASN has been seen in RIS. This can be as either originating or not. Originating has the type set to o
Include Additional Data This parameter defines additional data to be included.more_specific includes more specific IP ranges, which only works for prefix lookups. By default more_specific is not set as it makes the lookup slower.low_visibility_flag includes the flag to indicate low visibility. By default it is not included.
Outputs Description
Data (data) The results of the API call

RIPEstat/High-Level ASN Information in RIS Retrieval method

This data call provides high-level information on ASNs in RIS.

Inputs Description
List ASN If true, the data call will return a list of all ASNs. This might be further separated into originating and transiting.
Query Time Defines the time of the lookup. This value needs to be aligned to the RIS dump times!
ASN Types o stands for originating and will show originating ASNs separately. t does the same for transiting ASNs (keep in mind the definition of a transit in this case).
Outputs Description
Data (data) The results of the API call

RIPEstat/Geographical Information Retrieval based on RIR Statistics method

This data call returns geographical information for Internet resources based on RIR Statistics data.

Inputs Description
Resource (is required) Defines the resource to be queried. For IP resource the result might be less or more specific to the given resource.
Query Time Defines the times for the query; must be within the range of earliest_time and latest_time
Outputs Description
Data (data) The results of the API call

RIPEstat/Allocations and Assignments Count Retrieval method

This data call returns the number of allocations and assignments (below the queried resource) according to registration data provided by Regional Internet Registries.

Inputs Description
Resource (is required) This is the resource the query is based on.
Query Time Defines the query time
Outputs Description
Data (data) The results of the API call

RIPEstat/Geographical Information method

This data call returns geographical information for Internet resources based on RIR Statistics data.

Inputs Description
Resource (is required) Defines the resource to be queried. For IP resource the result might be less or more specific to the given resource.
Query Time Defines the times for the query; must be within the range of earliest_time and latest_time
Outputs Description
Data (data) The results of the API call

RIPEstat/RIR Allocation/Assignment Information Retrieval method

This data call shows which RIR(s) allocated/assigned a resource. Depending on the level of detail (lod parameter) this can include additional information like registration status or country of registration. The data is based on RIR stats files.

Inputs Description
Resource (is required) Defines the resource to be queried. The result contains resources that are more or less specific to the queried resource.
Start Time Defines the time start and end time for the query.
Level of Details Defines the level of detail in which the data is being returned.Levels are: 0 - Least detailed output 1 - Default output* 2 - Most detailed output
Outputs Description
Data (data) The results of the API call

RIPEstat/Reverse DNS Delegations and IP Space Consistency Details Retrieval method

This data call returns details on the reverse DNS delegations and its consistency with routed and registered IP space. The input can be a single prefix or an ASN, in which case all routed and registered prefixes for this ASN are used as an input.

Inputs Description
Resource (is required) This is the resource the query is based on.
IPv4 / IPv6 Filter option on IP version
Outputs Description
Data (data) The results of the API call

RIPEstat/Reverse DNS Lookup method

This is just a simple lookup for the reverse DNS info against a single IP address.

Inputs Description
Resource (is required) IP address for the query
Outputs Description
Data (data) The results of the API call

RIPEstat/Region Reverse DNS Delegations Details Retrieval method

This data call returns details of reverse DNS delegations for IP prefixes in the RIPE region.

Inputs Description
Resource (is required) Prefix for the query
Outputs Description
Data (data) The results of the API call

RIPEstat/Prefixes Announced by ASN per Subnet Size and IP Version method

This data call returns the total amount of prefixes announced by a given ASN per subnet size and IP version.

Inputs Description
Resource (is required) This is the resource the query is based on.
Timestamp Defines the time for when to perform the query.
Minimum Peers Seeing Minimum number of RIS peers seeing the prefix for it to be included in the results. Excludes low-visibility/localized announcements
Outputs Description
Data (data) The results of the API call

RIPEstat/Routing Registries vs RIS Route Comparison method

This data call compares the given routes (prefix originating from an ASN) between Routing Registries and actual routing behaviour as seen by the RIPE NCC route collectors (RIS).

Inputs Description
Resource (is required) The prefix to query
Outputs Description
Data (data) The results of the API call

RIPEstat/Prefix Summary Retrieval method

This data call gives a summary of the given prefix, including whether and by whom it is announced.

Inputs Description
Resource (is required) States the prefix you want to get the resource info for
Maximum Related Limits the number of related prefixes - if there are any - included in the result
Query Time Defines the query time for the lookup
Minimum Peers Seeing Minimum number of (RIS) peers necessary to see a resource to be included in the result
Outputs Description
Data (data) The results of the API call

RIPEstat/Prefixes Announced by ASN over Time method

This data call shows the number of prefixes announced by a given ASN over time.

Inputs Description
Resource (is required) This is the resource the query is based on.
Start Time Defines the start time for the query
End Time Defines the endtime for the query
Minimum Peers Seeing Minimum number of RIS peers seeing the prefix for it to be included in the results. Excludes low-visibility/localized announcements.
Resolution Defines the resolution/aggregation for the returned data, e.g. 2d means that changes in the data must persist for longer than 2 days to be visible at this resolution.
Outputs Description
Data (data) The results of the API call

RIPEstat/IP Address Prefix and Announcing ASN Retrieval method

This data call returns the containing prefix and announcing ASN of a given IP address.

Inputs Description
Resource (is required) Any IP address one wants to get network info for
Outputs Description
Data (data) The results of the API call

RIPEstat/Meter.net Bandwidth Measurement Results Retrieval method

This data call returns bandwidth measurement results based on open data provided by meter.net.

Inputs Description
Resource (is required) At this moment the data call only supports prefixes but aggregations for ASNs and countries is planned.
Start Time/ End Time The start/end time defining the upper and lower boundary of the lookup.
Outputs Description
Data (data) The results of the API call

RIPEstat/Autonomous System Prefix Geolocation Information Retrieval method

This data call returns geolocation information for prefixes that are announced by an autonomous system.

Inputs Description
Resource (is required) Number of the autonomous system
Outputs Description
Data (data) The results of the API call

RIPEstat/Geo Location method

This data call returns geolocation information for the given IP space based on MaxMinds GeoLite2 data source.

Inputs Description
Resource (is required) States the prefix or IP address you want to get the geographic information for
Outputs Description
Data (data) The results of the API call

RIPEstat/Looking Glass Information Retrieval method

This data call returns information coming from a Looking Glass.

Inputs Description
Resource (is required) Prefixes need to match exactly a prefix found in the routing data. If given as IP address, the data call will try to find the encompassing prefix for the IP address.
Look Back Limit Any results older than the cut-off threshold are not returned. This is useful when data is delayed and should not show up.
Outputs Description
Data (data) The results of the API call

RIPEstat/Historical Whois method

This data call provides information on objects that are stored in the RIPE DB. The result is aligned to a specific object, which is identified by an object type and an object key, which is similar to the Whois data call.

Inputs Description
Resource (is required) This is a prefix (v4/v6), an AS number, or a string of the format object-type:object-key for looking up generic database objects
Version Given as a numerical value, the value must match exactly the historical version number.Given as a time-based value, the version that was valid at the given time will be returned.
Outputs Description
Data (data) The results of the API call

RIPEstat/ASN, IPv4, and IPv6 Sample Resources Retrieval method

This data call returns ASN, IPv4 and IPv6 sample resources.

Outputs Description
Data (data) The results of the API call

SendGrid

SendGrid/Send Email method

The Mail Send endpoint allows you to send email over SendGrid’s v3 Web API.

Inputs Description
Bearer Token (is required) Introduce Api key here
Personalization (is required) An array of messages and their metadata. Each object within personalizations can be thought of as an envelope - it defines who should receive an individual message and how that message should be handled.
From Email (is required) The From email address used to deliver the message. This address should be a verified sender in your Twilio SendGrid account
Name From A name or title associated with the sending email address.
Email Reply To The email address where any replies will be sent.
Name Reply to A name or title associated with the reply_to email address.
Reply to List An array of recipients who will receive replies. Each object in this array must contain the recipients email address. Each object in the array may optionally contain the recipients name. You can either choose to use “reply_to” field or “reply_to_list” but not both.
Mail Subject (is required) The global or message level subject of your email. This may be overridden by subject lines set in personalizations.
Content (is required) An array where you can specify the content of your email. You can include multiple MIME types of content, but you must specify at least one MIME type. To include more than one MIME type, add another object to the array containing the type and value parameters.
Attachments An array of objects where you can specify any attachments you want to include
Template ID An email template ID. A template that contains a subject and content — either text or html — will override any subject and content values specified at the personalizations or message level.
Headers An object containing key/value pairs of header names and the value to substitute for them. The key/value pairs must be strings. You must ensure these are properly encoded if they contain unicode characters. These headers cannot be one of the reserved headers.
Categories An array of category names for this message. Each category name may not exceed 255 characters.
Custom Arguments Values that are specific to the entire send that will be carried along with the email and its activity data. Key/value pairs must be strings. Substitutions will not be made on custom arguments, so any string that is entered into this parameter will be assumed to be the custom argument that you would like to be used. This parameter is overridden by custom_args set at the personalizations level. Total custom_args size may not exceed 10,000 byte
Send at A unix timestamp allowing you to specify when you want your email to be delivered. This may be overridden by the send_at parameter set at the personalizations level. Delivery cannot be scheduled more than 72 hours in advance. If you have the flexibility, its better to schedule mail for off-peak times. Most emails are scheduled and sent at the top of the hour or half hour. Scheduling email to avoid peak times — for example, scheduling at 10:53 — can result in lower deferral rates due to the reduced traffic during off-peak times.
Batch ID An ID representing a batch of emails to be sent at the same time. Including a batch_id in your request allows you include this email in that batch. It also enables you to cancel or pause the delivery of that batch. For more information, see the Cancel Scheduled Sends API.
ASM Group ID The unsubscribe group to associate with this email.
ASM Groups to Display An array containing the unsubscribe groups that you would like to be displayed on the unsubscribe preferences page.
IP Pool Name The IP Pool that you would like to send this email from.
Enable/Disable Bypass List Management Allows you to bypass all unsubscribe groups and suppressions to ensure that the email is delivered to every single recipient. This should only be used in emergencies when it is absolutely necessary that every recipient receives your email. This filter cannot be combined with any other bypass filters.
Enable/Disable Bypass Spam Management Allows you to bypass the spam report list to ensure that the email is delivered to recipients. Bounce and unsubscribe lists will still be checked; addresses on these other lists will not receive the message. This filter cannot be combined with the bypass_list_management filter. See our documentation for more about bypass filters. Indicates if this setting is enabled.
Enable/Disable Bypass Bounce Management Allows you to bypass the bounce list to ensure that the email is delivered to recipients. Spam report and unsubscribe lists will still be checked; addresses on these other lists will not receive the message. This filter cannot be combined with the bypass_list_managementIndicates if this setting is enabled.
Enable/Disable Bypass Bounce Management Allows you to bypass the global unsubscribe list to ensure that the email is delivered to recipients. Bounce and spam report lists will still be checked; addresses on these other lists will not receive the message. This filter applies only to global unsubscribes and will not bypass group unsubscribes. This filter cannot be combined with the bypass_list_management filter. Indicates if this setting is enabled.
Enable/Disable Footer Optional. The contributors username.
Enable/Disable Sandbox Mode Optional. The contributors username.
Enable/Disable Clicking Tracking Allows you to track if a recipient clicked a link in your email. Indicates if this setting is enabled.
Enable/Disable Text Click Tracking Allows you to track if a recipient clicked a link in your email. Indicates if this setting should be included in the text/plain portion of your email
Enable/Disable Open Tracking Allows you to track if the email was opened by including a single pixel image in the body of the content. When the pixel is loaded, Twilio SendGrid can log that the email was opened.Indicates if this setting is enabled.
Substitution Tag Allows you to track if the email was opened by including a single pixel image in the body of the content. When the pixel is loaded, Twilio SendGrid can log that the email was opened.Allows you to specify a substitution tag that you can insert in the body of your email at a location that you desire. This tag will be replaced by the open tracking pixel
Enable/Disable Subscription Tracking Allows you to insert a subscription management link at the bottom of the text and HTML bodies of your email. If you would like to specify the location of the link within your email, you may use the substitution_tag.Indicates if this setting is enabled.
Enable/Disable Google Analytics Allows you to enable tracking provided by Google Analytics.Indicates if this setting is enabled.
Referer Source Name of the referrer source. (e.g. Google, SomeDomain.com, or Marketing Email)
Marketing Medium Name of the marketing medium. (e.g. Email)
Paid Keyboards Used to identify any paid keywords
Differentiate Campaign from Advertisements Used to differentiate your campaign from advertisements.
Name of Campaign The name of the campaign.

Sublime Security

Sublime Security /emailriskprediction method

EmailRep uses hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists, open mail relays, domain age and reputation, deliverability, and more to predict the risk of an email address.

Inputs Description
Email (is required) Email address being queried
Summary Return human-readable summary
Outputs Description
Email (email) Email address queried
Reputation (reputation) high/medium/low/none
Suspicious (suspicious) Whether the email address should be treated as suspicious or risky
References (references) total number of positive and negative sources of reputation. note that these may not all be direct references to the email address, but can include reputation sources for the domain or other related information
Details (details) Additional details about the investigated email

The NIST National Vulnerability Database

NIST National Vulnerability Database/Vulnerabilities method

The CVE API is used to easily retrieve information on a single CVE or a collection of CVE from the NVD.

Inputs Description
Token (is required) To use the NIST National Vulnerability Database API, you must have an API key.
CPE Name This parameter returns all CVE associated with a specific CPE. The exact value provided with cpeName is compared against the CPE Match Criteria within a CVE applicability statement. If the value of cpeName is considered to match, the CVE is included in the results.
CVE ID This parameter returns a specific vulnerability identified by its unique Common Vulnerabilities and Exposures identifier (the CVE ID). cveId will not accept {CVE-ID} for vulnerabilities not yet published in the NVD
CVSS V2 Metrics This parameter returns only the CVEs that match the provided CVSS V2 Metrics
CVSS V2 Severity This parameter returns only the CVEs that match the provided CVSSv2 qualitative severity rating
CVSS V3 Metrics This parameter returns only the CVEs that match the provided CVSS V3 Metrics
CVSS V3 Severity Host to submit
CWE ID This parameter returns only the CVE that include a weakness identified by Common Weakness Enumeration using the provided {CWE-ID}
Cert Alerts This parameter returns the CVE that contain a Technical Alert from US-CERT
Cert Notes This parameter returns the CVE that contain a Vulnerability Note from CERT/CC.
Kev This parameter returns the CVE that appear in CISAs Known Exploited Vulnerabilities (KEV) Catalog
Oval This parameter returns the CVE that contain information from MITREs Open Vulnerability and Assessment Language (OVAL) before this transitioned to the Center for Internet Security (CIS).
Vulnerable This parameter returns only CVE associated with a specific CPE, where the CPE is also considered vulnerable.
Keyword Exact Match By default, this parameter returns any CVE where a word or phrase is found in the current description
Keyword Search This parameter returns only the CVEs where a word or phrase is found in the current description.
Modified Start Date These parameters return only the CVEs that were last modified during the specified period (Modified Start Date and Modified End Date)
Modified End Date These parameters return only the CVEs that were last modified during the specified period (Modified Start Date and Modified End Date)
No Rejected By default, the CVE API includes CVE records with the REJECT or Rejected status. This parameter excludes CVE records with the REJECT or Rejected status from API response.
Publication Start Date These parameters return only the CVEs that were added to the NVD (i.e., published) during the specified period. If filtering by the published date, both Publication Start Date and Publication End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Publication End Date These parameters return only the CVEs that were added to the NVD (i.e., published) during the specified period. If filtering by the published date, both Publication Start Date and Publication End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Results per Page This parameter specifies the maximum number of CVE records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is 2,000
Start Index This parameter specifies the index of the first CVE to be returned in the response data.
Source Identifier his parameter returns CVE where the exact value of Source Identifier appears as a data source in the CVE record.
Version End The Virtual Match String parameter may be combined with Version and Version End Type to return only the CVEs associated with CPEs in specific version ranges.NaN
Version End Type The Virtual Match String parameter may be combined with Version and Version End Type to return only the CVEs associated with CPEs in specific version ranges.NaN
Version Start The Virtual Match String parameter may be combined with Version Start and Version Start Type to return only the CVEs associated with CPEs in specific version ranges.NaN
Version Start Type The Virtual Match String parameter may be combined with Version Start and Version Start Type to return only the CVEs associated with CPEs in specific version ranges.NaN
Virtual Match String Host to submit
Outputs Description
Vulnerabilities (vulnerabilities) The Vulnerabilities object contains an array of objects equal to the number of CVE returned in the response and is sorted in ascending order by the published property of the cve object. The cve object is explained in more detail below

NIST National Vulnerability Database/Change History method

The CVE Change History API is used to easily retrieve information on changes made to a single CVE or a collection of CVE from the NVD. This API provides additional transparency to the work of the NVD, allowing users to easily monitor when and why vulnerabilities change.

Inputs Description
Token (is required) To use the NIST National Vulnerability Database API, you must have an API key.
Change Start Date These parameters( Change Start Date and Change End Date) return any CVE that changed during the specified period. Please note, this is different from the last modified date parameters used with other APIs. If filtering by the change date, both Change Start Date and Change End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days
Change End Date These parameters( Change Start Date and Change End Date) return any CVE that changed during the specified period. Please note, this is different from the last modified date parameters used with other APIs. If filtering by the change date, both Change Start Date and Change End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days
CVE ID This parameter returns the complete change history for a specific vulnerability identified by its unique Common Vulnerabilities and Exposures identifier (the CVE ID)
Event Name This parameter returns all CVE associated with a specific type of change event.
Results per page This parameter specifies the maximum number of change events to be returned in a single API response. For network considerations, the default value and maximum allowable limit is 5,000
Start Index This parameter specifies the index of the first change events to be returned in the response data. The index is zero-based, meaning the first change events is at index zero
Outputs Description
CVE Changes (cveChanges) The CVE Changes object contains an array of objects equal to the number of change events returned in the response

NIST National Vulnerability Database/Products method

The CPE API is used to easily retrieve information on a single CPE record or a collection of CPE records from the Official CPE Dictionary.

Inputs Description
Token (is required) To use the NIST National Vulnerability Database API, you must have an API key.
CPE Name ID This parameter returns a specific CPE record identified by a Universal Unique Identifier (UUID)
CPE Match String This parameter returns CPE Names that exist in the Official CPE Dictionary
Keyword Exact Match By default, this parameter returns any CVE where a word or phrase is found in the current description
Keyword Search This parameter returns only the CVEs where a word or phrase is found in the current description.
Last Modified Start Date These parameters (Last Modified Start Date and Last Modified End Date) return only the source records that were last modified during the specified period. If a source record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both Last Modified Start Date and Last Modified End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Last Modified End Date These parameters (Last Modified Start Date and Last Modified End Date) return only the source records that were last modified during the specified period. If a source record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both Last Modified Start Date and Last Modified End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Match Criteria ID This parameter returns all CPE records associated with a match string identified by its {uuid}. Match Criteria ID will only accept a properly formatted {uuid}
Results per page This parameter specifies the maximum number of source records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is 1,000
Start Index This parameter specifies the index of the first source record to be returned in the response data. The index is zero-based, meaning the first source record is at index zero
Outputs Description
Products (products) he products object contains an array of objects equal to the number of records returned in the response and is sorted in ascending order by the created property of the cpe object.

NIST National Vulnerability Database/Match Criteria method

The CPE Match Criteria API is used to easily retrieve the complete list of valid CPE Match Strings. Unlike a CPE Name, match strings and match string ranges do not require a value in the part, vendor, product, or version components.

Inputs Description
Token (is required) To use the NIST National Vulnerability Database API, you must have an API key.
CVE ID This parameter returns the complete change history for a specific vulnerability identified by its unique Common Vulnerabilities and Exposures identifier (the CVE ID)
Last Modified Start Date These parameters (Last Modified Start Date and Last Modified End Date) return only the source records that were last modified during the specified period. If a source record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both Last Modified Start Date and Last Modified End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Last Modified End Date These parameters (Last Modified Start Date and Last Modified End Date) return only the source records that were last modified during the specified period. If a source record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both Last Modified Start Date and Last Modified End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Match Criteria ID This parameter returns all CPE records associated with a match string identified by its {uuid}. Match Criteria ID will only accept a properly formatted {uuid}
Match String Search This parameter returns all CPE Match Strings that conform to the pattern of the Match String Search
Results per Page This parameter specifies the maximum number of source records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is 1,000
Start Index This parameter specifies the index of the first source record to be returned in the response data. The index is zero-based, meaning the first source record is at index zero
Outputs Description
Match Strings (matchStrings) The Match Strings object contains an array of objects equal to the number of records returned in the Image Conversion from URLresponse and is sorted in ascending order by the created property of the matchString object

NIST National Vulnerability Database/Sources method

The Source API is used to easily retrieve detailed information on the organizations that provide the data contained in the NVD dataset.

Inputs Description
Token (is required) To use the NIST National Vulnerability Database API, you must have an API key.
Last Modified Start Date These parameters (Last Modified Start Date and Last Modified End Date) return only the source records that were last modified during the specified period. If a source record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both Last Modified Start Date and Last Modified End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Last Modified End Date These parameters (Last Modified Start Date and Last Modified End Date) return only the source records that were last modified during the specified period. If a source record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both Last Modified Start Date and Last Modified End Date are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
Results per page This parameter specifies the maximum number of source records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is 1,000
Source Identifier This parameter returns all source records where the exact value of Source Identifier
Start Index This parameter specifies the index of the first source record to be returned in the response data. The index is zero-based, meaning the first source record is at index zero
Outputs Description
Sources (sources) This object contains the following required data: source name, the email address used by the CVE Program to identify the source, an object containing all email addresses linked to the source, the date and time that the source first appeared in the NVD, and the date and time that the record was last modified

ThreatBook

ThreatBook/IP Full Report method

This endpoint retrieves information about a user, including the privileges and quotas associated to the user.

Inputs Description
Token (is required) To use the ThreatBook API, you must have an API key.
Resource (is required) The IP which is investigated
Outputs Description
Message (msg) Status of request
Data (data) The report of the investigated IP from ThreatBook

Threat Intelligence Platform

Threat Intelligence Platform/Domain Names Resolving to IP Address Retrieval method

Retrieve a list of domain names resolving to a given IP address, including subdomains.

Inputs Description
Token (is required) The target domain name.
Domain (is required) To use the ThreatIntelligence API, you must have an API key.
Outputs Description
Number of Domains (numberOfDomains) Number of domain names resolving to a given IP address
Domains (domains) A list of domain names resolving to a given IP address

Threat Intelligence Platform/Dangerous Domain Check method

For a given domain name, check if it is considered to be dangerous in different security data sources. Dangerous domains could be related to a malware distribution network or host a malicious code.

Inputs Description
Token (is required) To use the ThreatIntelligence API, you must have an API key.
Domain (is required) The target domain name
Outputs Description
Safe Score (safe_score) Composite safety score based on numerous security data sources. 0 is dangerous, and 100 is safe
Warning Details (warningDetails) For a dangerous domain, comments regarding why its considered dangerous. Possible warnings:PhishingMalwareSpamBad reputationDenial of service attack

Threat Intelligence Platform/Domain Reputation Evaluation V1 method

Evaluate a domains reputation based on numerous security data sources as well as on an instant hosts audit procedure.

Inputs Description
Token (is required) To use the ThreatIntelligence API, you must have an API key.
Domain (is required) The target domain name or IPv4 address.
Checking Mode TIP can check the domain specified in two modes:fast (default). Only select test codes will run — i.e., 62 WHOIS Domain status, 82 Malware Databases check, 87 SSL certificate validity, and 93 WHOIS Domain check—while other tests and data collectors will be disabled.full. All tests will be performed, similar to what the TIP GUI displays.
Outputs Description
Mode (mode) Selected mode
Reputation Score (reputationScore) Composite safety score based on numerous security data sources. 0 is dangerous, and 100 is safe
Test Results (testResults) A list of tests performed on the IP

Threat Intelligence Platform/Domain Reputation Evaluation V2 method

Evaluate a domains reputation based on numerous security data sources as well as on an instant hosts audit procedure.

Inputs Description
Token (is required) To use the ThreatIntelligence API, you must have an API key.
Domain (is required) The target domain name or IPv4 address.
Checking Mode TIP can check the domain specified in two modes:fast (default). Only select test codes will run — i.e., 62 WHOIS Domain status, 82 Malware Databases check, 87 SSL certificate validity, and 93 WHOIS Domain check—while other tests and data collectors will be disabled.full. All tests will be performed, similar to what the TIP GUI displays.
Outputs Description
Mode (mode) Selected mode
Reputation Score (reputationScore) Composite safety score based on numerous security data sources. 0 is dangerous, and 100 is safe.
Test Results (testResults) A list of tests performed on the IP

Threat Intelligence Platform/Domain Infrastructure Information Retrieval method

Get a list of web, mail, and name servers for a particular domain name. Determine the IP address, geolocation, and subnetwork information for each infrastructure entry.

Inputs Description
Token (is required) To use the ThreatIntelligence API, you must have an API key.
Domain (is required) The target domain name.
Outputs Description
values (values) The results of the API call

Threat Intelligence Platform/SSL Certificate Information Retrieval method

For a given domain name, get detailed information about its SSL Certificate and the complete SSL Certificate chain.

Inputs Description
Token (is required) To use the ThreatIntelligence API, you must have an API key.
Domain (is required) The target domain name.
Outputs Description
values (values) The results of the API call

Threat Intelligence Platform/SSL Configuration Analysis method

For a given domain name, establish and test SSL connection to the host and analyze how it is configured - to detect common configuration issues potentially leading to vulnerabilities.

Inputs Description
Token (is required) To use the ThreatIntelligence API, you must have an API key
Domain (is required) The target domain name
Outputs Description
Has Warnings (hasWarnings) If true - there are some warnings for the target host
Test Results (testResults) A list of tests with details

ThreatMiner

ThreatMiner/Domain WHOIS method

Based on the query, this function returns threat analysis details for the provided domain.

Inputs Description
Domain (is required) The Domain which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/Domain Passive DNS method

Based on the query, this function returns threat analysis details for the provided domain.

Inputs Description
Domain (is required) The Domain which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/Domain Example Query URI method

Based on the query, this function returns threat analysis details for the provided domain.

Inputs Description
Domain (is required) The Domain which is examined
Outputs Description
Results (results) The results of the API call

Based on the query, this function returns threat analysis details for the provided domain.

Inputs Description
Domain (is required) The Domain which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/Domain Subdomains method

Based on the query, this function returns threat analysis details for the provided domain.

Inputs Description
Domain (is required) The Domain which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/Domain Report Tagging method

Based on the query, this function returns threat analysis details for the provided domain.

Inputs Description
Domain (is required) The Domain which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/IP WHOIS method

Based on the query, this function returns threat analysis details for the provided ip.

Inputs Description
IP (is required) The IP which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/IP Passive DNS method

Based on the query, this function returns threat analysis details for the provided ip.

Inputs Description
IP (is required) The IP which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/IP URIs method

Based on the query, this function returns threat analysis details for the provided ip.

Inputs Description
IP (is required) The IP which is examined
Outputs Description
Results (results) The results of the API call

Based on the query, this function returns threat analysis details for the provided ip.

Inputs Description
IP (is required) The IP which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/IP SSL Certificates method

Based on the query, this function returns threat analysis details for the provided ip.

Inputs Description
IP (is required) The IP which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/IP Reporting Tagging method

Based on the query, this function returns threat analysis details for the provided ip.

Inputs Description
IP (is required) The IP which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/Samples Metadata method

Samples for different query type.

Inputs Description
Value (is required) The value which is used to return a Sample
Outputs Description
Results (results) The results of the API call

ThreatMiner/Samples HTTP Traffic method

Samples for different query type.

Inputs Description
Value (is required) The value which is used to return a Sample
Outputs Description
Results (results) The results of the API call

ThreatMiner/Samples Hosts method

Samples for different query type.

Inputs Description
Value (is required) The value which is used to return a Sample
Outputs Description
Results (results) The results of the API call

ThreatMiner/Samples Mutants method

Samples for different query type.

Inputs Description
Value (is required) The value which is used to return a Sample
Outputs Description
Results (results) The results of the API call

ThreatMiner/Samples Registry Key method

Samples for different query type.

Inputs Description
Value (is required) The value which is used to return a Sample
Outputs Description
Results (results) The results of the API call

ThreatMiner/Samples AV Detection method

Samples for different query type.

Inputs Description
Value (is required) The value which is used to return a Sample
Outputs Description
Results (results) The results of the API call

ThreatMiner/Samples Report Tagging method

Samples for different query type.

Inputs Description
Value (is required) The value which is used to return a Sample
Outputs Description
Results (results) The results of the API call

ThreatMiner/Import Hash Samples method

Retrieves the data that detect the level of similarity between two files at the binary level.

Inputs Description
Hash (is required) To get samples query type malware analysis report, it needs an import hash value.
Outputs Description
Results (results) The results of the API call

ThreatMiner/Import Hash Report Tagging method

Retrieves the data that detect the level of similarity between two files at the binary level.

Inputs Description
Hash (is required) To get samples query type malware analysis report, it needs an import hash value.
Outputs Description
Results (results) The results of the API call

ThreatMiner/SSDeep Samples method

The Binary File Similarity API allows you to retrieve data that measures the degree of similarity between two files at the binary level. This feature provides information on the level of similarity between the contents of the files, helping to identify any resemblances or commonalities between them.

Inputs Description
SSDeep (is required) Give the SSDeep hash value, which tries to gauge the degree of binary similarity between two files. Samples query type is the default.
Outputs Description
Results (results) The results of the API call

ThreatMiner/SSDeep Report Tagging method

The Binary File Similarity API allows you to retrieve data that measures the degree of similarity between two files at the binary level. This feature provides information on the level of similarity between the contents of the files, helping to identify any resemblances or commonalities between them.

Inputs Description
SSDeep (is required) Give the SSDeep hash value, which tries to gauge the degree of binary similarity between two files. Samples query type is the default.
Outputs Description
Results (results) The results of the API call

ThreatMiner/SSL Hosts method

Based on the query, this function returns hosts or report tagging.

Inputs Description
SSL (is required) The SSL value which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/SSL Report Tagging method

Based on the query, this function returns hosts or report tagging.

Inputs Description
SSL (is required) The SSL value which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/Email Revers WHOIS method

The Email (Reverse WHOIS) functionality enables you to perform domain searches based on the name, address, telephone number, email address, or physical address of the Registrant as listed in both current and historical Whois records. This feature provides a convenient way to retrieve domain information by utilizing various search criteria associated with the Registrants details.

Inputs Description
Email (is required) The Email which is examined
Outputs Description
Results (results) The results of the API call

ThreatMiner/AV Detection Samples method

Based on query, this function return Report tagging or samples.

Inputs Description
Virus (is required) The type of the virus
Outputs Description
Results (results) The results of the API call

ThreatMiner/AV Detection Report Tagging method

Based on query, this function return Report tagging or samples.

Inputs Description
Virus (is required) The type of the virus
Outputs Description
Results (results) The results of the API call

ThreatMiner/APT Notes IoC Domains method

Based on query, receive different notes.

Inputs Description
APT Note (is required) The APT Note which is used
Year (is required) Year
Outputs Description
Results (results) The results of the API call

ThreatMiner/APT Notes IoC Hosts method

Based on query, receive different notes.

Inputs Description
APT Note (is required) The APT Note which is used
Year (is required) Year
Outputs Description
Results (results) The results of the API call

ThreatMiner/APT Notes IoC Email Addresses method

Based on query, receive different notes.

Inputs Description
APT Note (is required) The APT Note which is used
Year (is required) Year
Outputs Description
Results (results) The results of the API call

ThreatMiner/APT Notes IoC Samples method

Based on query, receive different reports.

Inputs Description
APT Note (is required) The value which is used for this call
Year (is required) Year
Outputs Description
Results (results) The results of the API call

ThreatMiner/APT Notes Get Reports by Year method

Based on query, receive different reports.

Inputs Description
Value (is required) The value which is used for this call
Outputs Description
Results (results) The results of the API call

ThreatMiner/Get Search APT Notes Full Text method

Based on query, receive different reports.

Inputs Description
Value (is required) The value which is used for this call
Outputs Description
Results (results) The results of the API call

Twilio

Twilio/Make a Outgoing Call method

Twilio is used to make an outgoing call from one phone to another.

Inputs Description
Username (is required) Account SID
Password (is required) Auth Token
Twilio Account SID (is required) Account SID
URL (is required) If you specify a URL parameter in your request, Twilio will make its HTTP request to this URL to retrieve TwiML to handle the call.
From (is required) Twilio uses the From parameter (required) to set a phone number or client identifier as the caller ID for your outbound call.
To (is required) The To parameter (required) is the phone number, SIP address, or client identifier you’re calling.
Outputs Description
From (from) The Twilio phone number who calls
To (to) The phone number who receives the call
Caller Name (caller_name) Details about the caller name
Duration (duration) The duration of the call
Price (price) The call cost after executing the API
Price Unit (price_unit) The currency

Twilio/Send SMS method

Twilio is used to send an SMS message from one phone to another.

Inputs Description
Username (is required) Account SID
Password (is required) Auth Token
Twilio Account SID (is required) Account SID
Body (is required) The body of this POST
From (is required) From specifies the Twilio phone number, short code, or Messaging Service that sends this message. This must be a Twilio phone number that you own
To (is required) This parameter determines the destination phone number for your SMS message.
Outputs Description
Body (body) The message send
Number Segments (num_segments) The number of segments
Direction (direction) The method used to call the API
From (from) The Twilio phone number that sent the message
Date Updated (date_updated) The timestamp when the API was last time updated
To (to) The phone number that received the message
Price (price) The cost of sending a message using the API
Price Unit (price_unit) The currency

Unshorten.me

Unshorten_me/Unshorten URL method

Un-shorten URLs created by different services.

Inputs Description
URL (is required) The URL for which the execution takes place
Outputs Description
Requested URL (requested_url) The URL that is shortened
Success (success) The status of the API call
Resolved URL (resolved_url) The URL that is unshortened

Urlscan.io

UrlScan.io/Submit URL method

The submission API allows you to submit a URL to be scanned and set some options for the scan.

Inputs Description
Token (is required) To use the UrlScan.io API, you must have an API key.
URL The URL which will be submitted
Visibility The visibility of submission
Tags User-defined tags to annotate this scan, e.g.: phishing or malicious. Limited to 10 tags.
Outputs Description
Message (message) The status of the API call
UUID (uuid) The uuid generated generated after calling the APi
Result (result) The link to the submission
Visibility (visibility) The visibility of raport

UrlScan.io/Search method

The result has high-level metadata about the scan result and a link to the API for the full scan result.

Inputs Description
Token (is required) To use the UrlScan.io API, you must have an API key.
Query (is required) The query term (ElasticSearch Query String Query).
Size Number of results returned. Default: 100, Max: 10000 (depending on your subscription)
Search After For retrieving the next batch of results, value of the sort attribute of the last (oldest) result you received (comma-separated)
Outputs Description
Results (results) The results of the investigation

UrlScan.io/Get Results for Submitted URLs method

Receive results from url submitted.

Inputs Description
Token (is required) To use the UrlScan.io API, you must have an API key.
UUID (is required) Identify URL based on UUID
Outputs Description
Requests (requests) The list of requests to the investigated URL

Forti

Forti/User Firewall method

List authenticated firewall users.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host Your FortiGate hostname
Start Starting entry index
count Maximum number of entries to return
IPv4 Include IPv4 user (default=true)
IPv6 Include IPv6 users
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/User Banned method

Return a list of all banned users by IP.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Collected Emails method

List email addresses collected from captive portal.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Active IPv4 Routing Table Entries method

List all active IPv4 routing table entries.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Start Starting entry index
Count Maximum number of entries to return (Default for all routes)
IP Mask Filter: IP/netmask
Gateway Filter: gateway
Type Filter: route type
Interface Filter: interface name
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Active IPv6 Routing Table Entries method

List all active IPv6 routing table entries.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Start Starting entry index
Count Maximum number of entries to return (Default for all routes)
IP Mask Filter: IP/netmask
Gateway Filter: gateway
Type Filter: route type
Interface Filter: interface name
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Router Statistics method

Retrieve routing table statistics, including number of matched routes.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Start IP version (4/6). If not present, IPv4 and IPv6 will be returned
Count Filter: IP/netmask
IP Mask Filter: gateway
Gateway Filter: route type
Type Filter: interface name
Interface
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Fortiview Statistics method

Retrieve drill-down and summary data for FortiView (both realtime and historical).

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Realtime Set to true to retrieve realtime results (from kernel)
Filter A map of filter keys to arrays of values
Session ID FortiView request Session ID
Count Maximum number of entries to return
Device FortiView source device [disk/fortianalyzer/forticloud]
Report by Report by field
Sort by Sort by field
Chart only Only return graph values in results
Start Start timestamp
End End timestamp
IP version IP version [*ipv4 / ipv6 / ipboth]
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/List Malicious URLs method

List all URLs in FortiSandbox malicious URL database.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Statistics about Malicious URLs method

Retrieve statistics for the FortiSandbox malicious URL database.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key
Host (is required) Your FortiGate hostname
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Get All Addresses method

Return all Addresses created.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Data source Enable to include datasource information for each linked object.
Start Starting entry index.
Count Maximum number of entries to return.
With meta Enable to include meta information about each object (type id, references, etc).
With contents hash Enable to include a checksum of each objects contents.
Skip Enable to call CLI skip operator to hide skipped properties.
Format List of property names to include in results, separated by
Filter Filtering multiple key/value pairsOperator
Key If present, objects will be filtered on property with this name.
Pattern If present, objects will be filtered on property with this value.
Scope Scope [global
Exclude default values Exclude properties/objects with default value
Action default: Return the CLI default values for entire CLI tree.meta: Return meta data for a specific object, table, or the entire CLI tree.schema: Return schema for entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned.The URL parameter is one of:vdom=root (Single VDOM)vdom=vdom1,vdom2 (Multiple VDOMs)vdom=* (All VDOMs)
Outputs Description
Results(results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Get Single Address method

Select a single address by name.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Address Name (is required) The address name which will be searched
Data source Enable to include datasource information for each linked object.
With Meta Enable to include meta information about each object (type id, references, etc).
Skip Enable to call CLI skip operator to hide skipped properties.
Format List of property names to include in results, separated by
Action default: Return the CLI default values for this object type.schema: Return the CLI schema for this object type.revision: Return the CMDB revision for this object type.transaction-list: List all configuration transaction(s).
Vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned.The URL parameter is one of:vdom=root (Single VDOM)vdom=vdom1,vdom2 (Multiple VDOMs)vdom=* (All VDOMs)
Outputs Description
Results (results) The results of the API call
Status(status) Success if the API call was executed correctly

Forti/Delete Address method

Delete an Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Address Name (is required) The name of the address
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create FQDN Address method

Create a FQDN Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name. To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
FQDN (is required) Fully Qualified Domain Name address
Interface Name of interface whose IP address is to be used.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Update FQDN Address method

Update a FQDN Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Old FQDN name (is required) The FQDN name which will be changed
New FQDN Name (is required) Address name
FQDN Fully Qualified Domain Name address
Interface Name of interface whose IP address is to be used.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create Wildcard FQDN Address method

Create a Wildcard FQDN Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name.To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
Wildcard FQDN (is required) Fully Qualified Domain Name address
Interface Name of interface whose IP address is to be used.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Update Wildcard FQDN Address method

Update a Wildcard FQDN Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Old Wildcard FQDN Name (is required) The Wildcard FQDN Address name which will be changed
New Wildcard FQDN Name (is required) Address name
Wildcard FQDN Fully Qualified Domain Name address
Interface Name of interface whose IP address is to be used.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create IP Range Address method

Create IP Range Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name. To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
Start IP (is required) First IP address (inclusive) in the range for the address.
End IP (is required) Final IP address (inclusive) in the range for the address.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Block Single IP Address method

Block Single IP Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
IP (is required) The IP which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Block Single FQDN Address method

Create Single FQDN Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
FQDN (is required) The FQDN which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Block Single Country Address method

Create Single Country Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
Country (is required) The country which will be used to create the address. Use ISO 3166 notation for countries (ex: US)
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Block IP Range Address method

Block IP Range Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
Start IP (is required) The Start IP which will be used to create the address
End IP (is required) The End IP which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Block Subnet Address method

Block Subnet Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
IP (is required) The IP which will be used to create the address
Netmask (is required) The Netmask which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Allow IP Address method

Allow Single IP Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
IP (is required) The IP which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Allow FQDN Address method

Allow Single FQDN Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
FQDN (is required) The FQDN which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Allow Country Address method

Allow Single Country Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
Country (is required) The country which will be used to create the address. Use ISO 3166 notation for countries (ex: US)
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Allow IP Range Address method

Allow IP Range Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
Start IP (is required) The Start IP which will be used to create the address
End IP (is required) The End IP which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Allow Subnet Address method

Allow Subnet Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name
IP (is required) The IP which will be used to create the address
Netmask (is required) The Netmask which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create Single IP Address method

Create Single IP Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name. To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
Subnet (is required) The IP which will be used to create the address
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Update IP Range Address method

Update IP Range Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Old IP Range Address Name (is required) The IP Range Address name which will be changed
New IP Range Address Name (is required) Address name
Start IP (is required) First IP address (inclusive) in the range for the address.
End IP (is required) Final IP address (inclusive) in the range for the address.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create Mac Address method

Create an Address which contain MAC Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name. To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
MAC Address (is required) The MAC Address of interest
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Update Mac Address method

Update an Address which contain MAC Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Old Mac Address Name (is required) The MAC Address name which will be changed
New Mac Address Name (is required) Address name
MAC Address (is required) The MAC Address of interest
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create Range Of Mac Addresses method

Create MAC Range Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name. To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
Start MAC (is required) First MAC address in the range.
End MAC (is required) Last MAC address in the range.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Update Range Of Mac Addresses method

Update MAC Range Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Old Range of MAC Addresses Name (is required) The MAC Address Range name which will be changed
New Range of MAC Addresses Name (is required) Address name
Start MAC (is required) First MAC address in the range.
End MAC (is required) Last MAC address in the range.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create Geographical Address method

Create Geographical Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name. To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
Two Letter Country Abbreviation (is required) The name of the country. Use ISO 3166 notation for countries (ex: US)
Comment Write a short description about this Address
Color Color of icon on the GUI.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Update Geographical Address method

Update Geographical Address.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Old Geographical Name (is required) The Geographical Address name which will be changed
New Geographical Name (is required) Address name
Two Letter Country Abbreviation (is required) The name of the country. Use ISO 3166 notation for countries (ex: US)
Comment Write a short description about this Address
Color Color of icon on the GUI.
Allow routing Enable/disable use of this address in the static route configuration.enable:Enable use of this address in the static route configuration.disable:Disable use of this address in the static route configuration.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Create Groups Address method

Create a Address Group.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Address name. To execute with success this API call you need to provide a unique name ( which is not already existing in your FortiGate)
Type (is required) Address group type.default:Default address group type (address may belong to multiple groups).folder:Address folder group (members may not belong to any other group).
Members (is required) Address objects contained within the group.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/All Groups Addresses method

Return all Groups Addresses created.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Data source Enable to include datasource information for each linked object.
Start Starting entry index.
Count Maximum number of entries to return.
With meta Enable to include meta information about each object (type id, references, etc).
With contents hash Enable to include a checksum of each objects contents.
Skip Enable to call CLI skip operator to hide skipped properties.
Format List of property names to include in results, separated by
Filter Filtering multiple key/value pairsOperator
Key If present, objects will be filtered on property with this name.
Pattern If present, objects will be filtered on property with this value.
Scope Scope [global
Exclude default values Exclude properties/objects with default value
Action default: Return the CLI default values for entire CLI tree.meta: Return meta data for a specific object, table, or the entire CLI tree.schema: Return schema for entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned.The URL parameter is one of:vdom=root (Single VDOM)vdom=vdom1,vdom2 (Multiple VDOMs)vdom=* (All VDOMs)
Outputs Description
Results (results) The results of the API call

Forti/Update Groups Addresses method

Update an Address Group.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Old Name Group Host (is required) Address Name what you want to update
New Name Group Host (is required) Address name
Type (is required) Address group type.default:Default address group type (address may belong to multiple groups).folder:Address folder group (members may not belong to any other group).
Member Address objects contained within the group.
Comment Write a short description about this Address
Color Color of icon on the GUI.
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Set Firewall Policy method

Set Firewall Policy.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Name (is required) Policy Name
Incoming Interface (is required) Incoming (ingress) interface.
Outgoing Interface (is required) Outgoing (egress) interface.
Source (is required) Source IPv4 address and address group names.
Negate Source specifies what the source address must NOT be.enable:Enable source address negate.disable:Disable source address negate.
Destination (is required) Destination IPv4 address and address group names.
Negate Destination specifies what the destination address must NOT be.enable:Enable destination address negate.disable:Disable destination address negate.
Schedule (is required) Schedule name.
Service (is required) Service and service group names.
Action (is required) Policy action (accept/deny/ipsec).accept:Allows session that match the firewall policy.deny:Blocks sessions that match the firewall policy.ipsec:Firewall policy becomes a policy-based IPsec VPN policy.
Comments Comment
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Update Firewall Policy method

Update Firewall Policy.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Policy ID (is required) The policy ID which will be used to identify the policy
Name Policy Name
Incoming Interface Incoming (ingress) interface.
Outgoing Interface Outgoing (egress) interface.
Source Source IPv4 address and address group names.
Negate Source specifies what the source address must NOT be.enable:Enable source address negate.disable:Disable source address negate.
Destination Destination IPv4 address and address group names.
Negate Destination specifies what the destination address must NOT be.enable:Enable destination address negate.disable:Disable destination address negate.
Schedule Schedule name.
Service Service and service group names.
Action Policy action (accept/deny/ipsec).accept:Allows session that match the firewall policy.deny:Blocks sessions that match the firewall policy.ipsec:Firewall policy becomes a policy-based IPsec VPN policy.
Inspection Mode Policy inspection mode (Flow/proxy). Default is Flow mode.proxy:Proxy based inspection.flow:Flow based inspection. If selected the Proxy based you must disable or enable Proxy HTTP(S) traffic
Proxy HTTP(S) traffic Redirect HTTP(S) traffic to matching transparent web proxy policy.enable:Enable HTTP(S) policy redirect.disable:Disable HTTP(S) policy redirect
NAT Enable/disable source NAT.enable:Enable setting.disable:Disable setting.
IP Pool Configuration Enable to use IP Pools for source NAT.enable:Enable setting.disable:Disable setting.
Use Dynamic IP Pool IP Pool names. IF IP Pool configuration is enabled this parameter must pe completed
Preserve Source Port Enable to prevent source NAT from changing a sessions source port.enable:Enable setting.disable:Disable setting.
Protocol Options Name of an existing Protocol options profile. If you dont have anything declared use default
AntiVirus Name of an existing Antivirus profile.
Web Filter Name of an existing Web filter profile.
DNS Filter Name of an existing DNS filter profile.
Negate Source specifies what the source address must NOT be.enable:Enable source address negate.disable:Disable source address negate.
Log Allowed Traffic Enable or disable logging. Log all sessions or security profile sessions.all:Log all sessions accepted or denied by this policy.utm:Log traffic that has a security profile applied to it.disable:Disable all logging for this policy.
WCCP Enable/disable forwarding traffic matching this policy to a configured WCCP server.enable:Enable WCCP setting.disable:Disable WCCP setting
Exempt from Captive Portal Enable to exempt some users from the captive portal.enable:Enable exemption of captive portal.disable:Disable exemption of captive portal.
Comments Comment
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/All Firewall Policies method

Return all Policies created.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Data source Enable to include datasource information for each linked object.
Start Starting entry index.
Count Maximum number of entries to return.
With meta Enable to include meta information about each object (type id, references, etc).
With contents hash Enable to include a checksum of each objects contents.
Skip Enable to call CLI skip operator to hide skipped properties.
Format List of property names to include in results, separated by
Filter Filtering multiple key/value pairsOperator
Key If present, objects will be filtered on property with this name.
Pattern If present, objects will be filtered on property with this value.
Scope Scope [global
Exclude default values Exclude properties/objects with default value
Action default: Return the CLI default values for entire CLI tree.meta: Return meta data for a specific object, table, or the entire CLI tree.schema: Return schema for entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned.The URL parameter is one of:vdom=root (Single VDOM)vdom=vdom1,vdom2 (Multiple VDOMs)vdom=* (All VDOMs)
Outputs Description
Results (results) The results of the API call

Forti/Delete Firewall Policy method

Delete a specific Policy.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Policy ID (is required) The ID of Policy you want to delete
Outputs Description
Status (status) Success if the API call was executed correctly

Forti/Available Certificates method

Get Available Certificates.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Scope Scope of certificate [vdom*
With Remote Include remote certificates.
With Certificates Authorities Include certificate authorities.
With revocation list nclude certificate revocation lists.
Outputs Description
Results (results) The results of the API call

Forti/Block User Or Users method

Immediately add one or more users to the banned list.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
IP Addresses (is required) List of IP Addresses to ban. IPv4 and IPv6 addresses are allowed
Expiry (is required) Time until expiry in seconds. 0 for indefinite ban.
Outputs Description
Results (results) The results of the API call

Forti/Clear All Banned Users method

Immediately clear all banned users.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Outputs Description
status (status) Success if the API call was executed correctly

Forti/Clear A List Of Banned Users method

Immediately clear a list of specific banned users by IP.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
IP Addresses (is required) List of banned user IPs to clear. IPv4 and IPv6 addresses are allowed.
Outputs Description
status (status) Success if the API call was executed correctly

Forti/Get Events method

Log Data.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Subtype (is required) Select the subtype for the Event log categoryAvailable values : vpn, user, router, wireless, wad, endpoint, ha, compliance-check, security-rating, fortiextender, connector, system
Start Row number for the first row to return
Rows Number of rows to return.
Session ID Provide a session_id to continue getting data for that request.
Serial Number Retrieve log from the specified device.
Is HA Member Is the specified device an HA member.
Filter Filtering multiple key/value pairsOperator
Extra Flag(s) for extra data to be included [reverse_lookup
Outputs Description
Results (results) The results of the API call

Forti/Get Traffic method

Get Log Traffic Data.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
Subtype (is required) Select the subtype for the Traffic log category. Available values: forward, local, multicast, sniffer, fortiview, threat
Start Row number for the first row to return
Rows Number of rows to return.
Session ID Provide a session_id to continue getting data for that request.
Serial Number Retrieve log from the specified device.
Is HA Member Is the specified device an HA member.
Filter Filtering multiple key/value pairsOperator
Extra Flag(s) for extra data to be included [reverse_lookup
Outputs Description
Results (results) The results of the API call

Forti/Delete Single Firewall Policy method

Delete a Single Firewall Policy.

Inputs Description
Token (is required) To use the FortiOS API, you must have an API key.
Host (is required) Your FortiGate hostname
IP To Delete (is required) The name of the policy you want to delete
Outputs Description
Status (status) Success if the API call was executed correctly

VirusTotal

Returns just the related objects IDs (and context attributes, if any).

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation of URL
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The results of the API call

VirusTotal/URL Scan method

Perform a URL scan.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
URL (is required) URL to scan
Outputs Description
Data (data) The results of the API call

VirusTotal/URL Scan Report method

Receive URL analysis report.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation URL
Outputs Description
Data (data) The results of the API call

VirusTotal/Add Comment URL method

With this endpoint you can post a comment for a given URL.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation of URL
Text (is required) The content of the comment
Outputs Description
Data (data) The results of the API call

VirusTotal/Comments URL method

Returns a list of Comment objects.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation of URL
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The comments for the investigated URL

VirusTotal/Reanalyze URL method

Request a URL rescan.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation of URL
Outputs Description
Data (data) The results of the API call

URL objects have number of relationships to other URLs and objects.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation of URL
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The results of the API call

VirusTotal/Add Votes to URL method

With this endpoint you can post a vote for a given URL.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation of URL
Verdict (is required) The verdict of the vote
Outputs Description
Data (data) The results of the API call

VirusTotal/Votes URL method

Receive URL votes.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID given by VirusTotal for investigation of URL
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The votes for the investigated URL

VirusTotal/Domain Report method

Get domain report.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The results of the API call

VirusTotal/Domain Comments method

Get comments on a domain.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The List of comments for the domain which is investigated

VirusTotal/Add Comment to Domain method

Add a comment to a domain.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
Text (is required) The content of the comment
Outputs Description
Text (text) The content of the comment

VirusTotal/Domain Votes method

Get votes on a domain.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
Outputs Description
Data (data) A list with votes of the investigated domain

VirusTotal/Add Votes to Domain method

Add a vote to a domain.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
Verdict (is required) The type of verdict
Outputs Description
Verdict (verdict) The result of the vote (malicious or harmless)

Receive objects related to a domain.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The Object Related Domain

Receive object descriptors related to a domain.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The Object Descriptors Related to Domain

VirusTotal/Resolution Object method

Receive a DNS resolution object.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Domain (is required) The domain which is investigated
IP (is required) The IP of the domain which is investigated
Outputs Description
Data (data) The results of the API call

VirusTotal/IP Address Report method

Get an IP address report.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
IP (is required) The IP which is investigated
Outputs Description
Data (data) It provides a concise summary of cryptographic parameters used in the TLS handshake, helping to identify and classify network traffic

VirusTotal/IP Address Comments method

Get comments on an IP address.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
IP (is required) The IP which is investigated
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The comments for the investigated IP

VirusTotal/IP Address Votes method

Get votes on an IP address.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
IP (is required) The IP which is investigated
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The results of the API call

VirusTotal/Add Vote to IP Address method

With this endpoint you can post a vote for a given IP address.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
IP (is required) The IP which is investigated
Verdict (is required) The verdict of the vote
Outputs Description
Data (data) The result of the vote (malicious or harmless)

VirusTotal/Add Comment to IP Address method

With this endpoint you can post a comment for a given IP address.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
IP (is required) The IP which is investigated
Text (is required) The content of the comment
Outputs Description
Data (data) The results of the API call

Get objects related to an IP address.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
IP (is required) The IP which is investigated
Outputs Description
Data (data) The objects related to IP address investigated

Get object descriptors related to an IP address.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
IP (is required) The IP which is investigated
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The object descriptors for the IP which is investigated

VirusTotal/Attack Tactic Object method

Get objects related to an attack tactic.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) Attack tactics ID
Outputs Description
Data (data) The results of the API call

Get objects related to an attack tactic.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) Attack tactics ID
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) Results for the Object Related Tactic Requested

Get object descriptors related to an attack tactic.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) Attack tactics ID
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) Results for the Object Descriptors Related Tactic Requested

VirusTotal/Attack Technique Object method

Get an attack technique object.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) Attack techniques ID
Outputs Description
Data (data) The results of the API call

Get objects related to an attack technique.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) Attack techniques ID
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The results of the API call

Get object descriptors related to an attack technique.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) Attack techniques ID
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) The results of the API call

With this endpoint you can post a comment for a given IP address.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Outputs Description
Data (data) The Threat Categories of VirtusTotal

VirusTotal/Search Files, URL Domains, IP, Tag Comments method

Search files, URLs, domains, IPs and tag comments.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Query (is required) The elements which is searched
Outputs Description
Data (data) The results of the search

VirusTotal/VirusTotal Metadata method

Get VirusTotal metadata.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Outputs Description
Data (data) The results of the API call

VirusTotal/Latest Comments method

Get latest comments.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Limit Maximum number of related objects to retrieve
Filter Filter returned elements
Cursor Continuation cursor
Outputs Description
Data (data) A list with latest comments

VirusTotal/Information about Comment Object method

Get a comment object.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of URL or File which you want to get comments
Outputs Description
Data (data) The results of the API call

Get objects related to a comment.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of URL or File which you want to get comments
Relationship (is required) Relationship name
Outputs Description
Data (data) The results of the API call

VirusTotal/Add Vote to a Comment method

Add a vote to a comment.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The comment ID
Data (is required) Vote type
Outputs Description
Data (data) The results of the API call

VirusTotal/URL or File Analysis method

Get a URL/file analysis.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the URL File which is investigated
Outputs Description
Meta (meta) Additional details
Data (data) Indicates whether the analysis conducted on the data resulted in a harmless or non-threatening outcome, suggesting no presence of malicious or harmful elements.

VirusTotal/URL or Files Object Analysis method

Get objects related to an analysis.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the URL File which is investigated
Relationship (is required) Relationship name
Outputs Description
Data (data) The results of the API call

VirusTotal/URL or File Object Descriptor Analysis method

Get object descriptors related to an analysis.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the URL File which is investigated
Relationship (is required) Relationship name
Outputs Description
Data (data) The results of the API call

VirusTotal/Add Comment to File method

Add a comment to a file.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Text (is required) The content of the comment added to file
Outputs Description
Data (data) The results of the API call

VirusTotal/Large File Upload method

Get a URL for uploading large files.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
Outputs Description
Data (data) The link to upload a larger file

VirusTotal/File Report method

Get a file report.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Outputs Description
Data (data) The results of the API call

VirusTotal/Request File Rescan method

Request a file rescan.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Outputs Description
Type (type) The type of action
ID (id) The new ID of file which is reanalyzed

VirusTotal/File Comments method

Get file comments.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) A list with file comments

VirusTotal/Votes of File method

Get votes on a file.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) A list with the votes of file which is investigated

Get objects related to a file.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) A list of File Objects Related

Get object descriptors related to a file.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Relationship (is required) Relationship name
Limit Maximum number of related objects to retrieve
Cursor Continuation cursor
Outputs Description
Data (data) File Objects Descriptors Related

VirusTotal/File Summary Behavior Reports method

Get a summary of all behavior reports for a file.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Outputs Description
Data (data) Behavior Reports

VirusTotal/File Summary All Mitre Techniques method

Get a summary of all MITRE ATT&CK techniques observed in a file.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Outputs Description
Data (data) All Mitre Techniques seen in file

VirusTotal/File Behavior Reports method

Get all behavior reports for a file.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Outputs Description
Data (data) Behavior Reports

VirusTotal/File Crowdsourced Sigma Rule Object method

Get a Crowdsourced Sigma rule object.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID (is required) The ID of the file which is investigated
Outputs Description
Data (data) The results of the API call

VirusTotal/User Object method

This endpoint retrieves information about a user, including the privileges and quotas associated to the user.

Inputs Description
Token (is required) To use the VirusTotal API, you must have an API key.
ID or User Token (is required) User identification element
Outputs Description
Data (data) The results of the API call

VulnDB/Make a Request to VulnDB method

Get informations about: vulnerabilities, vendors, products (based on what parameters are provided).

Inputs Description
Token (is required) To use the Vuldb API, you must have an API key.
ID Vulnerability ID
Details Show details about vulnerabilities
CTI CTI (Cyber Threat Intelligence) to show information within API
Fields This parameter is used if you want additional details
Recent most recent entries
Updates last updated
Timestamp Create VulDB entry added to the database
Timestamp Change VulDB entry changed for the last time
Timestamp Change Start VulDB entry changed for the last time started
Timestamp Create Alert VulDB entry added to the database stated
Advisory Date VulDB advisory start date
Search state search queries like they would be used in a search on the web site.
Advanced Search The field can hold multiple search keys
Collection Predefined set of entries. This is often used as vendor or product-based collections within streamlined vulnerability management handling
IPADDR Query IP address to get risk level
Actor APT actor names
Events possible current events
Sort For sorting response
Limit For limiting responses
Outputs Description
Results (results) The results of the API call

WhatIsMyBrowser

whatismybrowser/Bot Detection method

Detect the requesting software/agent.

Inputs Description
Token (is required) To use the WhatIsMyBrowser API, you must have an API key.
Headers (is required) The HTTP headers send by the visitors
Outputs Description
Detection (detection) The results of the API call
Result (result) The status of the API call

Wigle

Wigle/Bluetooth Details method

Provide unique information for a Bluetooth network. API and session authentication default to a page size of 100 results/page. Number of daily queries allowed per user are throttled based on history and participation. Detail endpoints are NOT included in COMMAPI subscriptions at this time.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Net ID (is required) The full Bluetooth Device ID to search
Reverse Address Reverse geocode for an approximate address
Outputs Description
Results (results) The results of the API call

Wigle/Bluetooth Search method

Provide unique information for a Bluetooth network. API and session authentication default to a page size of 100 results/page. Number of daily queries allowed per user are throttled based on history and participation. Detail endpoints are NOT included in COMMAPI subscriptions at this time.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Only Mine Search only for points first discovered by the current user.
Not Mine Only search for networks first seen by other users
Show BT Include BT networks
Show BLE Include BLE networks
Latitude Minimum Value Lesser of two latitudes by which to bound the search (specify both)
Latitude Maximum Value Greater of two latitudes by which to bound the search (specify both)
Longitude Minimum Value Lesser of two longitudes by which to bound the search (specify both)
Longitude Maximum Value Greater of two longitudes by which to bound the search (specify both)
Closest Latitude Latitude to order by closest network (requires closestLong)
Closest Longitude Longitude to order by closest network (requires closestLat)
Last Update Filter points by how recently theyve been updated (more recent than this value), condensed date/time numeric string format yyyyMMdd[hhmm[ss]]
First Time Filter points by when they were first created (more recent than this value), condensed date/time numeric string format yyyyMMdd[hhmm[ss]]
Last Time Filter points by how recently theyve had data submitted (more recent than this value), condensed date/time numeric string format yyyyMMdd[hhmm[ss]]
Start Trans ID Earliest transid by which to bound (year-level precision only), format yyyyMMdd-00000
End Trans ID Latest transid by which to bound (year-level precision only), format yyyyMMdd-00000
Net ID Include only networks matching the string network BSSID, e.g. 0A:2C:EF:3D:25:1B or 0A:2C:EF. The first three octets are required.
Name Include only networks exactly matching the string network name.
Name Like Include only networks matching the string network name, allowing wildcards % (any string) and _ (any character).
Minimum QoS Minimum Quality of Signal
Variance How tightly to bound queries against the provided latitude/longitude box. Value must be between 0.001 and 0.2. Intended for use with non-exact decimals and geocoded bounds.
House Number Street address house number
Road Street address road
City Street address city
Region Street address region
Postal Code Street address postal code
Country Street address country
Results per Page How many results to return per request. Defaults to 25 for COMMAPI, 100 for site. Bounded at 1000 for COMMAPI, 100 for site.
Search After Put in the previous pages searchAfter result to get the next page. Use this instead of first
Outputs Description
Results (results) The results of the API call

Wigle/MCC and MCE Codes method

Get MCC and MNC codes for Cellular Networks.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
MCC MCC (Mobile Country Code) to filter
MNC MNC ( Mobile Network Code) to filter
Outputs Description
values (parsedData) The results of the API call

Wigle/Cellular Search method

Search the WIGLE database.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Only Mine Search only for points first discovered by the current user.
Show GSM Include GSM cell networks
Show CDMA Include CDMA cell networks
Show LTE Include LTE cell networks
Show WCDMA Include WCDMA cell networks
Show 5G Networks Include 5G NR cell networks
Not Mine Only search for networks first seen by other users
Latitude Minimum Value Lesser of two latitudes by which to bound the search (specify both)
Latitude Maximum Value Greater of two latitudes by which to bound the search (specify both)
Longitude Minimum Value Lesser of two longitudes by which to bound the search (specify both)
Longitude Maximum Value Greater of two longitudes by which to bound the search (specify both)
Closest Latitude Search only for points first discovered by the current user.
Closest Longitude Longitude to order by closest network (requires closestLat)
Last Update Filter points by how recently theyve been updated (more recent than this value), condensed date
First Time Filter points by when they were first created (more recent than this value), condensed date/time numeric string format yyyyMMdd[hhmm[ss]]
Last Time Filter points by how recently theyve had data submitted (more recent than this value), condensed date
Start Trans ID Earliest transid by which to bound (year-level precision only), format yyyyMMdd-00000
End Trans ID Latest transid by which to bound (year-level precision only), format yyyyMMdd-00000
Cell Operator Cell Operator (GSM/LTE/WCDMA/5G NR) or System (CDMA) ID parameter by which to filter
Cell LAC Cell LAC (Local Area Code) (GSM/LTE/WCDMA/5G NR) or Network (CDMA) ID parameter by which to filter
Cell ID Cell ID(GSM/LTE/WCDMA/5G NR) or Basestation (CDMA) parameter by which to filter
SSID Include only cell towers exactly matching the string network name.
SSID Like Include only cell towers matching the string network name, allowing wildcards % (any string) and _ (any character).
Minimum QoS Minimum Quality of Signal
Variance How tightly to bound queries against the provided latitude/longitude box. Value must be between 0.001 and 0.2. Intended for use with non-exact decimals and geocoded bounds.
House Number Street address house number
Road Street address road
City Street address city
Region Street address region
Postal Code Street address postal code
Country Street address country
Results per Page How many results to return per request. Defaults to 25 for COMMAPI, 100 for site. Bounded at 1000 for COMMAPI, 100 for site.
Search After Put in the previous pages searchAfter result to get the next page. Use this instead of first
Outputs Description
Results (results) The results of the API call

Wigle/Network Search method

Search the Wigle Cell database.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Only Mine Search only for points first discovered by the current user.
Free Internet Include only networks that have been marked as free access.
Paid Internet Include only networks that have been marked as for-pay access.
Not Mine Only search for networks first seen by other users
Latitude Minimum Value Lesser of two latitudes by which to bound the search (specify both)
Latitude Maximum Value Greater of two latitudes by which to bound the search (specify both)
Longitude Minimum Value Lesser of two longitudes by which to bound the search (specify both)
Longitude Maximum Value Greater of two longitudes by which to bound the search (specify both)
Closest Latitude Search only for points first discovered by the current user.
Closest Longitude Longitude to order by closest network (requires closestLat)
Last Update Filter points by how recently theyve been updated (more recent than this value), condensed date
First Time Filter points by when they were first created (more recent than this value), condensed date/time numeric string format yyyyMMdd[hhmm[ss]]
Last Time Filter points by how recently theyve had data submitted (more recent than this value), condensed date
Start Trans ID Earliest transid by which to bound (year-level precision only), format yyyyMMdd-00000
End Trans ID Latest transid by which to bound (year-level precision only), format yyyyMMdd-00000
Cell Operator Cell Operator (GSM/LTE/WCDMA/5G NR) or System (CDMA) ID parameter by which to filter
Cell LAC Cell LAC (Local Area Code) (GSM/LTE/WCDMA/5G NR) or Network (CDMA) ID parameter by which to filter
Cell ID Cell ID(GSM/LTE/WCDMA/5G NR) or Basestation (CDMA) parameter by which to filter
SSID Include only cell towers exactly matching the string network name.
SSID Like Include only cell towers matching the string network name, allowing wildcards % (any string) and _ (any character).
Minimum QoS Minimum Quality of Signal
Show GSM Include GSM cell networks
Show CDMA Include CDMA cell networks
Show LTE Include LTE cell networks
Show WCDMA Include WCDMA cell networks
Show 5G Networks Include 5G NR cell networks
Variance How tightly to bound queries against the provided latitude/longitude box. Value must be between 0.001 and 0.2. Intended for use with non-exact decimals and geocoded bounds.
House Number Street address house number
Road Street address road
City Street address city
Region Street address region
Postal Code Street address postal code
Country Street address country
Results per Page How many results to return per request. Defaults to 25 for COMMAPI, 100 for site. Bounded at 1000 for COMMAPI, 100 for site.
Search After Put in the previous pages searchAfter result to get the next page. Use this instead of first
Outputs Description
Results (results) The results of the API call

Wigle/Network Geocode method

Get coordinates for an address for use in searching.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Address Code (is required) An address string, Street, City, State/Region, Country
Outputs Description
results (results) The results of the API call

Wigle/Network Detail method

Add a comment to a network.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Net ID The WiFi Network BSSID to search
Operator GSM/LTE/WCDMA/5G NR Operator ID
LAC GSM/LTE/WCDMA/5G NR Location Area Code
CID GSM/LTE/WCDMA/5G NR Cell ID/NIR
Type Network Type: CDMA/GSM/LTE/WCDMA/NR/WIFI
System CDMA System ID
Network CDMA Network ID
Base Station CDMA Base Station ID
Outputs Description
Results (results) The results of the API call

Wigle/Countries Stats method

Get statistics organized by country.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Outputs Description
Countries (countries) The results of the API call

Wigle/General Stats method

Get a named map of general upload statistics.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Outputs Description
Octet Presence (octet) The number of Octet
WPA2 Networks Count (netwpa2) The number of WPA2 Networks
Android Devices Included (android) The number of Android Devices
WPA3 Networks Count (netwpa3) The number of WPA3 Networks
Total Wireless Networks (gentotal) The number of Total Wireless Networks
Manufacturer Data Included (manufacturer) True if it includes data about manufacturers
Non-WEP Networks Count (netnowep) The number of Non-WEP Networks
Networks with Default SSIDs (dfltssid) The number of Networks with Default SSIDs
Default WPA/WPA2 Keys Count (dfltwpk) The number of Default WPA/WPA2 Keys Count
Data Transactions (Type 2) (trans2da) The number of Data Transactions (Type 2)
WPA Networks Count (netwpa) The number of WPA Networks
Data Transactions (Type 1) (trans1da) The number of Data Transactions (Type 1)
Total Networks Count (nettotal) The number of Total Networks
Bluetooth Devices Count (bttotal) The number of Bluetooth Devices
New Networks Detected Today (nettoday) The number of New Networks Detected Today
WEP Encryption Networks Count (netwep) The number of WEP Encryption Networks
Total Locations Count (loctotal) The number of WEP Encryption Networks
WEP Networks Count (netwep) The number of WEP Network
SSID Statistics (ssidStatistics) Additional details about SSID Statistics

Wigle/Group Stats method

Get group standings.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Outputs Description
Groups (groups) The results of the API call

Wigle/Region Stats method

Get statistics for a specified country, organized by region, postal code and encryption.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Country (is required) The two-letter code of the country for which youd like a regional breakdown. Defaults to US
Outputs Description
Regions (regions) The results of the API call

Wigle/Site Stats method

Get a named map of site-level statistics.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Outputs Description
Geographic Query Queue (geoQueue) The number of Geographic Query Queue
WPA2 Networks Count (netwpa2) The number of WPA2 Networks
WPA3 Networks Count (netwpa3) The number of WPA3 Networks
Total Network Count (gentotal) The number of Total Network
Non-WEP Networks Count (netnowep) The number of Non-WEP Networks
Networks with Default SSIDs Count (dfltssid) The number of Networks with Default SSID
Networks with Default WPA/WPA2 Keys Count (dfltwpkn) The number of Networks with Default WPA/WPA2 Keys
Data Transactions (Type 2) Count (trans2da) The number of Data Transactions (Type 2)
WPA Networks Count (netwpa) The number of WPA Network
Data Transactions (Type 1) Count (trans1da) The number of Data Transactions (Type 1)
Total Wireless Networks Count (nettotal) The number of Total Wireless Networks
Total Bluetooth Devices Count (bttotal) The number of Total Bluetooth Devices
New Networks Detected Today (nettoday) The number of New Networks Detected
Uncertain WEP Networks Count (netwep?) The number of Uncertain WEP Networks
Total Geographic Locations Count (loctotal) The number of Total Geographic Locations
WEP Networks Count (netwep) The number of WEP Networks Count
Total Data Transactions Count (transtot) The number of Total Data Transactions
Waiting Query Queue (waitQueue) The number of Waiting Query Queue
Size (size) Size
Bluetooth Devices at Locations Count (btloc) The number of Bluetooth Devices at Locations
Success (success) True if the API call was successful

Wigle/Standings Stats method

Get user standings.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
Sort The criteria by which to sort the results. Values are [discovered, total, monthcount, prevmonthcount, gendisc, gentotal, firsttransid, lasttransid]
Page Start The first record to request according to the sort paramete
Page End The last record to request according to the sort parameter
Outputs Description
Results (results) The results of the API call

Wigle/User Stats method

Get user statistics.

Inputs Description
Username (is required) Username from Wigle Account
Password (is required) The Password from Wigle Account
User (is required) The name of the user for whom to get stats
Outputs Description
Statistics (statistics) The results of the API call

Opsgenie

Opsgenie/Create Team method

Creates a new team.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Name (is required) Name of the team
Description The description of team
Members The users which will be added to team, and optionally their roles.
Outputs Description
Result (result) The result of the API call
Data (data) Details about the new created team

Opsgenie/List Teams method

Return list of teams.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Outputs Description
Data (data) The result of the API call

Opsgenie/Get Team method

Returns team with given id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the team
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id
Outputs Description
ID (data_id)
Name (data_name)
Description (data_description)
Members (data_members)

Opsgenie/Delete Team method

Returns team with given id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the team
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id
Outputs Description
Result (result) The result of the API call

Opsgenie/Update Team method

Update team with given id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team ID (is required) Identifier of the team
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id
Name The name of team
Description The description of team
Members The users which will be added to team, and optionally their roles.
Outputs Description
Result (result) The result of the API call

Opsgenie/List Team Logs method

Update team with given id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key
Identifier (is required) Identifier of the team
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id
Limit Maximum number of items to provide in the result. Must be a positive integer value. Default value is 20 and maximum is 100
Order Sorting order of the result set. Possible values are desc and asc. Default value is desc
Offset Key which will be used in pagination
Outputs Description
Logs (data_logs) The results of the API call

Opsgenie/Add Team Member method

Adds a member to team with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id
Username Member identifier of the team, consisting id and/or username. Username or ID required!
User ID Member identifier of the team, consisting id and/or username.Username or ID required!
Role Member role of the user, consisting user and admin. Default value is user
Outputs Description
Result (result) The result of the API call
Data (data) Details about the new team member

Opsgenie/Delete Team Member method

Remove team member.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Member Identifier (is required) User id or username of member for removal
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Outputs Description
Result (result) The result of the API call
Data (data) Details about deleted team member

Opsgenie/List Team Roles method

Remove team member.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Outputs Description
Data (data) The results of the API call

Opsgenie/Create Team Role method

Create team role.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Name Name of the defined team role
Rights You can refer Team Right for detailed information about team right and its fields
Outputs Description
Result (result) The result of the API call
Data (data) Details about the new created team role

Opsgenie/Get Team Role method

Returns team role with given id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Team role Identifier (is required) Identifier of the team role
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Role Identifier Type Type of the team role identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Outputs Description
Data (data) Details about team Role

Opsgenie/Delete Team Role method

Deletes a team role using team role id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Team role Identifier (is required) Identifier of the team role
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Role Identifier Type Type of the team role identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Name Name of the team role
Rights Type of the team role identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Outputs Description
Result (result) The result of the API call

Opsgenie/Update Team Role method

Update team role.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Team Role Identifier (is required) Identifier of the team role
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Name Name of the defined team role
Rights You can refer Team Right for detailed information about team right and its fields
Outputs Description
Result (result) The result of the API call
Data (data) Details about the updated team role

Opsgenie/Create Team Routing Rule method

Returns team role with given id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Name Name of the team routing rule
Order The order of the team routing rule within the rules. order value is actually the index of the team routing rule whose minimum value is 0 and whose maximum value is n-1 (number of team routing rules is n)
Timezone Timezone of team routing rule. If timezone field is not given, account timezone is used as default.
Criteria Type Defines the conditions that will be checked before applying team routing rule and type of the operations that will be applied on these conditions
Criteria Conditions Defines the conditions that will be checked before applying team routing rule and type of the operations that will be applied on these conditions
Time Restriction Type This parameter should be set time-of-day
List of Time Restrictions It is a restriction object which is described: startHour = Value of the hour that team routing rule start workingstartMin = Value of the minute that team routing rule start workingendHour = Value of the hour that team routing rule end workingendMin = Value of the minute that team routing rule end working
Notify Target entity of schedule, escalation, or the reserved word none which will be notified in routing rule. The possible values for notify type are:scheduleescalation* none
Outputs Description
Result (result) The result of the API call
Data (data) Details about team routing rule

Opsgenie/Get Team Routing Rule method

Returns team routing rule with given id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
ID (is required) Id of the team routing rule
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Outputs Description
Data (data) Details about team routing rule

Opsgenie/Update Team Routing Rule method

Update routing rule of the team.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
ID (is required) Id of the team routing rule
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Name Name of the team routing rule
Order The order of the team routing rule within the rules. order value is actually the index of the team routing rule whose minimum value is 0 and whose maximum value is n-1 (number of team routing rules is n)
Timezone Timezone of team routing rule. If timezone field is not given, account timezone is used as default.
Criteria Type Defines the conditions that will be checked before applying team routing rule and type of the operations that will be applied on these conditions
Criteria Conditions Defines the conditions that will be checked before applying team routing rule and type of the operations that will be applied on these conditions
Time Restriction Type This parameter should be set time-of-day
List of Time Restrictions It is a restriction object which is described: startHour = Value of the hour that team routing rule start workingstartMin = Value of the minute that team routing rule start workingendHour = Value of the hour that team routing rule end workingendMin = Value of the minute that team routing rule end working
Notify Target entity of schedule, escalation, or the reserved word none which will be notified in routing rule. The possible values for notify type are:scheduleescalation* none
Outputs Description
Result (result) The result of the API call
Data (data) Details about updated team routing rule

Opsgenie/Delete Team Routing Rule method

Delete team routing rule with given id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
ID (is required) Id of the team routing rule
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Outputs Description
Result (result) The result of the API call

Opsgenie/Change Team Routing Rule Order method

Change the order of team routing rule with given id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
ID Routing Rule (is required) Id of the team routing rule
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Order (is required) The order of the team routing rule within the rules. Value is actually the index of the team routing rule whose minimum value is 0 and whose maximum value is n-1 (number of team routing rules is n).
Outputs Description
Result (result) The result of the API call
Data (data) Details about the changed order team routing rule

Opsgenie/List Team Routing Rules method

Returns list of team routing rules.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Team Identifier (is required) Identifier of the team
Team Identifier Type Type of the team identifier that is provided as an in-line parameter. Possible values are id and name . Default value is id
Outputs Description
Data (data) The results of the API call

Opsgenie/List Users method

List users with given parameters.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Limit Number of users to retrieve
Offset Number of users to skip from start
Sort Field Field to use in sorting. Should be one of username, fullName and insertedAt
Order Direction of sorting. Should be one of asc or desc
Query Field:value combinations with most of user fields to make more advanced searches. Possible fields are username, fullName, blocked, verified, role, locale, timeZone, userAddress and createdAt
Outputs Description
Data (Data) The results of the API call

Opsgenie/Create User method

Creates a user with the given payload.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Username (is required) E-mail address of the user
Full Name (is required) Name of the user
Role (is required) Role of user. It may be one of admin, user or the name of a custom role you haeve created.
Invitation Disabled Invitation email will not be sent if set to true. Default value is false
Skype Username Skype username of the user
Time Zone Timezone of the user. If not set, timezone of the customer will be used instead.
Locale Location information of the user. If not set, locale of the customer will be used instead.
Country User Country
State User State
City User City
Zip Code User Zip Code
Tags ist of labels attached to the user. You can label users to differentiate them from the rest. For example, you can add ITManager tag to differentiate people with this role from others.
Outputs Description
Result (result) The result of the API call
ID (data_id) The ID of the new created user
Name (data_name) The name of the user

Opsgenie/Get User method

Get user for the given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Expand Comma separated list of strings to create a more detailed response. The only expandable field for user api is contact
Outputs Description
Data (data) Details about the user
Expandable (expandable) A list with the additional details in the API response

Opsgenie/Update User method

Update user with the given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Username E-mail address of the user
Full Name (is required) Name of the user
Role Role of user. It may be one of admin, user or the name of a custom role you have created.
Invitation Disabled Invitation email will not be sent if set to true. Default value is false
Skype Username Skype username of the user
Time Zone Timezone of the user. If not set, timezone of the customer will be used instead.
Locale Location information of the user. If not set, locale of the customer will be used instead.
Country User Country
State User State
City User City
Zip Code User Zip Code
Tags ist of labels attached to the user. You can label users to differentiate them from the rest. For example, you can add ITManager tag to differentiate people with this role from others.
Outputs Description
Result (result) The result of the API call

Opsgenie/Delete User method

Delete user with the given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Outputs Description
Result (result) The result of the API call

Opsgenie/List User Teams method

List user teams for the given user identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Outputs Description
Data (data) The results of the API call

Opsgenie/List User Forwarding Rules method

List user forwarding rules for the given user identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Outputs Description
Data (data) The results of the API call

Opsgenie/List User Escalations method

List escalations of the user for the given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Outputs Description
Data (data) The results of the API call

Opsgenie/List User Schedules method

List schedules of the user for the given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Outputs Description
Data (data) The results of the API call

Opsgenie/List Contacts method

Returns list of contacts.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Outputs Description
Data (data) The results of the API call

Opsgenie/Create Contact method

Creates a new contact.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Method (is required) Id of the contact
To (is required) Address of contact method
Outputs Description
Result (result) The result of the API call
ID (data_id) The ID of the created contact

Opsgenie/Update Contact method

Returns list of contacts.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Contact ID (is required) Id of the contact
To (is required) Address of contact method
Outputs Description
Result (result) The result of the API call
ID (data_id) The new contact ID

Opsgenie/Get Contact method

Returns contact with given id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Contact ID (is required) Id of the contact
Outputs Description
Data (data) The result of the API call

Opsgenie/Delete Contact method

Delete contact using contact id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Contact ID (is required) Id of the contact
Outputs Description
Result (result) The result of the API call

Opsgenie/Enable Contact method

Enable the contact of the user.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Contact ID (is required) Id of the contact
Outputs Description
Result (result) The result of the API call

Opsgenie/Disable Contact method

Disable the contact of the user.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Contact ID (is required) Id of the contact
Outputs Description
Result (result) The result of the API call

Opsgenie/List Notification Rules method

Returns list of notification rules.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the user to be searched
Outputs Description
Data (data) The result of the API call

Opsgenie/Create Notification Rule method

Returns list of notification rules.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Name (is required) Name of the notification rule.
Action Type (is required) Type of the action that notification rule will have. This parameter should be one of create-alert, acknowledged-alert, closed-alert, assigned-alert, add-note, schedule-start, schedule-end and incoming-call-routing.If actionType is scheduleStart or scheduleEnd, notificationTime is mandatory
Enable (is required) If notification rule will be enabled or not when it is created
Outputs Description
Data (data) Details about the new created notification rule

Opsgenie/Get Notification Rule method

Returns notification rule with given id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Outputs Description
Data (data) The result of the API call

Opsgenie/Delete Notification Rule method

Deletes a notification rule with given notification rule id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Outputs Description
Result (reusult) The result of the API call

Opsgenie/Update Notification Rule method

Deletes a notification rule with given notification rule id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Name (is required) Name of the notification rule.
Action Type (is required) Type of the action that notification rule will have. This parameter should be one of create-alert, acknowledged-alert, closed-alert, assigned-alert, add-note, schedule-start, schedule-end and incoming-call-routing.If actionType is scheduleStart or scheduleEnd, notificationTime is mandatory
Criteria Defines the conditions that will be checked before applying notification rule and type of the operations that will be applied on conditions. Default value is matching all notification rules.
Notification Time List of Time Periods that notification for schedule start/end will be sent. This parameter should be one of just-before, 15-minutes-ago, 1-hour-ago and 1-day-ago
Time Restriction Type The type of time restriction
Time Restriction Start Hour Starting hour of notification rule
Time Restriction Start Minute Starting minute of notification rule
Time Restriction End Hour Ending hour of notification rule
Time Restriction End Minute Ending minute of notification rule
Schedules This field is valid for Schedule Start/End rules. It can be list of schedules that notification rule will be applied when on call of that schedule starts/ends. This field shall only be populated with the specified users schedules.
Order he order of the notification rule within the notification rules with the same action type. order value is actually the index of the notification rule whose minimum value is 0 and whose maximum value is n-1 (number of notification rules with the same action type is n)
Steps List of steps that will be added to notification rule.
Repeat The amount of time in minutes that notification steps will be repeatedly apply.
Enable (is required) If notification rule will be enabled or not when it is created
Outputs Description
Data (data) Details about the updated notification rule

Opsgenie/Enable Notification Rule method

Enable notification rule.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Outputs Description
Result (result) The result of the API call

Opsgenie/Disable Notification Rule method

Enable notification rule.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Outputs Description
Result (result) The result of the API call

Opsgenie/Change Order Notification Rule method

Changes order of a notification rule with given notification rule id.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Order (is required) The order of the rule
Outputs Description
Result (result) The result of the API call

Opsgenie/List Notification Rule Step method

Returns list of notification rule steps.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Outputs Description
Data (data) The results of the API call

Opsgenie/Create Notification Rule Steps method

Returns list of notification rule steps.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
User Identifier (is required) Identifier of the user for this notification rule. You should provide either id or username of the user
Rule ID (is required) Id of the notification rule
Contact Method (is required) Method how to get on contact
To (is required) Recipient
Send After Time period (in minute) when notification will be sent after. Valid and Mandatory only for New Alert and Assigned Alert notification rules. sendAfter parameter should be given as an object which has a timeAmount field that takes amount as minutes.
Enabled (is required) Specifies whether given step will be enabled or not when it is created
Outputs Description
Data (data) Details about notification rule steps created

Opsgenie/List Escalations method

Returns list of escalations.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Outputs Description
Data (data) The results of the API call

Opsgenie/Create Escalation method

Creates a new escalation.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Name (is required) Name of the escalation
Description Description of the escalation
Rules (is required) List of the escalation rules.
Owner Team Name Owner team of the escalation, consisting id and/or name of the owner team
Repeat interval
Outputs Description
Result (result) The result of the API call
Data (data) Details about the new created escalation

Opsgenie/Get Escalation method

Returns escalation with given id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier (is required) Identifier of the escalation
Outputs Description
Data (data) Details about escalation
Rules (rules) A list of rules used by escalation

Opsgenie/Delete Escalation method

Deletes an escalation using escalation id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id
Identifier (is required) Identifier of the escalation
Outputs Description
Result (result) The result of the API call

Opsgenie/Update Escalation method

Updates the escalation using escalation id or name.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id
Identifier Identifier of the escalation
Name Name of the escalation
Description Description of the escalation
Rules List of the escalation rules.
Owner Team Owner team of the escalation, consisting id and/or name of the owner team
Repeat interval
Outputs Description
Result (result) The result of the API call

Opsgenie/Create Forwarding Rule method

Creates a new forwarding rule.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
From User ID The user object of user whose notifications will be forwarded. From User Id or Username Required!
From User Username The user object of user whose notifications will be forwarded.From User Id or Username Required!
To User ID The user object of user who will receive the forwarded notifications.From User Id or Username Required!
To User Username The user object of user who will receive the forwarded notifications.From User Id or Username Required!
Start Date (is required) The date and time for forwarding will start, which takes a date format as (yyyy-MM-dd T HH:mm:ssZ) (e.g. 2017-01-15T08:00:00+02:00)
End Date (is required) The date and time for forwarding will end, which takes a date format as (yyyy-MM-dd T HH:mm:ssZ) (e.g. 2017-01-15T08:00:00+02:00)
Alias A user defined identifier for the forwarding rule. There can be only one forwarding rule with the same alias. Provides ability to assign a known id and later use this id to perform additional actions such as update the rule, etc.
Outputs Description
Data (data) Details about the new created team forwarding rule

Opsgenie/List Forwarding Rules method

Returns list of forwarding rules.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Outputs Description
Data (data) The results of the API call

Opsgenie/Get Forwarding Rule method

Returns forwarding rule with given id or alias.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and alias. Default value is id
Identifier (is required) Identifier of the forwarding rule
Outputs Description
Data (data) Details about the forwarding rule

Opsgenie/Delete Forwarding Rule method

Deletes forwarding rule with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and alias. Default value is id
Identifier (is required) Identifier of the forwarding rule
Outputs Description
Result (result) The result of the API call

Opsgenie/Update Forwarding Rule method

Update forwarding rule with given rule id or alias.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
From User ID The user object of user whose notifications will be forwarded. From User Id or Username Required!
Identifier (is required) Identifier of the forwarding rule
From User ID The user object of user whose notifications will be forwarded. From User Id or Username Required!
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and alias. Default value is id
From User Username The user object of user whose notifications will be forwarded.From User Id or Username Required!
To User ID The user object of user who will receive the forwarded notifications.From User Id or Username Required!
To User Username The user object of user who will receive the forwarded notifications.From User Id or Username Required!
Start Date (is required) The date and time for forwarding will start, which takes a date format as (yyyy-MM-dd T HH:mm:ssZ) (e.g. 2017-01-15T08:00:00+02:00)
End Date (is required) The date and time for forwarding will end, which takes a date format as (yyyy-MM-dd T HH:mm:ssZ) (e.g. 2017-01-15T08:00:00+02:00)
Outputs Description
Data (data) Details about the updated forwarding rule

Opsgenie/List Alerts method

List all alerts.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Outputs Description
Data (data) The results of the API call

Opsgenie/Create Alert method

Create Alert.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Message (is required) Message of the alert
Alias Client-defined identifier of the alert
Description Description field of the alert that is generally used to provide a detailed information about the alert
Responders Teams, users, escalations and schedules that the alert will be routed to send notifications. type field is mandatory for each item, where possible values are team, user, escalation and schedule. If the API Key belongs to a team integration, this field will be overwritten with the owner team. Either id or name of each responder should be provided.You can refer below for example values.
Visible to Teams and users that the alert will become visible to without sending any notification.type field is mandatory for each item, where possible values are team and user. In addition to the type field, either id or name should be given for teams and either id or username should be given for users. Please note: that alert will be visible to the teams that are specified withinresponders field by default, so there is no need to re-specify them within visibleTo field. You can refer below for example values.
Actions Custom actions that will be available for the alert.
Tags Tags of the alert
Details Map of key-value pairs to use as custom properties of the alert.
Entity
Source Source field of the alert. Default value is IP address of the incoming request.
Priority Priority level of the alert. Possible values are P1, P2, P3, P4 and P5. Default value is P3.
User Display name of the request owner.
Note Additional note that will be added while creating the alert.
Outputs Description
Result (Result) The results of the API call
Request ID (requestId) The results of the API call

Opsgenie/Request Status of Alert method

Alert creation, deletion, and action requests are processed asynchronously to provide higher availability and scalability, therefore valid requests for those endpoints are responded to with HTTP status 202 - Accepted. The Get Request Status endpoint is used to track the status and alert details (if any) of the request whose identifier is given.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Request ID (is required) Universally unique identifier of the questioned request. Please note: that ID of the request was provided within response.
Outputs Description
Data (data) The result of the API call

Opsgenie/Count Alerts method

Count alerts request is used to count alerts in Opsgenie.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Query Search query to apply while filtering the alerts. You can refer Alerts Search Query Help for further information about search queries.
Search Identifier Identifier of the saved search query to apply while filtering the alerts.
Search Identifier Type Identifier type of the saved search query. Possible values are id and name. Default value is id. If searchIdentifier is not provided, this value is ignored.
Outputs Description
Count (data_count) The number Alerts

Opsgenie/Saved Search method

Get saved search for the given search identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the saved search
Outputs Description
Data (data) Details about saved search

Opsgenie/Delete Saved Search method

Deletes saved search using given search identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier Identifier of the saved search
Outputs Description
Result (result The result of the API call

Opsgenie/Update Saved Search method

Deletes saved search using given search identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the saved search
Name (is required) Unique name of the saved search.
Query (is required) Search query to be used while filtering the alerts.
Owner (is required) User that will be assigned as owner of the saved search. Saved searches are always accessible to their owners.
Description Informational description of the saved search. Maximum length is 15000 characters.
Teams Teams that saved search is assigned to. If a saved-search is assigned to at least one team, saved-search will only be accessible to the owner and members of the assigned teams. A saved-search can be assigned to at most 20 teams.
Outputs Description
Data (data) Details about saved search updated

Opsgenie/Lists Saved Searches method

List Saved Searches.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Outputs Description
Data (data) The results of the API call

Opsgenie/Create Saved Search method

Create saved search with given fields.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Name (is required) Unique name of the saved search.
Query (is required) Search query to be used while filtering the alerts.
Owner username (is required) User that will be assigned as owner of the saved search. Saved searches are always accessible to their owners.
Description Informational description of the saved search. Maximum length is 15000 characters.
Teams Teams that saved search is assigned to. If a saved-search is assigned to at least one team, saved-search will only be accessible to the owner and members of the assigned teams. A saved-search can be assigned to at most 20 teams.
Outputs Description
Data (data) Details about the new created saved search

Opsgenie/Add Tags method

Add tags to the alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Tags (is required) List of tags to add into alert
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Remove tags method

Remove tags of the alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Tags (is required) Comma separated list of tags to remove from alert.
Note Additional alert note to add.
Outputs Description
Result (result) The result of the API call

Opsgenie/Add Details method

Add details to the alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Details (is required) Key-value pairs to add as custom property into alert. You can refer below for example values
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add.
Outputs Description
Result (result) The result of the API call

Opsgenie/Remove Details method

Remove details of the alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Keys (is required) Comma separated list of keys to remove from the custom properties of the alert.
User Display name of the request owner
Source Display name of the request source.
Note Additional alert note to add.
Outputs Description
Result (result) The result of the API call

Opsgenie/List Alert Notes method

List alert notes for the given alert identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Offset Starting value of the offset property
Direction Page direction to apply for the given offset. Possible values are next and prev. Default value is next.next: Offset values of provided notes should be greater than the given offsetprev: Offset values of provided notes should be less than the given offset
Limit Maximum number of items to provide in the result. Must be a positive integer value. Default value is 20 and maximum value is 100.
Order Sorting order of the result set. Possible values are desc and asc. Default value is desc.desc: Sort result set in descending orderasc: Sort result set in ascending order
Outputs Description
Data (data) The result of the API call

Opsgenie/Add Note method

Adds note to alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
User Display name of the request owner.
Source Display name of the request source.
Note (is required) Alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Get Alert method

Returns alert with given id, tiny id or alias.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Outputs Description
Data (data) Details about the alert

Opsgenie/Delete Alert method

Deletes an alert using alert id, tiny id or alias.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
User Display name of the request owner.
Source Display name of the request source.
Outputs Description
Result (result) The result of the API call

Opsgenie/Acknowledge Alert method

Acknowledges alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Unacknowledged Alert method

Unacknowledged alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Close Alert method

Closes alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Snooze Alert method

Snooze alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
End time (is required) Date and time that snooze will lose effect. Provided value should be in ISO 8061 format.
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Escalate Alert method

Escalate alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Escalation ID Escalation that the alert will be escalated. Escalation ID or Escalation Name is required to work
Escalation Name Escalation that the alert will be escalated. Escalation ID or Escalation Name is required to work
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Assign Alert method

Assign alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Owner ID User that the alert will be assigned to. Either id or username of the user should be provided. You can refer below for example values.
Owner Username User that the alert will be assigned to. Either id or username of the user should be provided. You can refer below for example values.
User Display name of the request owner.
Source Display name of the request source.
Note Identifier of the saved search
Outputs Description
Result (result) The result of the API call

Opsgenie/Add Responder method

Add responder to alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Responder Type Team or user that the alert will be routed to. type field is mandatory for item, where possible values are team and user. In addition to the type field id should be given. You can refer below for example values.
Responder ID Team or user that the alert will be routed to. type field is mandatory for item, where possible values are team and user. In addition to the type field id should be given. You can refer below for example values.
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Add Team method

Add team to alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Team ID Team or user that the alert will be routed to. type field is mandatory for item, where possible values are team and user. In addition to the type field id should be given. You can refer below for example values.
Team Name Team or user that the alert will be routed to. type field is mandatory for item, where possible values are team and user. In addition to the type field id should be given. You can refer below for example values.
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Execute Custom Action method

Custom actions for the alert.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Action (is required) Name of the action to execute
User Display name of the request owner.
Source Display name of the request source.
Note Additional alert note to add
Outputs Description
Result (result) The result of the API call

Opsgenie/Update Alert Message method

Update the message of the alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Message (is required) Message of the alert.
Outputs Description
Result (result) The result of the API call

Opsgenie/Update Alert Description method

Update the description of the alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Description Description of the alert.
Outputs Description
Result (result) The result of the API call

Opsgenie/Update Alert Priority method

Update the priority of the alert with given identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Priority (is required) Description of the alert.
Outputs Description
Result (result) The result of the API call

Opsgenie/List Alert Recipients method

List alert recipients for the given alert identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Outputs Description
Data (data) The result of the API call

Opsgenie/List Alert Logs method

List alert logs for the given alert identifier.

Inputs Description
Token (is required) To use the Opsgenie API, you must have an API key.
Identifier Type Type of the identifier that is provided as an in-line parameter. Possible values are id and name. Default value is id.
Identifier (is required) Identifier of the alert
Offset Starting value of the offset property.
Direction Page direction to apply for the given offset. Possible values are next and prev. Default value is next.next: Offset values of provided logs should be greater than the given offsetprev: Offset values of provided logs should be less than the given offset
Limit Maximum number of items to provide in the result. Must be a positive integer value. Default value is 20 and maximum value is 100.
Order Sorting order of the result set. Possible values are desc and asc. Default value is desc.desc: Sort result set in descending orderasc: Sort result set in ascending order
Outputs Description
Data (data) The result of the API call

Chainabuse

Chainabuse/Malicious Activity Screening method

This API allows users to screen addresses and URLs to verify whether they have been reported as linked to malicious activity on Chainabuse.

Inputs Description
User (is required) Introduce Api key here
Password (is required) Introduce Api key here
Trusted True: reported by a trusted contributor, based on how this Partner detects and verifies information.False: the reporter is not registered as a trusted contributor. Please note this does not mean their report cannot be trusted.
Checked True: report checked by our team of moderators including blockchain intelligence experts.False: report could not be verified by our team of moderators.
Address (Optional if a domain is passed). Crypto addresses to screen.
Domain (Optional if an address is passed). URL to screen.
Chain (Optional if a URL is passed). Chain to use as filter.
Category Optional. Scam category to use as filter.
Order by Direction ASC = latest reports firstDESC= oldest report first if several reports are pulled out
Order by Field Orders reports by date if several reports are pulled out
Before Optional. Threshold date to use as a filter.
Since Optional. Start date to use as a filter.
Page Optional. Number of pages of reports to pull out. The maximum number of reports per page is 50. If page =1, you will pull out a maximum of 50 reports.
Elements per Page Optional. Number of reports to display per page. The maximum number of reports per page is 50. If page =1, you will pull out a maximum of 50 reports.
Minimum Value lost Optional. Filters reports with at least the amount passed (Currently, only usd asset are supported and others will be ignored).
Scammer IoC Optional. Filters reports based on passed indicator of compromise.
Username Optional. The contributors username.
Outputs Description
values (values) The results of the API call

Chainabuse/Specific Report Retrieval method

This API allows users to retrieve a specific report using its ID.

Inputs Description
User (is required) Introduce API key here
Password (is required) Introduce Api key here
Report ID (is required) Id of the report
Outputs Description
ID (id) The ID of the report
Created at (createdAt) The date when the report was created
Trusted (trusted) Reported by a contributor registered as trusted on Chainabuse
Checked (checked) If the raport was verified
Scam Category (scamCategory) The category of the scam where the report was classified
Addresses (addresses) The addresses involved in scam

Cisco

Cisco/Meraki Syslog Servers method

List the syslog servers for a network.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Network ID The ID of the investigated network
Outputs Description
Servers (servers) A list of Syslog servers

Cisco/Meraki Traffic Analysis method

Return the traffic analysis settings for a network.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Network ID The ID of the investigated network
Outputs Description
Mode (mode) The traffic analysis mode for the network. Can be one of 'disabled' (do not collect traffic types),'basic' (collect generic traffic categories), or 'detailed' (collect destination hostnames)
Results (customPieChartItems) The list of items that make up the custom pie chart for traffic reporting.

Cisco/Network Traffic method

Return the traffic analysis data for this network. Traffic analysis with hostname visibility must be enabled on the network.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key
Network ID The ID of the investigated network
T0
Timespan
Device Type Filter the data by device type: combined, wireless, switch or appliance. Defaults to combined. When using combined, for each rule the data will come from the device type with the most usage
Outputs Description
Results (customPieChartItems) The list of items that make up the custom pie chart for traffic reporting

Cisco/Network Health method

Get the channel utilization over each radio for all APs in a network.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key
Network ID (is required) The ID of the investigated network
T0 The beginning of the timespan for the data. The maximum lookback period is 31 days from today
T1 The end of the timespan for the data. t1 can be a maximum of 31 days after t0
Timespan The timespan for which the information will be fetched. If specifying timespan, do not specify parameters t0 and t1. The value must be in seconds and be less than or equal to 31 days. The default is 1 day
Resolution The time resolution in seconds for returned data. The valid resolutions are: 600. The default is 600
Per Page The number of entries per page returned. Acceptable range is 3 - 100. Default is 10
Starting After A token used by the server to indicate the start of the page. Often this is a timestamp or an ID but it is not limited to those. This parameter should not be defined by client applications. The link for the first, last, prev, or next page in the HTTP Link header should define it
Ending Before A token used by the server to indicate the end of the page. Often this is a timestamp or an ID but it is not limited to those. This parameter should not be defined by client applications. The link for the first, last, prev, or next page in the HTTP Link header should define it
Outputs Description
values (values) The results of the API call

Cisco/Network Health Alerts method

Return all global alerts on this network.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Network ID (is required) The ID of the investigated network
Outputs Description
values (values) The results of the API call

Cisco/Create Organization Adaptive Policy Acl method

Creates new adaptive policy ACL.

Inputs Description
Token (is required)
Organization ID (is required) The ID of the Organization
Name Name of the adaptive policy ACL
Description Description of the adaptive policy ACL
Rules An ordered array of the adaptive policy ACL rules.
IP version (is required) IP version of adaptive policy ACL. One of: any, ipv4 or ipv6
Outputs Description
ACL ID (aclId) ID of the adaptive policy ACL
Created at (createdAt) When the adaptive policy ACL was created
Name (name) Name of the adaptive policy ACL
Description (description) Description of the adaptive policy ACL
IP Version (ipVersion) IP version of adaptive policy ACL
Rules (rules) An ordered array of the adaptive policy ACL rules

Cisco/Update Organization Adaptive Policy Acl method

Updates an adaptive policy ACL.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
ACL ID (is required) ID of the adaptive policy ACL
Organization ID (is required) The ID of the Organization
Name (is required) Name of the adaptive policy ACL
Description (is required) Description of the adaptive policy ACL
Rules (is required) An ordered array of the adaptive policy ACL rules. An empty array will clear the rules.
IP Version (is required) IP version of adaptive policy ACL
Outputs Description
ACL ID (aclId) ID of the adaptive policy ACL
Created at (createdAt) When the adaptive policy ACL was created
Name (name) Name of the adaptive policy ACL
Description (description) Description of the adaptive policy ACL
IP Version (ipVersion) IP version of adaptive policy ACL
Rules (rules) An ordered array of the adaptive policy ACL rules

Cisco/Delete Organization Adaptive Policy Acl method

Deletes the specified adaptive policy ACL. Note this adaptive policy ACL will also be removed from policies using it.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Organization ID (is required) The ID of the Organization
ACL ID (is required) ID of the adaptive policy ACL
Outputs Description

Cisco/Create Organization Adaptive Policy Group method

Creates a new adaptive policy group.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Organization ID (is required) The ID of the Organization
Name (is required) Name of the adaptive policy ACL
SGT (is required) SGT value of the group
Description (is required) Description of the group
Policy Objects (is required) The ID of the policy object
Outputs Description
SGT (sgt) The security group tag for the adaptive policy group
Created at (createdAt) Created at timestamp for the adaptive policy group
Description (description) The description for the adaptive policy group
Group ID (groupId) The ID of the adaptive policy group
Name (name) The name of the adaptive policy group
Update at (updatedAt) Updated at timestamp for the adaptive policy group
Is Default Group (isDefaultGroup) Whether the adaptive policy group is the default group
Required IP Mappings (requiredIpMappings) List of required IP mappings for the adaptive policy group
Policy Objects (policyObjects) The policy objects for the adaptive policy group

Cisco/Update Organization Adaptive Policy Group method

Updates an adaptive policy group. If updating Infrastructure, only the SGT is allowed. Cannot update Unknown.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Organization ID (is required) The ID of the Organization
Group ID (is required) The ID of the adaptive policy group
Name (is required) Name of the group
SGT (is required) SGT value of the group
Description (is required)
Policy Objects (is required) The policy objects for the adaptive policy group
Outputs Description
SGT (sgt) The security group tag for the adaptive policy group
Created at (createdAt) Created at timestamp for the adaptive policy group
Description (description) The description for the adaptive policy group
Group ID (groupId) The ID of the adaptive policy group
Name (name) The name of the adaptive policy group
Update at (updatedAt) Updated at timestamp for the adaptive policy group
Is Default Group (isDefaultGroup) Whether the adaptive policy group is the default group
Required IP Mappings (requiredIpMappings) List of required IP mappings for the adaptive policy group
Policy Objects (policyObjects) The policy objects for the adaptive policy group

Cisco/Delete Organization Adaptive Policy Group method

Deletes the specified adaptive policy group and any associated policies and references.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Organization ID (is required) The ID of the Organization
Group ID (is required) The ID of the adaptive policy group
Outputs Description

Cisco/Create Organization Adaptive Policy Policy method

Add an Adaptive Policy.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Organization ID (is required) The ID of the Organization
Source Group (is required) The source adaptive policy group (requires one unique attribute)
Destination Group (is required) The destination adaptive policy group (requires one unique attribute)
ACLs (is required) An ordered array of adaptive policy ACLs (each requires one unique attribute) that apply to this policy (default: [])
Outputs Description
Adaptive Policy ID (adaptivePolicyId) The ID for the adaptive policy
Created at (createdAt) The created at timestamp for the adaptive policy
Last Entry Rule (lastEntryRule) The rule to apply if there is no matching ACL
Updated at (updatedAt) The updated at timestamp for the adaptive policy
Destination Group (destinationGroup) The destination group for the given adaptive policy
Source Group (sourceGroup) The source group for the given adaptive policy
ACLs (acls) The access control lists for the adaptive policy

Cisco/Update Organization Adaptive Policy Policy method

Update an Adaptive Policy.

Inputs Description
Token (is required)
Organization ID (is required) The ID of the Organization
Policied ID (is required) The ID of the policy
Source Group (is required) The source adaptive policy group (requires one unique attribute)
Destination Group (is required) The destination adaptive policy group (requires one unique attribute)
ACLs (is required) An ordered array of adaptive policy ACLs (each requires one unique attribute) that apply to this policy
Outputs Description
Adaptive Policy ID (adaptivePolicyId) The ID for the adaptive policy
Created at (createdAt) The created at timestamp for the adaptive policy
Last Entry Rule (lastEntryRule) The rule to apply if there is no matching ACL
Updated at (updatedAt) The updated at timestamp for the adaptive policy
Destination Group (destinationGroup) The destination group for the given adaptive policy
Source Group (sourceGroup) The source group for the given adaptive policy
ACLs (acls) The access control lists for the adaptive policy

Cisco/Delete Organization Adaptive Policy Policy method

Delete an Adaptive Policy.

Inputs Description
Token (is required) To use the Cisco API, you must have an API key.
Organization ID (is required) The ID of the Organization
Policy ID (is required) The ID of the policy which will be deleted
Outputs Description

FireEye

FireEye/Submit URL or URLs for analysis method

This endpoint submits a list of URLs for analysis. The limit is 5 URLs in a single call.

Inputs Description
URLS (is required) This is the list of URLs to submit for analysis in the form of ['url1','url2',...]. Maximum of 10 URLs allowed
Extract GIF Extract screenshot of screen activity during dynamic analysis if true, which later can be downloaded with artifacts api
Extract video Extract video activity during dynamic analysis if true, which later can be downloaded with artifacts api
File Extraction Extract dropped files from vm during dynamic analysis if true, which later can be downloaded with artifacts api
Memory Dump Extraction Extract video activity during dynamic analysis if true, which later can be downloaded with artifacts api
Extract Pcaps Extract memory dump files from vm during dynamic analysis if true, which later can be downloaded with artifacts api
Force Analyze Force submission for this url even if found as duplicate
Analyze mode Analysis mode for submission(live). If analysis mode is set to live then profiles have to be provided
Profiles Profiles to be used if analysis_mode is set to live
Prefatch Download and analyze any file that the url points to
Outputs Description
Status (status) This means that your file has been received and stored successfully. This does not mean your analysis has started or was completed--you will need to check the report for this report ID to see the analysis status
Report ID (report_id) This is the analysis job ID of your file submission. Use this value as the report_id parameter in GET /reports/{report_id}. You will need to keep your own database of your report IDs to view your reports and their status as the report IDs cannot be retrieved at a later time
MD5 (md5) Returned NA in case of urls

FireEye/Get single report with Report ID method

This endpoint fetches the results of a single file submission, known as a report.

Inputs Description
Extended Setting extended to true will allow you to see all malware engine reports.
Report ID (is required) The report ID returned after successfully submitting a file.
Outputs Description
results (results) The results of the API call

FireEye/Get single report with Hash method

This endpoint fetches the latest results for file submission with the provided md5 or sha256 hash.

Inputs Description
Extended Setting extended to true will allow you to see all malware engine reports.
hash (is required) MD5 or SHA256 hash of a submitted file
Outputs Description
results (results) The results of the API call

FireEye/Get Artifact with Report ID method

This endpoint fetches artifacts, like a screenshot gif file, for the given report_id.

Inputs Description
Artifact UUID Submitted sample can have more that one artifacts each artifact will have its on artifact uuid which is reported as part of reports api. User need to grab artifacts uuid from reports endpoint.
Type (is required) Type of artifact to download.
Report ID (is required) The report ID returned after successfully submitting a file.

IBM QRadar

IBM QRadar/Login Attempts method

Gets the list of login attempts. For SAAS and single signon authentication modules, failed login attempts will not be tracked. The successful login attempts will be created when the QRadar session is created, not necessarily when the user entered their credentials on the single sign on login page. Any users or authorized service can call this endpoint. If the caller has the ADMIN capability, login attempts for all users will be returned. For all other callers, only login attempts for the current caller will be returned.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Sort This parameter is used to sort the elements in a list.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Security Data Count method

Retrieves count of security artifacts in QRadar.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Outputs Description
values (values) The results of the API call

IBM QRadar/Top Offenses method

Retrieves Top Offenses in the system sorted by update count.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Sort This parameter is used to sort the elements in a list.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Top Rules method

Retrieves Top Rules in the system sorted by response count.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Get Offenses method

Retrieve a list of offenses currently in the system.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Sort This parameter is used to sort the elements in a list.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Get Offenses Closing Reasons method

Retrieve a list of all offense closing reasons.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Include reserved f true, reserved closing reasons are included in the response. Defaults to false. Reserved closing reasons cannot be used to close an offense.
Include deleted If true, deleted closing reasons are included in the response. Defaults to false. Deleted closing reasons cannot be used to close an offense.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Get Source IP Addresses WithID method

Retrieve an offense source address.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Source Address ID (is required) The ID of the source address to retrieve.
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Outputs Description
values (values) The results of the API call

IBM QRadar/Get Source All IP Addresses method

Retrieve a list offense source addresses currently in the system.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields.
Outputs Description
values (values) The results of the API call

IBM QRadar/Offense Types method

Retrieve all the Offense Types.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Sort This parameter is used to sort the elements in a list.
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Offense Notes For An Offense ID method

Retrieve a list of notes for an offense.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Offense ID (is required) The offense ID to retrieve the notes for.
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Outputs Description
values (values) The results of the API call

IBM QRadar/Create Note For Offense ID method

Create a note on an offense.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Offense ID (is required) The offense ID to retrieve the notes for.
Note Text (is required) The note text.
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Outputs Description
values (values) The results of the API call

IBM QRadar/Asset Properties method

Get a list of available asset property types that can be used.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Get Assets method

List all assets found in the model. This endpoint supports sorting on id, domain_id, vulnerability_count and risk_score_sum, and filtering on all fields. EXCEPTION: LIKE, ILIKE, and BETWEEN do not work on the interfaces(ip_addresses(value)) field. It is possible to use the inequality operators to work around this in most cases. Use of the fields header to request only the necessary fields will improve API performance.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields
Sort This parameter is used to sort the elements in a list.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Get Cases method

Retrieves a list of cases.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Create Case method

Creates a new case.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Case
Outputs Description
values (values) The results of the API call

IBM QRadar/Get References Tables method

Retrieve a list of all reference tables.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Filter This parameter is used to restrict the elements in a list base on the contents of various fields
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Get References Table With Table Name method

Return the reference table identified by name.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Table Name (is required) Table identified by name.
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Namespace Either SHARED or TENANT, default is SHARED.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/Delete References Table With Name method

Remove a reference table or purge its contents.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Table Name (is required) Table identified by name.
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Namespace Either SHARED or TENANT, default is SHARED.
Purge Only The allowed values are false or true. The default value is false. This indicates if the reference table should have its contents purged (true), keeping the reference table structure. If the value is false, or not specified the reference table is removed completely.
Outputs Description
values (values) The results of the API call

IBM QRadar/Delete A Value From Reference Table method

Remove a value from a reference table.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Table Name (is required) Table identified by name.
Outer Key (is required) The outer key of the value to remove
Inner Key (is required) The inner key of the value to remove
Fields Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Value (is required) The value to remove from the reference table. Note: Date values must be represented in milliseconds since the Unix Epoch January 1st 1970.
Domain ID This allows the domain id for the value to be specified. If null, the shared domain will be used.
Outputs Description
values (values) The results of the API call

IBM QRadar/Ariel Search method

Creates a new Ariel search as specified by the Ariel Query Language (AQL) query expression. Searches are executed asynchronously. A reference to the search ID is returned and should be used in subsequent API calls to determine the status of the search and retrieve the results once it is complete. This endpoint only accepts SELECT query expressions.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Query Expression (is required) The AQL query to execute. Mutually exclusive with saved_search_id
Outputs Description
values (values) The results of the API call

IBM QRadar/Ariel Search Status method

Retrieve status information for a search, based on the search ID parameter. The same informational fields are returned regardless of whether the search is in progress or is complete.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Search ID (is required) The ID of the search criteria for the returned results.
Prefer Specify wait=N where N is number of seconds to wait for COMPLETED status of the search.
Outputs Description
values (values) The results of the API call

IBM QRadar/Ariel Search Results method

Retrieves search results in the requested format.Retrieve the results of the Ariel search that is identified by the search ID. The Accepts request header indicates the format of the result. The formats are RFC compliant and can be JSON, CSV, XML, or tabular text.By default, all query result records are returned. To restrict the results to a contiguous subset of the records, you can supply a Range header to specify the inclusive range of records to be returned.This end-point works with query results that are generated by AQL query expressions. This endpoint might not work as expected for results that are generated by other means. Search results might not be retrievable for searches that are created on the Console.The response samples are for the following query: Select sourceIP, destinationIP from events.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Search ID (is required) The ID of the search criteria for the returned results.
Range Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Outputs Description
values (values) The results of the API call

IBM QRadar/AQL Validator method

Creates a new Ariel search as specified by the Ariel Query Language (AQL) query expression. Searches are executed asynchronously. A reference to the search ID is returned and should be used in subsequent API calls to determine the status of the search and retrieve the results once it is complete. This endpoint only accepts SELECT query expressions.

Inputs Description
credentialsGUID (is required)
IBM QRadar Server (is required) The server where the IBM QRadar is installed
Query Expression (is required) The AQL query to execute. Mutually exclusive with saved_search_id
Fields - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Outputs Description
values (values) The results of the API call

NETALERT

NetAlert/Get Traffic method

This action help you to extract traffic information.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Number of max results The maximum number of elements which resulted from the api called you want to return
Filter The OpenSearch filter, a query string query for data filtering
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

NetAlert/Get Alerts method

This action help you to extract alerts information.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Number of max results The maximum number of elements which resulted from the api called you want to return
Filter The OpenSearch filter, a query string query for data filtering
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

NetAlert/Get Single Traffic method

This action help you to extract single traffic information.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Flow GUID (is required) A unique identifier which is given to all traffic flows (traffic which obeys a request/response structure).
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

NetAlert/Get Single Alert method

This action help you to extract single alert information.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Alert ID (is required) A unique identifier given in the DB for the alert.
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

NetAlert/Get Traffic Count By Field method

Get traffic count with the help of the field parameter.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Filter The OpenSearch filter, a query string query for data filtering
Field (is required) The field you want to search by
Max number of elements The maximum number of elements which resulted from the api called you want to return
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

NetAlert/Get Source IP Connections method

Get Source IP Connections.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Filter The OpenSearch filter, a query string query for data filtering
Field (is required) The field you want to search by
Max number of elements The maximum number of elements which resulted from the api called you want to return
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

NetAlert/Destination IP Connections method

Get Destination IP Connections.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Filter The OpenSearch filter, a query string query for data filtering
Field (is required) The field you want to search by
Max number of elements The maximum number of elements which resulted from the api called you want to return
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

NetAlert/Alert Count By Field method

Get Alerts Count By a Field IP.

Inputs Description
Token (is required) To use this api you need an API Key
NetAlert Server (is required) IP of the server where NetAlert is installed
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Filter The OpenSearch filter, a query string query for data filtering
Field (is required) The field you want to search by
Max number of elements The maximum number of elements which resulted from the api called you want to return
Outputs Description
Total Results (totalResults) The total number of reports
Data (data) Reports from NetAlert based on search filter
Is Success (isSuccess) True if the API call was successful, otherwise false
Message (message) Additional details
Error Message (errorMessage) Details of the error that occurred during the API call

Tenable Nessus

Tenable Nessus/Create Scan

Creates a scan configuration.

Inputs Description
Access Key (is required) To use the ThreatBook API, you must have an API key.
Secret Key (is required) The IP which is investigated
UUID (is required) The UUID for the Tenable-provided scan template to use
Settings (is required) The settings of the new scan
Credentials The settings of the new scan
Outputs Description
Scan (scan) The result of the API call

Tenable Nessus/Launch Scan

Launches a scan.

Inputs Description
Access Key (is required) To use the ThreatBook API, you must have an API key.
Secret Key (is required) The IP which is investigated
Scan ID (is required) The unique identifier for the scan you want to launch. This identifier can be either the scans.schedule_uuid or the scans.id
Alt targets If you include this parameter, Tenable Vulnerability Management scans these targets instead of the default. Value can be an array where each index is a target, or an array with a single index of comma-separated targets.
Rollover The settings of the new scan
Outputs Description
scan_uuid (scan_uuid) The UUID of the scan launched.

Tenable Nessus/Export Scan

Export the specified scan.

Inputs Description
Access Key (is required) To use the ThreatBook API, you must have an API key.
Secret Key (is required) The IP which is investigated
Scan ID (is required) The unique identifier for the scan you want to launch. This identifier can be either the scans.schedule_uuid or the scans.id
History ID The unique identifier of the historical data that you want Tenable Vulnerability Management to export.
Asset ID The settings of the new scan
Outputs Description
file (file) The file ID of the export scan
temp_token(temp_token) Temporary Token of the export scan

Tenable Nessus/Check Scan Export Status

Check the file status of an exported scan.

Inputs Description
Access Key (is required) To use the ThreatBook API, you must have an API key.
Secret Key (is required) The IP which is investigated
Scan ID (is required) The unique identifier for the scan you want to launch. This identifier can be either the scans.schedule_uuid or the scans.id
File ID (is required) The ID of the file to download
Asset ID The settings of the new scan
Outputs Description
file (file) The file ID of the Check Scan Export Status
temp_token(temp_token) Temporary Token of the Check Scan Export Status

Tenable Nessus/Download Exported Scan

Download an exported scan.

Inputs Description
Access Key (is required) To use the ThreatBook API, you must have an API key.
Secret Key (is required) The IP which is investigated
Scan ID (is required) The unique identifier for the scan you want to launch. This identifier can be either the scans.schedule_uuid or the scans.id
File ID The ID of the file to download

Wazuh

Wazuh/Login method

Use this method to generate JWT Token which will be used as a method of login for other APIs from Wazuh.

Inputs Description
credentialsGUID (is required) The credentials of the Wazuh Server
Host (is required) IP of the server where Wazuh is installed
Port (is required) The port used by the API
Outputs Description
JWT Token (jwt_token) The login token

Wazuh/Get Stats method

Return Wazuh statistical information for the current or specified date.

Inputs Description
JWT Token (is required) The token that was generated from login method
Host (is required) IP of the server where Wazuh is installed
Port (is required) The port used by the API
Date Date to obtain statistical information from. Format YYYY-MM-DD
Outputs Description
Data (data) The results of the API call
Message (message) Human readable description to explain the result of the request

Wazuh/Get Stats Hourly method

Return Wazuh statistical information per hour. Each number in the averages field represents the average of alerts per hour for that specific day.

Inputs Description
JWT Token (is required) The token that was generated from login method
Host (is required) IP of the server where Wazuh is installed
Port (is required) The port used by the API
Outputs Description
Data (data) The results of the API call
Message (message) Human readable description to explain the result of the request

Wazuh/Get Stats Weekly method

Return Wazuh statistical information per week. Each number in the averages field represents the average of alerts per hour for that specific day.

Inputs Description
JWT Token (is required) The token that was generated from login method
Host (is required) IP of the server where Wazuh is installed
Port (is required) The port used by the API
Outputs Description
Data (data) The results of the API call
Message (message) Human readable description to explain the result of the request

Wazuh/Get Logs method

Return the last 2000 wazuh log entries.

Inputs Description
JWT Token (is required) The token that was generated from login method
Host (is required) IP of the server where Wazuh is installed
Port (is required) The port used by the API
Offset First element to return in the collection
Limit Maximum number of lines to return
Sort Sort the collection by a field or fields (separated by comma). Use +/- at the beggining to list in ascending or descending order. Use . for nested fields. For example, {field1: field2} may be selected with field1.field2
Search Look for elements containing the specified string. To obtain a complementary search, use - at the beginning
Tag Wazuh component that logged the event
Level Enum: critical, debug, debug2, error, info, warning
Query Query to filter results by. For example query= status=active
Select Select which fields to return (separated by comma). Use . for nested fields. For example, {field1: field2} may be selected with field1.field2
Distinct Look for distinct values
Outputs Description
Data (data) The results of the API call
Message (message) Human readable description to explain the result of the request

Wazuh/Get Alerts method

Get Alerts from Wazuh.

Inputs Description
Host (is required) IP of the server where Wazuh is installed
Username (is required) The Username which is used to login in Wazuh OpenSearch
Password (is required) The Password which is used to login in Wazuh OpenSearch
Count (is required) The number of alerts you want to receive from OpenSearch
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Filter (is required) The OpenSearch filter, a query string query for data filtering
Outputs Description
Data (hits) The results of the API call
Total (total) The total number of alerts

Wazuh/Get Monitoring method

Get Monitoring logs from Wazuh.

Inputs Description
Host (is required) IP of the server where Wazuh is installed
Username (is required) The Username which is used to login in Wazuh OpenSearch
Password (is required) The Password which is used to login in Wazuh OpenSearch
Count (is required) The number of alerts you want to receive from OpenSearch
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Filter (is required) The OpenSearch filter, a query string query for data filtering
Outputs Description
Data (hits) The results of the API call
Total (total) The total number of alerts

Wazuh/Get Statistics method

Get Statistics logs from Wazuh.

Inputs Description
Host (is required) IP of the server where Wazuh is installed
Username (is required) The Username which is used to login in Wazuh OpenSearch
Password (is required) The Password which is used to login in Wazuh OpenSearch
Count (is required) The number of alerts you want to receive from OpenSearch
Start Date (is required) The start time of the search
End Date (is required) The end time of the search
Filter (is required) The OpenSearch filter, a query string query for data filtering
Outputs Description
Data (hits) The results of the API call
Total (total) The total number of alerts

Wazuh/Get Logs Summary method

Return a summary of the last 2000 wazuh log entries.

Inputs Description
JWT Token (is required) The token that was generated from login method
Host (is required) IP of the server where Wazuh is installed
Port (is required) The port used by the API
Outputs Description
Data (data) The results of the API call
Message (message) Human readable description to explain the result of the request

Wazuh/Run Command Active Response

Run an Active Response command on all agents or a list of them.

Inputs Description
JWT Token (is required) The token that was generated from login method
Host (is required) IP of the server where Wazuh is installed
Port (is required) The port used by the API
Agent List List of agent IDs (separated by comma), all agents selected by default if not specified
Pretty Show results in human-readable format
Wait For Complete Disable timeout response
Arguments Command arguments
Command (is required) Command running in the agent. If this value starts with !, then it refers to a script name instead of a command name
Alert Data Alert data depending on the active response command executed
Outputs Description
Data (data) The results of the API call
Message (message) Human readable description to explain the result of the request

ServiceNow

ServiceNow/Activities For Opened Cases

The list of activities opened for a case.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
ID (is required) The ID of the Opened Case you want to get the activity list

ServiceNow/Create Case

Create a case ( it is used in pricipal for external entities).

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
Consumer The type of the consumer
Contact Type Describes how the incident was reported (e.g., phone, email). Helps in tracking and analyzing reporting methods.
Priority Usually calculated automatically from urgency and impact, but can be set manually if needed. It determines the order in which incidents are addressed
Short description A brief summary of the issue. This is a required field to give a quick overview of the incident.
Description A detailed description of the case. This field provides essential context and details about the problem.
Urgency Indicates how quickly the case needs to be addressed. This affects the priority of the case.
Impact Describes the impact level of the case on the business. This, along with urgency, helps to determine the cases priority.
Assignment Group The group responsible for resolving the case. Ensures the case is routed to the correct team.
Assigned To The specific individual assigned to handle the case. This is crucial for accountability and tracking progress.
cmdb_ci Links the incident to a specific Configuration Item (CI) in the CMDB. Helps in identifying which asset or service is affected.
Category Specifies the type of issue (e.g., software, hardware). Helps in categorizing and routing the case appropriately.
State Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Location Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Business Service Links the incident to a specific business service. This is crucial for understanding the impact on business operations.
Due Date The deadline for resolving the case. Helps in managing and meeting SLAs.

ServiceNow/Get All Opened Cases

Get all opened cases.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface

ServiceNow/Get Specific Opened Case

Get all opened cases.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
ID (is required) The ID of the Opened Case you want to retrieve

ServiceNow/Update Case

Update an opened case.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
Consumer The type of the consumer
Contact Type Describes how the incident was reported (e.g., phone, email). Helps in tracking and analyzing reporting methods.
Priority Usually calculated automatically from urgency and impact, but can be set manually if needed. It determines the order in which incidents are addressed
Short description A brief summary of the issue. This is a required field to give a quick overview of the incident.
Description A detailed description of the case. This field provides essential context and details about the problem.
Urgency Indicates how quickly the case needs to be addressed. This affects the priority of the case.
Impact Describes the impact level of the case on the business. This, along with urgency, helps to determine the cases priority.
Assignment Group The group responsible for resolving the case. Ensures the case is routed to the correct team.
Assigned To The specific individual assigned to handle the case. This is crucial for accountability and tracking progress.
cmdb_ci Links the incident to a specific Configuration Item (CI) in the CMDB. Helps in identifying which asset or service is affected.
Category Specifies the type of issue (e.g., software, hardware). Helps in categorizing and routing the case appropriately.
State Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Location Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Business Service Links the incident to a specific business service. This is crucial for understanding the impact on business operations.
Due Date The deadline for resolving the case. Helps in managing and meeting SLAs.

ServiceNow/Create Incident

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
Short description A brief summary of the issue. This is a required field to give a quick overview of the incident.
Description A detailed description of the case. This field provides essential context and details about the problem.
Caller ID Specifies the user or person who reported the incident. This is important for tracking and follow-up.
Urgency Indicates how quickly the case needs to be addressed. This affects the priority of the case.
Impact Describes the impact level of the case on the business. This, along with urgency, helps to determine the cases priority.
Priority Usually calculated automatically from urgency and impact, but can be set manually if needed. It determines the order in which incidents are addressed
Assignment Group The group responsible for resolving the case. Ensures the case is routed to the correct team.
Assigned To The specific individual assigned to handle the case. This is crucial for accountability and tracking progress.
cmdb_ci Links the incident to a specific Configuration Item (CI) in the CMDB. Helps in identifying which asset or service is affected.
Category Specifies the type of issue (e.g., software, hardware). Helps in categorizing and routing the case appropriately.
State Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Incident Type Defines the nature of the incident (e.g., inquiry, failure). Helps in understanding and prioritizing the incident.
Location Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Business Service Links the incident to a specific business service. This is crucial for understanding the impact on business operations.
Contact Type Describes how the incident was reported (e.g., phone, email). Helps in tracking and analyzing reporting methods.
Severity Describes how the incident was reported (e.g., phone, email). Helps in tracking and analyzing reporting methods.
Due Date The deadline for resolving the case. Helps in managing and meeting SLAs.
Display Value Return field display values (true), actual values (false), or both (all) (default: false
Exclude Reference Link True to exclude Table API links for reference fields (default: false)
System Parameters Fields A comma-separated list of fields to return in the response
Input Display Value Set field values using their display value (true) or actual value (false) (default: false)
Surpress Auto System Field True to suppress auto generation of system fields (default: false)
System Parameters View Render the response according to the specified UI view (overridden by System Parameters Fields)

ServiceNow/View All Incidents

View all incidents created.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
System Parameters Query An encoded query string used to filter the results
System Parameters Display Value Return field display values (true), actual values (false), or both (all) (default: false)
System Parameters Exclude Reference Link True to exclude Table API links for reference fields (default: false)
System Parameters Suppress Pagination Header True to supress pagination header (default: false)
System Parameters Fields A comma-separated list of fields to return in the response
System Parameters Limit The maximum number of results returned per page (default: 10,000)
System Parameters View Render the response according to the specified UI view (overridden by sysparm_fields)
System Parameters Query Category Name of the query category (read replica category) to use for queries
System Parameters Query No Domain True to access data across domains if authorized (default: false)
System Parameters No Count Do not execute a select count(*) on table (default: false)

ServiceNow/Retrieve Specific Incident

View specific incident.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
System ID (is required) The ID generated from the system when the incident was created
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
System Parameters Display Value Return field display values (true), actual values (false), or both (all) (default: false)
System Parameters Exclude Reference Link True to exclude Table API links for reference fields (default: false)
System Parameters Fields A comma-separated list of fields to return in the response
System Parameters View Render the response according to the specified UI view (overridden by sysparm_fields)
System Parameters Query No Domain True to access data across domains if authorized (default: false)

ServiceNow/Update Incident

Update incident parameters.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
System ID (is required) The ID generated from the system when the incident was created
Short description A brief summary of the issue. This is a required field to give a quick overview of the incident.
Description A detailed description of the case. This field provides essential context and details about the problem.
Caller ID Specifies the user or person who reported the incident. This is important for tracking and follow-up.
Urgency Indicates how quickly the case needs to be addressed. This affects the priority of the case.
Impact Describes the impact level of the case on the business. This, along with urgency, helps to determine the cases priority.
Priority Usually calculated automatically from urgency and impact, but can be set manually if needed. It determines the order in which incidents are addressed
Assignment Group The group responsible for resolving the case. Ensures the case is routed to the correct team.
Assigned To The specific individual assigned to handle the case. This is crucial for accountability and tracking progress.
Configuration Item Links the incident to a specific Configuration Item (CI) in the CMDB. Helps in identifying which asset or service is affected.
Category Specifies the type of issue (e.g., software, hardware). Helps in categorizing and routing the case appropriately.
State Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Incident Type Defines the nature of the incident (e.g., inquiry, failure). Helps in understanding and prioritizing the incident.
Location Indicates the current status of the incident (e.g., New, In Progress). Useful for tracking the cases lifecycle.
Business Service Links the incident to a specific business service. This is crucial for understanding the impact on business operations.
Contact Type Describes how the incident was reported (e.g., phone, email). Helps in tracking and analyzing reporting methods.
Severity Describes how the incident was reported (e.g., phone, email). Helps in tracking and analyzing reporting methods.
Due Date The deadline for resolving the case. Helps in managing and meeting SLAs.
Display Value Return field display values (true), actual values (false), or both (all) (default: false
Exclude Reference Link True to exclude Table API links for reference fields (default: false)
System Parameters Fields A comma-separated list of fields to return in the response
Input Display Value Set field values using their display value (true) or actual value (false) (default: false)
Surpress Auto System Field True to suppress auto generation of system fields (default: false)
System Parameters View Render the response according to the specified UI view (overridden by System Parameters Fields)

ServiceNow/Delete Incident

Delete an incident.

Inputs Description
Instance (is required) The subdomain created using ServiceNow, for example: nextgensoftware
System ID (is required) The ID generated from the system when the incident was created
Username (is required) To use this API you must have an account valid account on ServiceNow. Use the username used to login in ServiNow Interface
Password (is required) To use this API you must have an account valid account on ServiceNow. Use the password used to login in ServiNow Interface
System Parameters Query No Domain True to access data across domains if authorized (default: false)

Jira

Jira/Create Ticket

Create a JIRA Ticket.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Project Key (is required) "Specify the project ID that corresponds to the project where you want to create the Jira ticket.
Summary (is required) Title for the new Jira ticket.
Description (is required) Write a description for the new Jira ticket.
Issue Type (is required) Specify the type of ticket to create
Parent Key When creating a subtask, you must provide the ID of the parent ticket. This field is only relevant for subtask ticket types. For instance, Test-1.
Priority (is required) Choose a priority for the Jira ticket update: Highest, High, Medium, Low, or Lowest.
Assignee ID The person you want to assign the ticket
Labels Keywords or tags used to categorize and organize Jira tickets.
Components Specifies the components associated with a Jira ticket
Due Date Time until the ticket must be resolved

Jira/Ticket Details

Return details for a ticket.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Ticket ID or Key (is required) The ID or key of the issue.he ID or key of the issue.

Jira/Get All Projects

Return all projects.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)

Jira/List Tickets

Searches for issues using JQL.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
JQL (is required) Construct a Jira query to identify and list tickets that meet specific criteria. You must define at least one search filter, for instance, project = project_id
Start at The index of the first item to return in the page of results (page offset). The base index is 0
Maximum Results The maximum number of items to return per page. Default: 50
Fields A list of fields to return for each issue, use it to retrieve a subset of fields. This parameter accepts a comma-separated list. Expand options include: - all Returns all fields.
- navigable Returns navigable fields.
- Any issue field, prefixed with a minus to exclude.
- The default is navigable

Jira/Validate JQL Query

Parses and validates JQL queries.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token (is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Validation (is required) How to validate the JQL query and treat the validation results. Validation options include:
- strict Returns all errors. If validation fails, the query structure is not returned.
- warn Returns all errors. If validation fails but the JQL query is correctly formed, the query structure is returned.
- none No validation is performed. If JQL query is correctly formed, the query structure is returned.
- Default: strict
- Valid values: strict, warn, none
Queries (is required) A list of queries to parse. Min length: 1

Jira/Get User Details

Return details for a user.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Account ID (is required) The account ID of the user, which uniquely identifies the user across all Atlassian products. For example, 5b10ac8d82e05b22cc7d4ef5.

Jira/Assign Issue to a User

Assigns an issue to a user.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Ticket ID or Key (is required) The ID or key of the issue.
Account ID (is required) The account ID of the user, which uniquely identifies the user across all Atlassian products. For example, 5b10ac8d82e05b22cc7d4ef5.

Creates or updates a remote issue link for an issue.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Ticket ID or Key (is required) The ID or key of the issue.
Title (is required) The title of the item.
URL (is required) The URL of the item.

Jira/Get Comments

Returns all comments for an issue.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Ticket ID or Key (is required) The ID or key of the issue.
Start at The index of the first item to return in a page of results (page offset).Default: 0
Max Results The maximum number of items to return per page. Default: 5000
Order By Order the results by a field. Accepts created to sort comments by their created date. Valid values: created, -created, +created

Jira/Get All Possible Status

Returns either all transitions or a transition that can be performed by the user on an issue, based on the issue status.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Ticket ID or Key (is required) The ID or key of the issue.

Jira/Update Ticket Status

Performs an issue transition and, if the transition has a screen, updates the fields from the transition screen.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Ticket ID or Key (is required) The ID or key of the issue.
Select Transition (is required) The ID of the issue transition.

Jira/Delete Ticket

An issue cannot be deleted if it has one or more subtasks. To delete an issue with subtasks, set deleteSubtasks. This causes the issue subtasks to be deleted with the issue.

Inputs Description
Username (is required) Your account has a username set up to access the Jira server
Token(is required) Your account has an API token to access the Jira server
Jira Domain (is required) Your Jira domain(ex: your_jira_domain.atlassian.com)
Ticket ID or Key (is required) The ID or key of the issue.
Delete Subtasks "Whether the issue subtasks are deleted when the issue is deleted.Default: false". Valid values: true, false

Zendesk

Zendesk/List Tickets

Retrieve a comprehensive list of all tickets from Zendesk.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Sort By Possible values are assignee, assignee.name, created_at, group, id, requester, requester.name, status, subject, updated_at
Sort Order One of asc, desc. Defaults to asc
Count Number of tickets that you want to fetch from Zendesk per page

Zendesk/Create Ticket

Build a new ticket in Zendesk using the supplied subject, assignee ID, description, and optional parameters.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Subject Provide the subject of the ticket
Description (is required) Give a full explanation of the ticket you would like to create in Zendesk.
Assignee ID (is required) Specify the ID of the person who should handle this ticket
Priority Indicate the importance of this ticket by choosing a priority: Low, Normal, High, or Urgent.
Type Classify the ticket as a Question, Incident, Problem, or Task
Tags Enter a comma-separated list of tags to apply to the ticket

Zendesk/Ticket Details

Obtain detailed ticket data based on provided ticket ID.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Ticket ID (is required) Enter the ticket id to retrieve its details.

Zendesk/Update Ticket

Make changes to a specific ticket based on provided information.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Subject Provide the subject of the ticket
Description Give a full explanation of the ticket you would like to create in Zendesk.
Assignee ID Specify the ID of the person who should handle this ticket
Priority Indicate the importance of this ticket by choosing a priority: Low, Normal, High, or Urgent.
Type Classify the ticket as a Question, Incident, Problem, or Task
Tags Enter a comma-separated list of tags to apply to the ticket

Zendesk/List Deleted Tickets

Retrieve up to 100 deleted tickets per page, excluding those permanently removed.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Sort By Possible values are assignee, assignee.name, created_at, group, id, requester, requester.name, status, subject, updated_at
Sort Order One of asc, desc. Defaults to asc
Count Number of tickets that you want to fetch from Zendesk per page

Retrieve associated data for a specific ticket.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Ticket ID (is required) Enter the ticket id to retrieve its details.

Zendesk/Mark Ticket as Spam

Indicate a ticket as spam in the Zendesk system.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Ticket ID (is required) Please provide the ID of the ticket you want to flag as spam

Zendesk/Restore Ticket

Bring back a previously deleted ticket.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Ticket ID (is required) Enter the number of the deleted ticket you wish to recover

Zendesk/Delete Ticket

Remove a ticket from Zendesk (recoverable for 30 days).

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Ticket ID (is required) Please provide the ID of the ticket you want to delete

Zendesk/Delete Ticket Permanently

Completely remove a previously deleted ticket.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
Ticket ID (is required) "Enter the number of the ticket you wish to delete completely.The Delete Ticket method must be used first, after that this method will work

Zendesk/Delete Multiple Tickets

Delete multiple tickets. Maximum 100 IDs.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
IDs (is required) Please input a CSV or list of up to 100 ticket IDs to be deleted.

Zendesk/Delete Multiple Tickets Permanently

Permanently erase up to 100 previously deleted tickets.

Inputs Description
Username (is required) The username from the account created on Zendesk
Password (is required) The API token generated from Admin Page
Subdomain (is required) The subdomain created using zendesk, for example: nextgensoftware.
IDs (is required) Please input a CSV or list of up to 100 ticket IDs to be deleted permanently

CyberArk

CyberArk/Add Account Group

This method enables application managers to define a new account group automatically, and manage accounts as part of a group.To create an account group, users require the following permissions in the Safe where the group is created:

  • Add accounts
  • Update account content
  • Update account properties
  • Create folders

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64.
CyberArk Server Address (is required) The address of the CyberArk Server
Group Name (is required) The name of the newly created group
Group Platform ID (is required) The name of the platform of the group.The associated platform must be set to PolicyType=Group OR Rotational Group
Safe (is required) The name of the Safe where the group will be created
Outputs Description
GroupID (GroupID) The ID of the newly created group
GroupName(GroupName) The name of the newly created group
GroupPlatformID(GroupPlatformID) The ID of the platform associated with the group
Safe(Safe) The name of the Safe where the group exists

CyberArk/Get Accounts

This method returns a list of all the accounts in the Vault.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
Search A list of keywords to search for in accounts, separated by a space
Search Type Get accounts that either contain or start with the value specified in the Search parameter
Sort The property or properties that you want to sort returned accounts, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties
Offset Offset of the first account that is returned in the collection of results
Limit The maximum number of returned accounts. The maximum number that you can specify is 1000. When used together with the Offset parameter, this value determines the number of accounts to return, starting from the first account that is returned
Filter The maximum number of returned accounts. The maximum number that you can specify is 1000. When used together with the Offset parameter, this value determines the number of accounts to return, starting from the first account that is returned
Saved Filter Search for accounts using a saved filter(s).
Outputs Description
id (id) The unique ID of the account
name(name) The unique name of the Safe where the account is located
address(address) The name or address of the machine where the account is used
userName(userName) The account user name
platformId(platformId) The platform assigned to the account
safeName(safeName) safeName
secretType(secretType) The unique name of the Safe where the account is located
platformAccountProperties(platformAccountProperties) The object containing key-value pairs to associate with the account, as defined by the account platform. Optional properties that do not exist for the account will not be returned here, and internal properties are not returned
secretManagement(secretManagement) Additional management parameters
remoteMachinesAccess(remoteMachinesAccess) Additional remote access machines
createdTime(createdTime) The date and time the account was created
categoryModificationTime(categoryModificationTime) The last time the account or one of its file categories was created or changed
deletionTime(deletionTime) The last time the account or one of its file categories was created or changed

CyberArk/Get Account Group Members

This method returns all the members of an existing account group. These accounts can be either password accounts or SSH Key accounts.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
GroupID (is required) The unique ID of the group
Outputs Description
ARRAY_VALUES_KEY(ARRAY_VALUES_KEY) The list of accounts

CyberArk/Delete Member From Account Group

This method removes an account member from an account group. This account can be either a password account or an SSH Key account.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
GroupID (is required) The unique ID of the group
AccountID (is required) The unique ID of the account

CyberArk/Add User To Group

This method enables application managers to define a new account group automatically, and manage accounts as part of a group.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
GroupName (is required) The name of the newly created group
GroupPlatform (is required) The name of the platform of the group. The associated platform must be set to PolicyType=Group OR Rotational Group
Safe (is required) The name of the Safe where the group will be created
Outputs Description
GroupID (GroupID) The ID of the newly created group
GroupName(GroupName) The name of the newly created group
GroupPlatformID(GroupPlatformID) The ID of the platform associated with the group
Safe(Safe) The name of the Safe where the group exists

CyberArk/Reset Password

This method resets an existing Vault users password.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
UserID (is required) The ID of the account to which the password will be generated
id (is required) The users unique ID
newPassword (is required) The user’s new password

CyberArk/Get Logged On User Details

This method returns user information of the user who is logged on.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
IIS Server Ip (is required) The address of the IIS Server
Outputs Description
FirstName (FirstName) The First Name of the user
LastName(LastName) The Last Name of the user
UserName(UserName) The UserName of the user
Email(Email) The Email address of the user
Source(Source)
UserTypeName(UserTypeName) The Type of the user
Expired(Expired) True if the user is expired, otherwise false
Disabled(Disabled) True if the user is disabled, otherwise false
AgentUser(AgentUser) True if the user is agent, otherwise false
Suspended(Suspended) True if the user is suspended, otherwise false

CyberArk/Get User Details

This method returns information about a specific user in the Vault.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
UserID (is required) The ID of the user for which information is returned
Outputs Description
enableUser (enableUser) Whether or not the user is enabled
changePassOnNextLogon(changePassOnNextLogon) Whether or not the user must change their password from the second log on onward
expiryDate(expiryDate) The date when the user expires
suspended(suspended) Whether or not the user is suspended due after entering incorrect credentials multiple time
lastSuccessfulLoginDate(lastSuccessfulLoginDate) The date that the user last logged on to the Vault successfully
unAuthorizedInterfaces(unAuthorizedInterfaces) The CyberArk interfaces that this user is not authorized to use. The possible values depend on the specific user type as defined in the license
authenticationMethod(authenticationMethod) The authentication method that the user uses to log on
passwordNeverExpires(passwordNeverExpires) Whether the user's password is retained until the user changes it.
distinguishedName(distinguishedName) The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name
description(description) Notes and comments
businessAddress(businessAddress) The user’s postal address, including:City, state, zip, and country Street
internet(internet) The users email addresses, including: Home page, Home email, Business email, Other email
phones(phones) phones
personalDetails(personalDetails) The users personal details, including: firstName, middleName, lastName, address, city, state, zip, country, title, organization, department, profession
groupsMembership(groupsMembership) List of groups in which the user is a member
id(id) The unique ID of the user
username(username) The name of the user
source(source) The source of the user
userType(userType) The user type as defined in the license
componentUser(componentUser) Whether the user is a known component or not. If the user is a component, the value is true. Otherwise, its false
vaultAuthorization(vaultAuthorization) The user permissions
location(location) The location in the Vault where the user will be created

CyberArk/Get Groups

This method returns a list of all existing user groups.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
filter Filters according to the REST standard
sort Property or properties by which to sort returned users, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties: groupname, directory, location
search Searches according to the REST standard (searching with contains). Search matches when all search terms appear in the group name
includeMembers Whether or not to return members for each user group as part of the response. If not sent, the value will be False
Outputs Description
value (value) The list of groups
count(count) The number of groups

CyberArk/Add Safe

This method adds a new Safe to the Vault.

Inputs Description
safeName (is required) The unique name of the Safe
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
numberOfDaysRetention The number of days that password versions are saved in the Safe
numberOfVersionsRetention The number of retained versions of every password that is stored in the Safe
oLACEnabled Whether or not to enable Object Level Access Control for the new Safe.
autoPurgeEnabled Whether or not to automatically purge files after the end of the Object History Retention Period defined in the Safe properties. Report Safes and PSM Recording Safes are created automatically with AutoPurgeEnabled set to Yes. These Safes cannot be managed by the CPM
managingCPM The name of the CPM user who will manage the new Safe
description The description of the Safe
location The location of the Safe in the Vault
Outputs Description
safeUrlId (safeUrlId) The unique ID of the Safe used when calling Safe APIs
safeName(safeName) The name of the Safe
safeNumber(safeNumber) The unique numerical ID of the Safe
description(description) The description of the Safe
location(location) The location of the Safe in the Vault
creator(creator) Contains the following parameters: creator.id: The ID of the user that created the Safe. Type: String, creator.name: The name of the user that created the Safe
olacEnabled(olacEnabled) Whether or not to enable Object Level Access Control for the new Safe
managingCPM(managingCPM) The name of the CPM user who will manage the new Safe
numberOfVersionsRetention(numberOfVersionsRetention) The number of retained versions of every password that is stored in the Safe
numberOfDaysRetention(numberOfDaysRetention) The number of days that password versions are saved in the Safe
autoPurgeEnabled(autoPurgeEnabled) Whether or not to automatically purge files after the end of the Object History Retention Period defined in the Safe properties. Report Safes and PSM Recording Safes are created automatically with AutoPurgeEnabled set to Yes. In addition, these Safes cannot be managed by the CPM
creationTime(creationTime) The Unix creation time of the Safe
lastModificationTime(lastModificationTime) The Unix time when the Safe was last updated

CyberArk/Get All Safes

This method returns a list of all Safes in the Vault that the user has permissions for.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
search Searches according to the Safe name. Search is performed according to the REST standard (search=search word)
offset Offset of the first Safe that is returned in the collection of results
limit The maximum number of Safes that are returned. When used together with the offset parameter, this value determines the number of Safes to return, starting from the first Safe that is returned
sort Sorts according to the safeName property in ascending order (default) or descending order to control the sort direction
includeAccounts Whether or not to return accounts for each Safe as part of the response. If not sent, the value is False
extendedDetails Whether or not to return all Safe details or only safeName as part of the response. If not sent, the value is True.
Outputs Description
value (value) The list of Safes
count(count)
nextLink(nextLink)

CyberArk/Get Safe Details

This method returns information about a specific Safe in the Vault.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeUrlId (is required) The unique ID of the Safe
Outputs Description
safeUrlId (safeUrlId) The unique ID of the Safe used when calling Safe APIs
safeName(safeName) The unique name of the Safe
safeNumber(safeNumber) The unique numerical ID of the Safe
description(description) The description of the Safe
location(location) The location of the Safe in the Vault
creator(creator) Contains the following parameters: creator.id:The ID of the user that created the Safe. Type: String, creator.name: The name of the user that created the Safe
olacEnabled(olacEnabled) Whether or not to enable Object Level Access Control for the new Safe
managingCPM(managingCPM) The name of the CPM user who will manage the new Safe
numberOfVersionsRetention(numberOfVersionsRetention) The number of retained versions of every password that is stored in the Safe
numberOfDaysRetention(numberOfDaysRetention) The number of days that password versions are saved in the Safe
autoPurgeEnabled(autoPurgeEnabled) "Whether or not to automatically purge files after the end of the Object History Retention Period defined in the Safe properties. Report Safes and PSM Recording Safes are created automatically with AutoPurgeEnabled set to Yes. These Safes cannot be managed by the CPM
creationTime(creationTime) The Unix creation time of the Safe
lastModificationTime(lastModificationTime) The Unix time when the Safe was last updated
accounts(accounts) Contains the following parameters: account.id: The ID of the accounts that reside in this Safe, account.name: The name of the accounts that reside in this Safe
isExpiredMember(isExpiredMember) Whether or not the membership for the Safe is expired. For expired members, the value is True

CyberArk/Search For A Safe

This method returns information about the Safes in the Vault that meet the criteria specified in the search query.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
query (is required) The search query
Outputs Description
SearchSafesResult (SearchSafesResult) The list of Safes

CyberArk/Get Safe Account Groups

This method returns all the existing account groups in a specific Safe.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeName (is required) The name of the Safe where the account groups are
Outputs Description
GroupID (GroupID) The ID of the account group
GroupName(GroupName) The name of the account group.
GroupPlatformID(GroupPlatformID) The ID of the platform associated with the account group
Safe(Safe) The name of the Safe where the account groups are

CyberArk/Update Safe

This method returns all the existing account groups in a specific Safe.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeUrlId (is required) The unique ID of the Safe
safeName (is required) The unique name of the Safe
location The location of the Safe in the Vault
olacEnabled Whether to enable Object Level Access Control for the new Safe
description The description of the Safe
managingCPM The name of the CPM user who will manage the new Safe
numberOfVersionsRetention The number of retained versions of every password that is stored in the Safe
numberOfDaysRetention The number of days that password versions are saved in the Safe
Outputs Description
safeName (safeName) The unique name of the Safe
safeNumber(safeNumber) The unique numerical ID of the Safe
description(description) The description of the Safe
location(location) The location of the Safe in the Vault
creator(creator) Contains the following parameters: creator.id:The ID of the user that created the Safe. Type: String, creator.name: The name of the user that created the Safe
olacEnabled(olacEnabled) Whether or note to enable Object Level Access Control for the new Safe
managingCPM(managingCPM) The name of the CPM user who will manage the new Safe
numberOfVersionsRetention(numberOfVersionsRetention) The number of retained versions of every password that is stored in the Safe
numberOfDaysRetention(numberOfDaysRetention) The number of days that password versions are saved in the Safe

CyberArk/Delete Safe

This method deletes a Safe from the Vault.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeUrlId (is required) The unique ID of the Safe

CyberArk/Add Safe Member

This method adds an existing user or group as a Safe member.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeUrlId (is required) The unique ID of the Safe
Outputs Description
safeUrlId (safeUrlId) The unique ID of the Safe used when calling Safe APIs
safeName(safeName) The unique name of the Safe
safeNumber(safeNumber) The unique numerical ID of the Safe
memberId(memberId) The Vault user ID, Domain user ID, or group ID of the Safe member
memberName(memberName) The Vault user name, Domain user name or group name of the Safe member
memberType(memberType) The member type
membershipExpirationDate(membershipExpirationDate) The members expiration date for this Safe. For members that do not have an expiration date, this value will be null
isExpiredMembershipEnable(isExpiredMembershipEnable) Whether or not the membership for the Safe is expired. For expired members, the value is True
isPredefinedUser(isPredefinedUser) Whether the member is a predefined Vault user or group
permissions(permissions) The permissions that the user or group has on this

CyberArkGet/All Safe Members

This method returns a list of the members of a Safe.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeUrlId (is required) The unique ID of the Safe
Filter Filters are according to the REST standard. Search for Safe members using the following filters. Multiple filters can be applied using the AND operator
search Searches according to the Safe name. Search is performed according to the REST standard (search=search word)
offset Offset of the first member that is returned in the collection of results
limit The maximum number of members that are returned
sort Sorts according to the memberName property in ascending order (default) or descending order to control the sort direction
Outputs Description
value (value) The list of all safe members
count(count) The number of members

CyberArkGet/Update Safe Member

This method updates an existing Safe member.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeUrlId (is required) The unique ID of the Safe
MemberName The Vault user name, Domain user name or group name of the Safe member
membershipExpirationDate The Vault user name, Domain user name or group name of the Safe member
permissions User or group permissions in the Safe
Outputs Description
safeUrlId (safeUrlId) The unique ID of the Safe used when calling Safe APIs
safeName(safeName) The unique name of the Safe
safeNumber(safeNumber) The unique numerical ID of the Safe
memberId(memberId) The Vault user ID, Domain user ID, or group ID of the Safe member
memberName(memberName) The Vault user name, Domain user name or group name of the Safe member
memberType(memberType) The member type
membershipExpirationDate(membershipExpirationDate) The members expiration date for this Safe. For members that do not have an expiration date, this value will be null
isExpiredMembershipEnable(isExpiredMembershipEnable) Whether or not the membership for the Safe is expired. For expired members, the value will be True
isPredefinedUser(isPredefinedUser) Whether the member is a predefined user or group of the Vault
isReadOnly(isReadOnly) Whether or not the current user can update the permissions of a member
permissions The permissions that the user or group has for this Safe

CyberArkGet/Delete Safe Member

This method removes a specific member from a Safe.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
SafeUrlId (is required) The unique ID of the Safe
MemberName (is required) The Vault user name, Domain user name or group name of the Safe member

CyberArkGet/Get Password

This method enables users to retrieve the password or SSH key of an existing account that is identified by its Account ID. It enables users to specify a reason and ticket ID, if required.

Inputs Description
Authorization (is required) The token that identifies the session, encoded in BASE 64
CyberArk Server Address (is required) The address of the CyberArk Server
accountId (is required) The unique ID of the account
reason The reason that is required to retrieve the password/SSH key
TicketingSystemName The name of the Ticketing System
TicketId The Vault user name, Domain user name or group name of the Safe member
Version The Vault user name, Domain user name or group name of the Safe member
ActionType The action this password will be used for
isUse (is required) Internal parameter (for PSM for SSH only)
Machine The address of the remote machine to connect to
Outputs Description
myPassword (myPassword) The password of the account

MISP

MISP/Add Event

Enables the creation and management of events related to cybersecurity intelligence.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP serverThe IP of the MISP server
Info (is required) Details about the event
Organisation ID It refers to the unique identifier for an organization within the MISP platform
Distribution Who will be able to see this event once it becomes published and eventually when it becomes pulled: 0 Your organization only 1 This community only 2 Connected communities 3 All communities 4 Sharing group 5 Inherit Event
UUID It is a universally unique identifier used to uniquely identify and manage events, attributes, or other objects within the platform. It ensures that each entity is distinct and easily traceable across MISP
Date Represents the timestamp or specific date associated with an event
Published Indicates whether an event or attribute is publicly shared or not
Analysis Represents the analysis maturity level. 0: Initial 1: Ongoing 2: Complete
Attribute Count The number of the attributes from the event
Timestamp The exact date and time when an event, attribute, or other data is created or updated
Sharing Group IP Is used to associate an event or attribute with a specific sharing group
Proposal Email Lock Is used to control whether a proposal (event or attribute) can be modified or edited by others after being submitted via email
Locked Indicates whether an event or attribute is locked, preventing further modifications.
Threat Level ID Represents the threat level. 1: High 2: Medium 3: Low 4: Undefined
Publish Timestamp Represents the date and time when an event or attribute is published, indicating its visibility and availability for sharing with external systems or organizations
Sighting Timestamp Records the date and time when a specific observation or sighting of a cyber threat was made.
Disable Correlation Allows users to prevent the correlation of certain attributes or events with other data.
Extends UUID Is used to link an attribute or event to another existing event or attribute using its unique UUID.
Event Creator Email Stores the email address of the user who created the event. It helps in tracking the origin and ownership of specific cybersecurity events
Outputs Description
Event (event) The informations with which the event was created

MISP/Get a list of events

Retrieves a list of events based on specified filters, enabling efficient access to relevant threat intelligence data.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Outputs Description
values (values) The results of the API call

MISP/Edit Event

Allows modifications to an existing event.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event which is wanted to be edited
Info Details about the event
Organisation ID It refers to the unique identifier for an organization within the MISP platform
Distribution Who will be able to see this event once it becomes published and eventually when it becomes pulled: 0 Your organization only 1 This community only 2 Connected communities 3 All communities 4 Sharing group 5 Inherit Event
UUID It is a universally unique identifier used to uniquely identify and manage events, attributes, or other objects within the platform. It ensures that each entity is distinct and easily traceable across MISP
Date Represents the timestamp or specific date associated with an event
Published Indicates whether an event or attribute is publicly shared or not
Analysis Represents the analysis maturity level. 0: Initial 1: Ongoing 2: Complete
Attribute Count The number of the attributes from the event
Timestamp The exact date and time when an event, attribute, or other data is created or updated
Sharing Group IP Is used to associate an event or attribute with a specific sharing group
Proposal Email Lock Is used to control whether a proposal (event or attribute) can be modified or edited by others after being submitted via email
Locked Indicates whether an event or attribute is locked, preventing further modifications.
Threat Level ID Represents the threat level. 1: High 2: Medium 3: Low 4: Undefined
Publish Timestamp Represents the date and time when an event or attribute is published, indicating its visibility and availability for sharing with external systems or organizations
Sighting Timestamp Records the date and time when a specific observation or sighting of a cyber threat was made.
Disable Correlation Allows users to prevent the correlation of certain attributes or events with other data.
Extends UUID Is used to link an attribute or event to another existing event or attribute using its unique UUID.
Even Creator Email Stores the email address of the user who created the event. It helps in tracking the origin and ownership of specific cybersecurity events
Outputs Description
Event (event) The informations with which the event was edited

MISP/Delete Event

Removes an existing event and its associated data from the platform.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event which is wanted to be deleted
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised
ID (id) The ID of the event on which action was realized

MISP/Get Event by ID

Retrieves detailed information about a specific event using its unique identifier.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event which is wanted to be searched
Outputs Description
Event (Event) The informations of the searched event

MISP/Publish an Event

Allows users to publish an event, making it available for sharing with other MISP instances or organizations while maintaining control over visibility.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event which is wanted to be published
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised
ID (id) The ID of the event on which action was realized

MISP/Unpublish an Event

Allows users to retract the published status of an event, ensuring that it is no longer shared with external parties while keeping it accessible within the MISP instance.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event which is wanted to be unpublished
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised
ID (id) The ID of the event on which action was realized

MISP/Add Event Tag

Allows users to assign tags to an event for better organization, categorization, and easy identification within the platform.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event where the tag will be added
Tag ID (is required) Numeric ID of the attribute
Local (is required) Whether the object should be attached locally or not to the target
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Check Publish (check_publish) Is used to verify whether an event or attribute is ready for publication or sharing.

MISP/Enrich an Event with the Given Modules

Alows users to enhance an event by applying specific modules, such as automated threat intelligence or data enrichment, to add additional context and insights.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event which is wanted to be enhanced
Reverse DNS The additional module which is used to enrich the event
Sygma Syntax Validator The additional module which is used to enrich the event
Ods Enrich The additional module which is used to enrich the event
Recorded Future The additional module which is used to enrich the event
EUPI The additional module which is used to enrich the event
DOCX Enrich The additional module which is used to enrich the event
Passive Total The additional module which is used to enrich the event
Abuse IP DB The additional module which is used to enrich the event
Ransom Coin DB The additional module which is used to enrich the event
Domain Tools The additional module which is used to enrich the event
Crowdstrike Falcon The additional module which is used to enrich the event
Google Safe Browsing The additional module which is used to enrich the event
GeoIP Country The additional module which is used to enrich the event
JOE Sandbox The additional module which is used to enrich the event
Crowdsec The additional module which is used to enrich the event
GeoIP ASN The additional module which is used to enrich the event
RBL The additional module which is used to enrich the event
Yeti The additional module which is used to enrich the event
OCR Enrich The additional module which is used to enrich the event
Onyphe The additional module which is used to enrich the event
ODT Enrich The additional module which is used to enrich the event
Social Scan The additional module which is used to enrich the event
Sophos Labs Intelix The additional module which is used to enrich the event
MMDB Lookup The additional module which is used to enrich the event
VMRay Submit The additional module which is used to enrich the event
Trustar Enrich The additional module which is used to enrich the event
IP Info The additional module which is used to enrich the event
BackscatterIO The additional module which is used to enrich the event
IP ASN The additional module which is used to enrich the event
URL Scan The additional module which is used to enrich the event
Thread Crowd The additional module which is used to enrich the event
HTML to Markdown The additional module which is used to enrich the event
YARA Query The additional module which is used to enrich the event
Sigma Queries The additional module which is used to enrich the event
X-Force Exchange The additional module which is used to enrich the event
WHOIS The additional module which is used to enrich the event
PDF Enrich The additional module which is used to enrich the event
Threat Fox The additional module which is used to enrich the event
Clamav The additional module which is used to enrich the event
VMware NSX The additional module which is used to enrich the event
Sigmf The additional module which is used to enrich the event
URLhaus The additional module which is used to enrich the event
Stix2 Pattern Syntax Validator The additional module which is used to enrich the event
Censys Enrich The additional module which is used to enrich the event
VARIoT DBs The additional module which is used to enrich the event
JOESandbox Submit The additional module which is used to enrich the event
Virustotal Public The additional module which is used to enrich the event
MACAddressIO The additional module which is used to enrich the event
McAfee Insights Enrich The additional module which is used to enrich the event
Country Code The additional module which is used to enrich the event
Shodan The additional module which is used to enrich the event
DNS DB Query The additional module which is used to enrich the event
Greynoise The additional module which is used to enrich the event
XLSX Enrich The additional module which is used to enrich the event
Lastine Submit The additional module which is used to enrich the event
Assembly Line Submit The additional module which is used to enrich the event
Hash Lookup The additional module which is used to enrich the event
APIVoid The additional module which is used to enrich the event
Lastline Query The additional module which is used to enrich the event
EQL The additional module which is used to enrich the event
Cuckoo submit The additional module which is used to enrich the event
HYAS Insight The additional module which is used to enrich the event
Assembly Line Query The additional module which is used to enrich the event
CIRCL Passive DNS The additional module which is used to enrich the event
Security Trails The additional module which is used to enrich the event
Hashdd The additional module which is used to enrich the event
GeoIP City The additional module which is used to enrich the event
QRCode The additional module which is used to enrich the event
Source cache The additional module which is used to enrich the event
ThreatMiner The additional module which is used to enrich the event
Cytomic Orion The additional module which is used to enrich the event
IP Reputation The additional module which is used to enrich the event
QIntel QSentry The additional module which is used to enrich the event
Wiki The additional module which is used to enrich the event
CVE The additional module which is used to enrich the event
BTC Scam Check The additional module which is used to enrich the event
Whoisfreaks The additional module which is used to enrich the event
Google Search The additional module which is used to enrich the event
MalwareBazaar The additional module which is used to enrich the event
Intel471 The additional module which is used to enrich the event
BTC Steroids The additional module which is used to enrich the event
Mwdb The additional module which is used to enrich the event
Dbl Spamhaus The additional module which is used to enrich the event
Onyphe Full The additional module which is used to enrich the event
IPqs Fraud and Risk Scoring The additional module which is used to enrich the event
Farsight Passive DNS The additional module which is used to enrich the event
CVE Advanced The additional module which is used to enrich the event
CPE The additional module which is used to enrich the event
Passive The additional module which is used to enrich the event
Vulners The additional module which is used to enrich the event
YARA Syntax Validator The additional module which is used to enrich the event
Jinja Template Rendering The additional module which is used to enrich the event
Virustotal The additional module which is used to enrich the event
MACVendors The additional module which is used to enrich the event
VulnDB The additional module which is used to enrich the event
CIRCL Passive SSL The additional module which is used to enrich the event
DNS The additional module which is used to enrich the event
OTX The additional module which is used to enrich the event
Bgpranking The additional module which is used to enrich the event
Extract URL Components The additional module which is used to enrich the event
IntelMQ EventDB The additional module which is used to enrich the event
ApiosintDS The additional module which is used to enrich the event
PPTX Enrich The additional module which is used to enrich the event
Hibp The additional module which is used to enrich the event
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised
ID (id) The ID of the event on which action was realized

MISP/Search Events

Allows users to query and retrieve events based on specific criteria, such as attributes, dates, or event types, making it easier to find relevant cybersecurity information.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Page Is used for paginating results when retrieving data through the API
Limit Specifies the maximum number of records to retrieve in a single API response
Sort Field to be used to sort the result
Direction Sort direction of the result: asc, desc. Default is asc.
Minimal Returns a minimal version of the event, only events with attributeCount > 0 will be returned
Attribute Filter events matching the given string with attributes values
EventID The ID of the events which is wanted to be searched
Date From Event creation date is greater or equal
Date Until Event creation date is less or equal
Organisation Filter events by matching the creator organisation name
Event Info Filter events by matching the event info text
Tag The tag you want to search for
Tags Filter events by matching any of the event tags of a given list of tag names
Distribution Who will be able to see this event once it becomes published and eventually when it becomes pulled: 0: Your organization only 1: This community only 2: Connected communities 3: All communities 4: Sharing group 5: Inherit Event
Sharing Group Specifies the sharing group.It determines the group of users or organizations that have access to the shared data, ensuring controlled and collaborative information sharing.
Analysis Represents the analysis maturity level. 0: Initial 1: Ongoing 2: Complete
Threat Level Represents the threat level. 1: High 2: Medium 3: Low 4: Undefined
Email Filter events by matching the event creator user email
Hash Proposal Filter events by checking if it has attributes with change proposals. Possible values: 0, 1
Timestamp Event timestamp greater or equal
Publish timestamp Represents the date and time when an event or attribute is published, indicating its visibility and availability for sharing with external systems or organizations
Search Date From Filters on the date, anything newer than the given date in YYYY-MM-DD format is taken.
Search Date Until Filters on the date, anything older than the given date in YYYY-MM-DD format is taken.
Outputs Description
values (values) The results of the API call

MISP/Get Tags

Retrieves a list of tags associated with events, attributes, or other elements, helping users manage and organize their data effectively.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Outputs Description
Tag (tag) The result of the API call

MISP/Get Tags by ID

Retrieves information about a specific tag using its unique identifier, providing details related to that tags association with events or attribute.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Tag ID (is required) Numeric ID of the tag
Outputs Description
ID (id) The ID of the tag on which action was realized
Name (name) The name of the Tag
Exportable (exportable) True if the parameter is exportable, otherwise False
Organisation ID (org_id) It refers to the unique identifier for an organization within the MISP platform
User ID (user_id) The identification of the user
Hide Tag (hide_tag) Default value is False
Numerical Value (numerical_value) Quantitative information about the tag
Is Galaxy (is_galaxy) Default value is true
Is Custom Galaxy (is_custom_galaxy) Default value is true

MISP/Add Tag

Allows users to create new tags.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Name (is required) The name of the Tag
Colour The colour of the tag in MISP interface
Exportable True if the parameter is exportable, otherwise False
Organization ID It refers to the unique identifier for an organization within the MISP platform
User ID The identification of the user
Hide Tag Default value is False
Numerical Value Quantitative information about the tag
Is Galaxy Default value is true
Is Custom Galaxy Default value is true
Inherited Default value is 1.
Outputs Description
Tag (tag) The tag created

MISP/Edit Tag

Allows users to modify the details of an existing tag, such as its name or associated elements, ensuring accurate and up-to-date categorization within the platform.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Name (is required) The name of the Tag
Colour The colour of the tag in MISP interface
Exportable True if the parameter is exportable, otherwise False
Organization ID It refers to the unique identifier for an organization within the MISP platform
User ID The identification of the user
Hide Tag Default value is False
Numerical Value Quantitative information about the tag
Is Galaxy Default value is true
Is Custom Galaxy Default value is true
Inherited Default value is 1.
Outputs Description
Tag (tag) The tag edited

MISP/Delete Tag

Removes a specific tag from events, attributes, or other elements, helping to manage and clean up unused or outdated tags.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Tag ID (is required) Numeric ID of the attribute
Outputs Description
Message (message) The message about the action which was realised

MISP/Get Galaxies

Retrieves a list of galaxy objects, which represent groups of related attributes or data, providing a structured way to organize and manage complex threat intelligence information.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Outputs Description
values (values) The results of the API call

MISP/Get Galaxies by ID

Retrieves a specific galaxy object using its unique identifier, allowing users to access detailed information about related attributes or data.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Galaxy ID (is required)
Outputs Description
Galaxy (galaxy) The searched galaxy

MISP/Search Galaxies

Allows users to query and retrieve galaxy objects based on specific criteria, helping to organize and manage complex cybersecurity data effectively.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Value (is required) Text search term to find a matching galaxy name, namespace, description, kill_chain_order or uuid.
Outputs Description
Galaxy (galaxy) A list of galaxies based of the search criteria

MISP/Attach the Galaxy Cluster Tag a Given Entity

Associates a galaxy cluster tag with a specific event or attribute, enabling the organization and enrichment of related cybersecurity data.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Attach Target ID (is required) UUID or numeric ID of the target entity (Event, Attribute or TagCollection)
Attach Target Type (is required) Type of the target entity to attach to the galaxy cluster.
Galaxy Cluster ID (is required) Target galaxy cluster to attach
Local (is required) Whether the object should be attached locally or not to the target
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Check Publish (check_publish) Is used to verify whether an event or attribute is ready for publication or sharing.

MISP/Get Galaxies Clusters

Retrieves a list of galaxy clusters, which group related galaxies to help organize and manage complex relationships within cybersecurity data.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Galaxy ID (is required) UUID or numeric ID of the galaxy
Outputs Description
values (values) The results of the API call

MISP/Get Galaxies Clusters by ID

Retrieves details of a specific galaxy cluster using its unique identifier, providing insight into its associated galaxies and data.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Galaxy Cluster ID (is required) UUID or numeric ID of the galaxy cluster
Outputs Description
Galaxy Cluster (galaxycluster) A galaxy cluster with all its details.

MISP/Search Galaxy Clusters

Allows users to search for galaxy clusters based on specific criteria, helping to manage and analyze complex groups of related cybersecurity da.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Galaxy Cluster ID (is required) UUID or numeric ID of the galaxy cluster
Context (is required) Possible values:all, default, org,deleted
Search all Search galaxy clusters by matching any value, description, uuid or galaxy elements values.
Outputs Description
values (values) The results of the API call

MISP/Get a List of Sharing Groups

Retrieves all sharing groups available within the platform, allowing users to manage and organize access to shared threat intelligence.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Outputs Description
Response (response) The list of the Sharing Groups

MISP/Get a Sharing Group by ID

Retrieves details of a specific sharing group using its unique identifier, providing information about its associated events, attributes, and members.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Sharing Group ID (is required) UUID or numeric ID of the sharing group
Outputs Description
Response (response) The response of the API call

MISP/Add a Sharing Group

Creates a new sharing group, allowing users to manage collaboration and access to shared cybersecurity information within specific groups.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
UUID It is a universally unique identifier used to uniquely identify and manage events, attributes, or other objects within the platform. It ensures that each entity is distinct and easily traceable across MISP
Name The name of the Sharing Group
Description The short description about the Sharing Group
Releasability Defines the conditions or restrictions for the Sharing Group
Local True if the Sharing Group is local, otherwise False
Active True if the Sharing Group is false, otherwise false
Organization Count Indicates the number of the organisation in MISP
Organization UUID UUID of the Organisation
Organisation ID It refers to the unique identifier for an organization within the MISP platform
Sync User ID The user ID responsible for the Sharing Group
Created The date of creation
Modified The date of the modifications
Roaming True if the Sharing Group is not locally
Outputs Description
Sharing Group (sharinggroup) The new created Sharing Group

MISP/Edit a Sharing Group

Allows users to modify details of an existing sharing group, such as its name, members, or access permissions, to ensure proper management of shared data.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
UUID It is a universally unique identifier used to uniquely identify and manage events, attributes, or other objects within the platform. It ensures that each entity is distinct and easily traceable across MISP
Name The name of the Sharing Group
Description The short description about the Sharing Group
Releasability Defines the conditions or restrictions for the Sharing Group
Local True if the Sharing Group is local, otherwise False
Active True if the Sharing Group is false, otherwise false
Organization Count Indicates the number of the organisation in MISP
Organization UUID UUID of the Organisation
Organisation ID It refers to the unique identifier for an organization within the MISP platform
Sync User ID The user ID responsible for the Sharing Group
Created The date of creation
Modified The date of the modifications
Roaming True if the Sharing Group is not locally
Outputs Description
Sharing Group (sharinggroup) The result of the API call

MISP/Add an Organisation to a Sharing Group

Allows users to associate a specific organization with a sharing group, enabling controlled access and collaboration within the group.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Sharing Group ID (is required) UUID or numeric ID of the sharing group
Organisation ID (is required) UUID or numeric ID of the organisation
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised

MISP/Remove an Organisation From a Sharing Group

Removes an organization from a specific sharing group, managing the collaboration and access to shared data accordingly.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Sharing Group ID (is required) UUID or numeric ID of the sharing group
Organisation ID (is required) UUID or numeric ID of the organisation
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised

MISP/Add a Server to a Sharing Group

Allows users to associate a server with a specific sharing group, enabling secure sharing and management of threat intelligence across that group.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Sharing Group ID (is required) UUID or numeric ID of the sharing group
Server ID (is required) UUID or numeric ID of the server
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised

MISP/Remove a Server from a Sharing Group

Removes a server from a specific sharing group, ensuring proper management and access control for shared data

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Sharing Group ID (is required) UUID or numeric ID of the sharing group
Server ID (is required) UUID or numeric ID of the server
Outputs Description
Saved (saved) True if the operation was successful, otherwise False
Success (success) True if the operation was successful, otherwise False
Message (message) The message about the action which was realised

MISP/Get Servers

Retrieves a list of all servers associated with the platform, providing information on their status, configurations, and sharing group affiliations.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Outputs Description
values (values) The results of the API call

MISP/Add Server

Allows users to add a new server to the platform, enabling secure sharing and management of threat intelligence.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Name (is required) The name of the Server
URL (is required) The IP where the server it is found
Authentication Key (is required)
Remote Organisation ID (is required) It refers to the unique identifier for an remote organization within the MISP platform
Organisation ID It refers to the unique identifier for an organization within the MISP platform
Push True if the server will pe user to push data
Pull True if the server will pe user to pull data
Push Sightings True if the server will pe user to push sightings data
Push Galaxy Clusters True if the server will pe user to push galaxy clusters data
Pull Galaxy Clusters True if the server will pe user to pull galaxy clusters data
Last Pulled ID Tracks the identifier of the last object or event retrieved during a data pull.
Last Pushed ID Tracks the identifier of the last object or event retrieved during a data push.
Organization The ID of the organisation
Publish Without Email Allows an event to be published without triggering a notification email to the users. It is useful for silent updates or when email notifications are unnecessary.
Unpublish event True if you want to unpublish events
Self signed True if self signet certificates
Pull Rules Stringified JSON rules for pulling events from this server.
Push Rules Stringified JSON rules for pushing events from this server.
Certification File Base64 encoded certificate
Client Certification File Base64 encoded client certificate
Internal True if the server is internal, otherwise false
Skip Proxy True if you want to skip proxy server, otherwise false
Caching Enabled True if you want to cache informations, otherwise false
Priority The priority of the server
Cache Timestamp True if you want to cache timestamp, otherwise false
Outputs Description
Server (server) Informations about new server added

MISP/Get Sightings by Event ID

Retrieves a list of sightings associated with a specific event, providing insights into where and how the event has been observed.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Event ID (is required) The ID of the event which is wanted to be searched
Outputs Description
values (values) The results of the API call

MISP/Get a List of Warning Lists

Retrieves all warning lists available, which contain predefined indicators or threat data used to manage and track high-risk entities.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Outputs Description
Warning Lists (warninglists) The result of the API call

MISP/Check If a List of Values Matches any Warning Lists

Checks a given list of values (e.g., IP addresses, domains) against predefined warning lists to identify potential threats or risky entities.

Inputs Description
Token (is required) To use the MISP API, you must have an API key
MISP IP (is required) The IP of the MISP server
Check Values (is required) The values you want to check in MISP
Outputs Description
values (values) The results of the API call