Digital Shadows

the searchlight api enables applications to integrate with the digital shadows searchlight platform asset information the asset requires a url, api key as username, api secret as password for authentication capabilities this connector provides the following capabilities data breaches incidents indicators ip ports ssl/tls vulnerabilities reporting search tags configurations digital shadows http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username api key as username string required password api secret as password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get data breach by id retrieve a data breach by its id endpoint url api/data breach/{{id}} method get input argument name type required description id number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier title string output field title occurred string output field occurred modified string output field modified incident object unique identifier id number unique identifier scope string output field scope type string type of the resource severity string output field severity title string output field title closedsource boolean output field closedsource externalsource boolean output field externalsource dataclasses array response data domaincount number count value recordcount number count value sourceurl string url endpoint for the request example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "thu, 10 aug 2023 17 09 47 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=qnzmrlbfskbxdgjgog/zniuj11dnpozetrk3pouukwxufztviakury+h1i6dxnmugji7zou1s ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "396gonjbaqrtu", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "id" 126096551, "title" "exposed credential from https //digitalshadowsresearch com/2021/02/forum exploit ", "occurred" "2021 02 17", "modified" "2021 02 17t16 54 23 764z", "incident" {}, "externalsource" false, "dataclasses" \[], "domaincount" 1, "recordcount" 1, "sourceurl" "https //digitalshadowsresearch com/2021/02/forum exploit in/topic 183431/8" } } ] get data breach record by id retrieve a data breach by its id endpoint url api/data breach record/{{id}}/reviews method get input argument name type required description id number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "thu, 10 aug 2023 16 52 05 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=ndi1u9siirxifnnbbbhfmdhbjknkmyl/duz6a60tb+lswhb7r5gz35swdyiu8oqvsmhpdt1zl ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "5eod3sn9tfavk", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1691686380" }, "reason" "", "json body" \[ {}, {}, {} ] } ] get data breach summary summary of all data breaches for the current client not supported by the exposed credential alert endpoint url api/data breach summary method get input argument name type required description published string optional parameter for get data breach summary output parameter type description status code number http status code of the response reason string response reason phrase totalbreaches number output field totalbreaches totalusernames number name of the resource usernamesperdomain array name of the resource file name string name of the resource file string output field file breachesperdomain array output field breachesperdomain file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "thu, 10 aug 2023 16 32 22 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=q8htdo0miyq5rw87geowgpnqfqcmocp9jianhtxgf3qwp2ca9vxtzdq3k7ddn1ltidmj87sdl ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "165ajmb6p6dsm", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "totalbreaches" 0, "totalusernames" 0, "usernamesperdomain" \[], "breachesperdomain" \[] } } ] get incident by id retrieve an incident by its id endpoint url api/incidents/{{id}} method get input argument name type required description id number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier scope string output field scope type string type of the resource subtype string type of the resource severity string output field severity title string output field title published string output field published closedsource boolean output field closedsource modified string output field modified occurred string output field occurred verified string output field verified tags array output field tags id number unique identifier name string name of the resource type string type of the resource version number output field version score number score value entitysummary object output field entitysummary source string output field source domain string output field domain sourcedate string date value screenshot object output field screenshot id string unique identifier example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 06 55 11 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=0l4xsto19htaekcwniqwe6jygafi0evdneurx6pd17r/2oxynfgujhtlt+9687rqrz6oeqatw\ ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "83kcmod6d4k91", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "id" 138538846, "scope" "organization", "type" "brand protection", "subtype" "phishing attempt", "severity" "low", "title" "impersonating subdomain molnet hilu tv", "published" "2023 08 09t16 06 32 403z", "closedsource" false, "modified" "2023 08 09t16 06 32 394z", "occurred" "2023 08 09t16 06 32 403z", "verified" "2023 08 09t16 06 32 403z", "tags" \[], "version" 0, "score" 0, "entitysummary" {} } } ] get incident cef by event retrieve client incidents for current client in cef format endpoint url api/incident cef events method get input argument name type required description starttime string optional time value maxresults number optional result of the operation eventtype string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase format string output field format version string output field version timestamp string output field timestamp count number count value events array output field events links array output field links rel string output field rel href string output field href example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 09 44 27 gmt", "content type" "application/json;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=938wrruh7/zomvsqyuvdcvjyda5muuki6vr0o5gq6f81ixzen8rucqxubimtypavfsdzjppgp ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "b9sf50a7l77qv", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "format" "cef", "version" "1 0", "timestamp" "2023 08 11t09 44 27 858z", "count" 1, "events" \[], "links" \[] } } ] get find incident find incidents endpoint url api/incidents/find method get input argument name type required description since string optional parameter for get find incident sort property string optional parameter for get find incident sort direction string optional parameter for get find incident detailed boolean optional parameter for get find incident headers object optional http headers for the request content type string optional type of the resource accept string optional parameter for get find incident output parameter type description status code number http status code of the response reason string response reason phrase content array response content id number unique identifier scope string output field scope type string type of the resource subtype string type of the resource severity string output field severity title string output field title published string output field published closedsource boolean output field closedsource modified string output field modified occurred string output field occurred verified string output field verified tags array output field tags id number unique identifier name string name of the resource type string type of the resource version number output field version score number score value entitysummary object output field entitysummary source string output field source domain string output field domain sourcedate string date value screenshot object output field screenshot example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 07 26 54 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=o+m2mjlexki7iagehidjvkizxq72unft6l+w5m0utsj7pvcq+unh2cermzzoeq35hwxubweaa ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "4gqvgegice4lr", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 10 } } ] get incident find triage by id retrieve the triage item id for an incident id endpoint url api/incidents/{{id}}/find triage item id method get input argument name type required description id number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 07 01 29 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=bmhslaxb5fatd6n8ghbskasmji+mjequbk8cknmevjmb8aavpiryk4piqxx21xhdmhfma3vp3 ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "ei0aliut27dp5", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "59", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" "ca101070 6b2c 48ed ae27 7f629ebbfc4f" } ] get incident reviews by id retrieve all review updates for a given incident endpoint url api/incidents/{{id}}/reviews method get input argument name type required description id number optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 07 05 11 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=tx/nbe+kton2o9ezglesi3fv2fszn5e9m/cvm0u2zkudqk7sktzgtzczgrfcjovfnohoqebfl ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "ef0q1ks39v44r", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1691737560" }, "reason" "", "json body" \[ {} ] } ] get ip ports reviews by id retrieve all review updates for a given port inspection endpoint url api/ip ports/{{id}}/reviews method get input argument name type required description id number optional unique identifier incidentid number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 13 27 26 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=37qkpmmhnxaw5tjdleq1e8pqjkceydbhnfve+lgmbbn2dnlt8frl4tsqkwbacpubvq1pymahq ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "4b5iurvaelcju", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" \[] } ] get tags batch batch retrieve specific tags by their id endpoint url api/tags/batch method get input argument name type required description id number required unique identifier detailed boolean optional parameter for get tags batch output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 14 aug 2023 09 05 09 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=5syw3b6yhnmm05v5n9cwiufzbydvrw/d/tb6bc+hqv8txbeu9mx/elzejdgevnwlm8wclucdk ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "2jtn99or00bh3", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" \[] } ] post data breach by find find data breaches endpoint url api/data breach/find method post input argument name type required description filter object optional parameter for post data breach by find published string optional parameter for post data breach by find username string optional name of the resource domainnamesonrecords array optional name of the resource severities array optional parameter for post data breach by find statuses array optional status value alerted boolean optional parameter for post data breach by find minimumtotalrecords number optional parameter for post data breach by find repostedcredentials array optional parameter for post data breach by find sort object optional parameter for post data breach by find property string optional parameter for post data breach by find direction string optional parameter for post data breach by find pagination object optional parameter for post data breach by find size number optional parameter for post data breach by find offset number optional parameter for post data breach by find containingid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase content array response content id number unique identifier title string output field title occurred string output field occurred modified string output field modified published string output field published incident object unique identifier id number unique identifier scope string output field scope type string type of the resource severity string output field severity title string output field title closedsource boolean output field closedsource externalsource boolean output field externalsource domaincount number count value recordcount number count value sourceurl string url endpoint for the request organisationusernamecount number name of the resource currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 14 aug 2023 09 48 45 gmt", "content type" "application/json;charset=utf 8", "content length" "190", "connection" "keep alive", "set cookie" "awsalb=+/dca5v+lxhm7py31rx0wwefjjevp9atfmybu/itp5fursxbiwd39/2qzd1caspwsxcmsyara ", "vary" "origin, access control request method, access control request headers", "x correlation id" "ckbbobgvhte6n", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1692006540" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 84 } } ] post data breach by id find data breach records endpoint url api/data breach/{{id}}/records method post input argument name type required description id number required unique identifier filter object optional parameter for post data breach by id published string optional parameter for post data breach by id distinction string optional parameter for post data breach by id username string optional name of the resource password string optional parameter for post data breach by id domainname string optional name of the resource domainnames array optional name of the resource reviewstatuses array optional status value sort object optional parameter for post data breach by id property string optional parameter for post data breach by id direction string optional parameter for post data breach by id pagination object optional parameter for post data breach by id size number optional parameter for post data breach by id offset number optional parameter for post data breach by id containingid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase content array response content file name string name of the resource file string output field file currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "thu, 10 aug 2023 17 18 04 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=pjvalli/cvyzad+g+gr2npklaixcifbpm6f0xrganqc8egyjsldkimevno620v8nn/8rlllf6 ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "ch0a8juucc5bj", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1691687940" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 0 } } ] post data breach record by find find data breach records endpoint url api/data breach record/find method post input argument name type required description filter object optional parameter for post data breach record by find published string optional parameter for post data breach record by find distinction string optional parameter for post data breach record by find username string optional name of the resource password string optional parameter for post data breach record by find domainname string optional name of the resource domainnames array optional name of the resource reviewstatuses array optional status value sort object optional parameter for post data breach record by find property string optional parameter for post data breach record by find direction string optional parameter for post data breach record by find pagination object optional parameter for post data breach record by find size number optional parameter for post data breach record by find offset number optional parameter for post data breach record by find containingid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase content array response content file name string name of the resource file string output field file currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "thu, 10 aug 2023 16 36 45 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=wk6v3ztow9gwckacqfckx/9o7sktfg8stl9cj5kmsmn+yrsons/dsstosmjlxeypieaeobe5q ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "e7rnj1kis42s4", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1691685420" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 0 } } ] post data breach record by id snapshot the review status of an data breach record endpoint url api/data breach record/{{id}}/reviews method post input argument name type required description id number required unique identifier note string optional parameter for post data breach record by id status string optional status value version number optional parameter for post data breach record by id output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "server" "nginx", "date" "thu, 10 aug 2023 14 43 40 gmt", "connection" "keep alive", "set cookie" "awsalb=8zid+pxoh8e7iitgzrxqhbabkgebclnos/zq4vrcltgg4fgd1w/l+mlylz5l7qhzn//zejnt/ ", "vary" "origin, access control request method, access control request headers", "x correlation id" "dddhmc4k09cp", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1691678640", "strict transport security" "max age=31536000 ; includesubdomains", "x xss protection" "1; mode=block" }, "reason" "", "response text" "" } ] post data breach username by find find unique usernames found across all data breaches endpoint url api/data breach usernames/find method post input argument name type required description filter object optional parameter for post data breach username by find published string optional parameter for post data breach username by find domainnames array optional name of the resource username string optional name of the resource reviewstatuses array optional status value sort object optional parameter for post data breach username by find property string optional parameter for post data breach username by find direction string optional parameter for post data breach username by find pagination object optional parameter for post data breach username by find size number optional parameter for post data breach username by find offset number optional parameter for post data breach username by find containingid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase content array response content file name string name of the resource file string output field file currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "thu, 10 aug 2023 16 29 10 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=u1revgt5utv9lq4riujt0oo5or1xvovndyycjamunhecsx4g+xnnn4pmjxuijslpw+95r4vtq ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "3l2l1de5po5sk", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1691685000" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 0 } } ] post find indicators retrieve indicators based on the criteria specified in the view object posted endpoint url api/indicators/find method post input argument name type required description filter object optional parameter for post find indicators ids array optional unique identifier indicatorids array optional unique identifier types array optional type of the resource value string optional value for the parameter actorthreats array optional parameter for post find indicators id number optional unique identifier malwarethreats array optional parameter for post find indicators id number optional unique identifier attributiontags array optional parameter for post find indicators id number optional unique identifier malwareattributions array optional parameter for post find indicators id number optional unique identifier lastupdated string optional parameter for post find indicators sourcetype string optional type of the resource sourceidentifier string optional unique identifier externalids array optional unique identifier sort object optional parameter for post find indicators property string optional parameter for post find indicators direction string optional parameter for post find indicators pagination object optional parameter for post find indicators size number optional parameter for post find indicators offset number optional parameter for post find indicators containingid string optional unique identifier headers object optional http headers for the request output parameter type description status code number http status code of the response reason string response reason phrase content array response content id string unique identifier type string type of the resource value string value for the parameter sourceidentifier string unique identifier sourcetype string type of the resource lastupdated string output field lastupdated attributiontag object output field attributiontag id number unique identifier name string name of the resource type string type of the resource currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 08 14 52 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=wvfkb0/nkrzc1czp8h7xlozzmdl17bjkfedf1japbpure1rmtegyrptvy+yy97gbwgflb0ltw\ ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "grn0mekeou7k", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 186436 } } ] post find incident find incidents endpoint url api/incidents/find method post input argument name type required description filter object optional parameter for post find incident identifier number optional unique identifier severities array optional parameter for post find incident tags array optional parameter for post find incident id number optional unique identifier name string optional name of the resource type string optional type of the resource threat object optional parameter for post find incident id number optional unique identifier parent object optional parameter for post find incident id number optional unique identifier domain string optional parameter for post find incident created string optional parameter for post find incident tagoperator string optional parameter for post find incident daterange string optional parameter for post find incident daterangefield string optional parameter for post find incident incidenttypes array optional unique identifier incidenttaggedtypes array optional unique identifier id number optional unique identifier name string optional name of the resource type string optional type of the resource threat object optional parameter for post find incident id number optional unique identifier parent object optional parameter for post find incident id number optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase content array response content id number unique identifier scope string output field scope type string type of the resource subtype string type of the resource severity string output field severity title string output field title published string output field published closedsource boolean output field closedsource modified string output field modified occurred string output field occurred verified string output field verified tags array output field tags id number unique identifier name string name of the resource type string type of the resource version number output field version score number score value entitysummary object output field entitysummary source string output field source domain string output field domain sourcedate string date value screenshot object output field screenshot example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 08 14 52 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=wvfkb0/nkrzc1czp8h7xlozzmdl17bjkfedf1japbpure1rmtegyrptvy+yy97gbwgflb0ltw\ ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "grn0mekeou7k", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 30 } } ] post incident pipeline retrieve the incident pipeline data, providing an overview of the curation process used to extract incidents endpoint url api/incidents/pipeline method post input argument name type required description filter object optional parameter for post incident pipeline daterange string optional parameter for post incident pipeline output parameter type description status code number http status code of the response reason string response reason phrase from string output field from until string output field until stages array output field stages type string type of the resource counts array output field counts type string type of the resource current number output field current previous number output field previous example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 09 15 56 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=v8zxa3viwvijwnjsn9vrxjzbl5q+ej5f5v4drv5qbb3hut7inydhkd3+h+hpeoendcgjlgb4j ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "393b1dacc0bln", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "59", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "from" "2022 03 02", "until" "2022 03 14", "stages" \[] } } ] post incident reviews by id snapshot the review status of an incident endpoint url api/incidents/{{id}}/reviews method post input argument name type required description id number required unique identifier note string optional parameter for post incident reviews by id status string optional status value version number optional parameter for post incident reviews by id output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier version number output field version example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 07 17 50 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=vvl9bkvv8vjvcqr4ob2bsfhgg4b4afdi52irmdq5wqgr6r66+iugwbrk98htqu/dotmlkglra ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "296lunfbf8h14", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "240", "x ratelimit remaining" "239", "x ratelimit period" "60", "x ratelimit reset" "1691738280" }, "reason" "", "json body" { "id" 138538846, "version" 2 } } ] post incident summary aggregated summary of incident information used to generate reports/statistics endpoint url api/incidents/summary method post input argument name type required description filter object optional parameter for post incident summary identifier number optional unique identifier severities array optional parameter for post incident summary tags array optional parameter for post incident summary id number optional unique identifier name string optional name of the resource type string optional type of the resource threat object optional parameter for post incident summary id number optional unique identifier parent object optional parameter for post incident summary id number optional unique identifier domain string optional parameter for post incident summary created string optional parameter for post incident summary tagoperator string optional parameter for post incident summary daterange string optional parameter for post incident summary daterangefield string optional parameter for post incident summary incidenttypes array optional unique identifier incidenttaggedtypes array optional unique identifier id number optional unique identifier name string optional name of the resource type string optional type of the resource threat object optional parameter for post incident summary id number optional unique identifier parent object optional parameter for post incident summary id number optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase keyset array output field keyset keylabels array output field keylabels ranges array output field ranges rangestart string output field rangestart rangeend string output field rangeend groupedincidentcounts array unique identifier file name string name of the resource file string output field file total number output field total regulartimespan string output field regulartimespan example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 09 36 59 gmt", "content type" "application/json;charset=utf 8", "content length" "136", "connection" "keep alive", "set cookie" "awsalb=+j1qhf/qnr/uv7c7qmznwyyfw4uaolso78likhzdpxhxyagghv0ykpw98wjdrquuqdacll/yr ", "vary" "origin, access control request method, access control request headers", "x correlation id" "43djqknafeo9a", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "keyset" \[], "keylabels" \[], "ranges" \[], "regulartimespan" "week" } } ] post ip ports find find ports endpoint url api/ip ports/find method post input argument name type required description filter object optional parameter for post ip ports find detectedopen string optional parameter for post ip ports find published string optional parameter for post ip ports find severities array optional parameter for post ip ports find alerted boolean optional parameter for post ip ports find ipaddress string optional parameter for post ip ports find iprange object optional parameter for post ip ports find loweraddress string optional parameter for post ip ports find upperaddress string optional parameter for post ip ports find maskbits number optional parameter for post ip ports find domainname string optional name of the resource markedclosed boolean optional parameter for post ip ports find detectedclosed boolean optional parameter for post ip ports find portnumbers array optional parameter for post ip ports find incidenttypes array optional unique identifier type string optional type of the resource subtypes array optional type of the resource sort object optional parameter for post ip ports find property string optional parameter for post ip ports find direction string optional parameter for post ip ports find pagination object optional parameter for post ip ports find size number optional parameter for post ip ports find offset number optional parameter for post ip ports find containingid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase content array response content file name string name of the resource file string output field file currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 13 13 59 gmt", "content type" "application/json;charset=utf 8", "content length" "306", "connection" "keep alive", "set cookie" "awsalb=1uy7zgeeqgguakpn7piiufj27dscrfxejfarijgdqp387hbpeetbmcu4ny3i45spuwnccvhw9 ", "vary" "origin, access control request method, access control request headers", "x correlation id" "8c3busb4mjucg", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 0 } } ] post ip ports reviews by id snapshot the review status of a port inspection endpoint url api/ip ports/{id}/reviews method post input argument name type required description id number optional unique identifier incident object optional unique identifier id number optional unique identifier scope string optional parameter for post ip ports reviews by id status string optional status value version number optional parameter for post ip ports reviews by id post risk detection pipeline counts the reporting pipeline provides data to support the pipeline graphic on the home page of the searchlight portal endpoint url api/risk detection pipeline/counts method post input argument name type required description visible array optional parameter for post risk detection pipeline counts filter object optional parameter for post risk detection pipeline counts timerange string optional parameter for post risk detection pipeline counts classifications array optional parameter for post risk detection pipeline counts triagestates array optional parameter for post risk detection pipeline counts output parameter type description status code number http status code of the response reason string response reason phrase coveragecounts object output field coveragecounts documentscount number count value technicalsourcescount number count value darkwebcount number count value surfacewebcount number count value footprintcounts object output field footprintcounts documentscount number count value technicalsourcescount number count value darkwebcount number count value surfacewebcount number count value alertandincidentcounts object unique identifier documentscount number count value technicalsourcescount number count value darkwebcount number count value surfacewebcount number count value rangestart string output field rangestart calculatedrangestart string output field calculatedrangestart calculatedrangeend string output field calculatedrangeend example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 14 aug 2023 09 13 04 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "awsalb=pvlak1ltour5uyqgvhm4mxh7klx/70t4w/i3msehslm67snwhxzjpgorua3gqn8mpogewnpga ", "vary" "accept encoding, origin, access control request method, access control request h ", "x correlation id" "ett21o2mrvv52", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "59", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "coveragecounts" {}, "footprintcounts" {}, "alertandincidentcounts" {}, "rangestart" "2020 09 24t16 00 00z", "calculatedrangestart" "2023 08 14t00 00 00z", "calculatedrangeend" "2023 08 14t23 59 59 999z" } } ] post search find perform a general search against incidents, threats closed sources, etc endpoint url api/search/find method post input argument name type required description filter object optional parameter for post search find tags array optional parameter for post search find id number optional unique identifier name string optional name of the resource type string optional type of the resource threat object optional parameter for post search find id number optional unique identifier parent object optional parameter for post search find id number optional unique identifier domain string optional parameter for post search find created string optional parameter for post search find types array optional type of the resource daterange string optional parameter for post search find incidenttypes array optional unique identifier incidentsubtypes array optional unique identifier incidentseverities array optional unique identifier webpagenetworks array optional parameter for post search find forumpostnetworks array optional parameter for post search find marketplacelistingnetworks array optional parameter for post search find marketplaces array optional parameter for post search find chatservers array optional parameter for post search find chatchannels array optional parameter for post search find threatleveltypes array optional type of the resource webpagesitecategories array optional parameter for post search find forumpostsitecategories array optional parameter for post search find output parameter type description status code number http status code of the response reason string response reason phrase content array response content file name string name of the resource file string output field file total number output field total verdict string output field verdict example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 14 aug 2023 08 47 20 gmt", "content type" "application/json;charset=utf 8", "content length" "136", "connection" "keep alive", "set cookie" "awsalb=ywrdtkqzmc0k6swju30j6ov5lemluia7snwsaeljg2ap/bioh3wejhjb5lnyogknzc/x3owsu ", "vary" "origin, access control request method, access control request headers", "x correlation id" "bnb97jstlg9vh", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit default limit" "60", "x ratelimit default remaining" "60", "x ratelimit default period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "content" \[], "total" 0 } } ] post secure socket find find secure sockets endpoint url api/secure socket/find method post input argument name type required description filter object optional parameter for post secure socket find domain string optional parameter for post secure socket find published string optional parameter for post secure socket find detected string optional parameter for post secure socket find expiry string optional parameter for post secure socket find iprange object optional parameter for post secure socket find loweraddress string optional parameter for post secure socket find upperaddress string optional parameter for post secure socket find maskbits number optional parameter for post secure socket find ipaddress string optional parameter for post secure socket find revoked boolean optional parameter for post secure socket find grade string optional parameter for post secure socket find grades array optional parameter for post secure socket find issues array optional parameter for post secure socket find determinedresolved boolean optional parameter for post secure socket find markedclosed boolean optional parameter for post secure socket find severities array optional parameter for post secure socket find statuses array optional status value alerted boolean optional parameter for post secure socket find incidenttypes array optional unique identifier type string optional type of the resource subtypes array optional type of the resource sort object optional parameter for post secure socket find property string optional parameter for post secure socket find direction string optional parameter for post secure socket find output parameter type description status code number http status code of the response reason string response reason phrase content array response content file name string name of the resource file string output field file currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 10 41 48 gmt", "content type" "application/json;charset=utf 8", "content length" "187", "connection" "keep alive", "set cookie" "awsalb=rkcl1g5fpjrmndcj2ajky8uid2khb8yyckbw+6jgwpkio8ec3jtyxe1itb4wfztcexs9ncuir ", "vary" "origin, access control request method, access control request headers", "x correlation id" "f12le5n9k2mps", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 0 } } ] post vulnerability find find vulnerabilities endpoint url api/vulnerability/find method post input argument name type required description filter object optional parameter for post vulnerability find detected string optional parameter for post vulnerability find published string optional parameter for post vulnerability find severities array optional parameter for post vulnerability find alerted boolean optional parameter for post vulnerability find iprange object optional parameter for post vulnerability find loweraddress string optional parameter for post vulnerability find upperaddress string optional parameter for post vulnerability find maskbits number optional parameter for post vulnerability find ipaddress string optional parameter for post vulnerability find domainname string optional name of the resource cveidentifiers array optional unique identifier markedclosed boolean optional parameter for post vulnerability find detectedclosed boolean optional parameter for post vulnerability find incidenttypes array optional unique identifier type string optional type of the resource subtypes array optional type of the resource sort object optional parameter for post vulnerability find property string optional parameter for post vulnerability find direction string optional parameter for post vulnerability find pagination object optional parameter for post vulnerability find size number optional parameter for post vulnerability find offset number optional parameter for post vulnerability find containingid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase content array response content file name string name of the resource file string output field file currentpage object output field currentpage offset number output field offset size number output field size total number output field total example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 11 aug 2023 10 54 24 gmt", "content type" "application/json;charset=utf 8", "content length" "302", "connection" "keep alive", "set cookie" "awsalb=md0ptp8qfv/if/wevr1fzmni6rwtfxgbhvdrqmm+k6nlbcbmvaakg5xmo6y1qiplb3e9efha8 ", "vary" "origin, access control request method, access control request headers", "x correlation id" "7ihlf53rdje9o", "cache control" "no cache, no store, must revalidate", "expires" "thu, 01 jan 1970 00 00 00 gmt", "pragma" "no cache", "x ratelimit limit" "60", "x ratelimit remaining" "60", "x ratelimit period" "60", "strict transport security" "max age=31536000 ; includesubdomains" }, "reason" "", "json body" { "content" \[], "currentpage" {}, "total" 0 } } ] response headers header description example cache control directives for caching mechanisms no cache, no store, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 190 content type the media type of the resource application/json date the date and time at which the message was originated fri, 11 aug 2023 09 15 56 gmt expires the date/time after which the response is considered stale thu, 01 jan 1970 00 00 00 gmt pragma http response header pragma no cache referrer policy http response header referrer policy origin,strict origin, origin,strict origin server information about the software used by the origin server nginx set cookie http response header set cookie awsalb=pjvalli/cvyzad+g+gr2npklaixcifbpm6f0xrganqc8egyjsldkimevno620v8nn/8rlllf6zqdobmx4hqjxnhwyiw4cybun9bp9vz7b+/09x156st/yhgx9fi3; expires=thu, 17 aug 2023 17 18 04 gmt; path=/, awsalbcors=pjvalli/cvyzad+g+gr2npklaixcifbpm6f0xrganqc8egyjsldkimevno620v8nn/8rlllf6zqdobmx4hqjxnhwyiw4cybun9bp9vz7b+/09x156st/yhgx9fi3; expires=thu, 17 aug 2023 17 18 04 gmt; path=/; samesite=none; secure strict transport security http response header strict transport security max age=31536000 ; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers x content type options http response header x content type options nosniff x correlation id a unique identifier for correlating requests 165ajmb6p6dsm x ratelimit default limit http response header x ratelimit default limit 60 x ratelimit default period http response header x ratelimit default period 60 x ratelimit default remaining http response header x ratelimit default remaining 60 x ratelimit limit the number of requests allowed in the current rate limit window 240 x ratelimit period http response header x ratelimit period 60 x ratelimit remaining the number of requests remaining in the current rate limit window 239 x ratelimit reset the time at which the current rate limit window resets 1691738280 x xss protection http response header x xss protection 1; mode=block notes search action requires query type to filter data by malicious score and set verdict the documentation is only available on the digital shadows box itself under learning > api documentation