Digital Shadows

the searchlight api enables applications to integrate with the digital shadows searchlight platform asset information the asset requires a url, api key as username, api secret as password for authentication capabilities this connector provides the following capabilities data breaches incidents indicators ip ports ssl/tls vulnerabilities reporting search tags notes search action requires query type to filter data by malicious score and set verdict the documentation is only available on the digital shadows box itself under learning > api documentation configurations digital shadows http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username api key as username string required password api secret as password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get data breach by id retrieve a data breach by its id endpoint url api/data breach/{{id}} method get input argument name type required description path parameters id number required parameters for the get data breach by id action input example {"path parameters" {"id" 287732637809}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier title string output field title occurred string output field occurred modified string output field modified incident object unique identifier incident id number unique identifier incident scope string unique identifier incident type string unique identifier incident severity string unique identifier incident title string unique identifier incident closedsource boolean unique identifier externalsource boolean output field externalsource dataclasses array response data domaincount number count value recordcount number count value sourceurl string url endpoint for the request output example {"status code" 200,"response headers" {"server" "nginx","date" "thu, 10 aug 2023 17 09 47 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=qnzmrlbfskbxdgjgog/zniuj11dnpozetrk3pouukwxufztviakury+h1i6dxnmugji7zou1s ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "396gonjbaqrtu","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get data breach record by id retrieve a data breach by its id endpoint url api/data breach record/{{id}}/reviews method get input argument name type required description path parameters id number required parameters for the get data breach record by id action input example {"path parameters" {"id" 287732637809}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"server" "nginx","date" "thu, 10 aug 2023 16 52 05 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=ndi1u9siirxifnnbbbhfmdhbjknkmyl/duz6a60tb+lswhb7r5gz35swdyiu8oqvsmhpdt1zl ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "5eod3sn9tfavk","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get data breach summary summary of all data breaches for the current client not supported by the exposed credential alert endpoint url api/data breach summary method get input argument name type required description parameters published string optional parameters for the get data breach summary action input example {"parameters" {"published" "today"}} output parameter type description status code number http status code of the response reason string response reason phrase totalbreaches number output field totalbreaches totalusernames number name of the resource usernamesperdomain array name of the resource usernamesperdomain file name string name of the resource usernamesperdomain file string name of the resource breachesperdomain array output field breachesperdomain breachesperdomain file name string name of the resource breachesperdomain file string output field breachesperdomain file output example {"status code" 200,"response headers" {"server" "nginx","date" "thu, 10 aug 2023 16 32 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=q8htdo0miyq5rw87geowgpnqfqcmocp9jianhtxgf3qwp2ca9vxtzdq3k7ddn1ltidmj87sdl ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "165ajmb6p6dsm","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get incident by id retrieve an incident by its id endpoint url api/incidents/{{id}} method get input argument name type required description path parameters id number required parameters for the get incident by id action input example {"path parameters" {"id" 138538846}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier scope string output field scope type string type of the resource subtype string type of the resource severity string output field severity title string output field title published string output field published closedsource boolean output field closedsource modified string output field modified occurred string output field occurred verified string output field verified tags array output field tags tags id number unique identifier tags name string name of the resource tags type string type of the resource version number output field version score number score value entitysummary object output field entitysummary entitysummary source string output field entitysummary source entitysummary domain string output field entitysummary domain entitysummary sourcedate string date value entitysummary screenshot object output field entitysummary screenshot entitysummary screenshot id string unique identifier output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 06 55 11 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=0l4xsto19htaekcwniqwe6jygafi0evdneurx6pd17r/2oxynfgujhtlt+9687rqrz6oeqatw\ ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "83kcmod6d4k91","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get incident cef by event retrieve client incidents for current client in cef format endpoint url api/incident cef events method get input argument name type required description parameters starttime string optional parameters for the get incident cef by event action parameters maxresults number optional parameters for the get incident cef by event action parameters eventtype string optional parameters for the get incident cef by event action input example {"parameters" {"starttime" "today","maxresults" 50,"eventtype" "ca101070 6b2c 48ed ae27 7f629ebbfc4f"}} output parameter type description status code number http status code of the response reason string response reason phrase format string output field format version string output field version timestamp string output field timestamp count number count value events array output field events links array output field links links rel string output field links rel links href string output field links href output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 09 44 27 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=938wrruh7/zomvsqyuvdcvjyda5muuki6vr0o5gq6f81ixzen8rucqxubimtypavfsdzjppgp ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "b9sf50a7l77qv","cache control" "no cache, no store, must revalidate","expires" "thu, 01 j get find incident find incidents endpoint url api/incidents/find method get input argument name type required description parameters since string optional parameters for the get find incident action parameters sort property string optional parameters for the get find incident action parameters sort direction string optional parameters for the get find incident action parameters detailed boolean optional parameters for the get find incident action headers object optional http headers for the request headers content type string optional http headers for the request headers accept string optional http headers for the request input example {"parameters" {"since" "2023 07 31t22 24 23 221z","sort property" "published","sort direction" "descending","detailed"\ true},"headers" {"content type" "application/vnd polaris v47+json","accept" "application/vnd polaris v47+json"}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content id number unique identifier content scope string response content content type string type of the resource content subtype string type of the resource content severity string response content content title string response content content published string response content content closedsource boolean response content content modified string response content content occurred string response content content verified string response content content tags array response content content tags id number unique identifier content tags name string name of the resource content tags type string type of the resource content version number response content content score number response content content entitysummary object response content content entitysummary source string response content content entitysummary domain string response content content entitysummary sourcedate string response content content entitysummary screenshot object response content output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 07 26 54 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=o+m2mjlexki7iagehidjvkizxq72unft6l+w5m0utsj7pvcq+unh2cermzzoeq35hwxubweaa ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "4gqvgegice4lr","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get incident find triage by id retrieve the triage item id for an incident id endpoint url api/incidents/{{id}}/find triage item id method get input argument name type required description path parameters id number required parameters for the get incident find triage by id action input example {"path parameters" {"id" 138538846}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 07 01 29 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=bmhslaxb5fatd6n8ghbskasmji+mjequbk8cknmevjmb8aavpiryk4piqxx21xhdmhfma3vp3 ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "ei0aliut27dp5","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get incident reviews by id retrieve all review updates for a given incident endpoint url api/incidents/{{id}}/reviews method get input argument name type required description path parameters id number optional parameters for the get incident reviews by id action input example {"path parameters" {"id" 138538846}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 07 05 11 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=tx/nbe+kton2o9ezglesi3fv2fszn5e9m/cvm0u2zkudqk7sktzgtzczgrfcjovfnohoqebfl ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "ef0q1ks39v44r","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get ip ports reviews by id retrieve all review updates for a given port inspection endpoint url api/ip ports/{{id}}/reviews method get input argument name type required description path parameters id number optional parameters for the get ip ports reviews by id action parameters incidentid number required parameters for the get ip ports reviews by id action input example {"parameters" {"incidentid" 136492687},"path parameters" {"id" 126096551}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 13 27 26 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=37qkpmmhnxaw5tjdleq1e8pqjkceydbhnfve+lgmbbn2dnlt8frl4tsqkwbacpubvq1pymahq ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "4b5iurvaelcju","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 get tags batch batch retrieve specific tags by their id endpoint url api/tags/batch method get input argument name type required description parameters id number required parameters for the get tags batch action parameters detailed boolean optional parameters for the get tags batch action input example {"parameters" {"id" 126096551,"detailed"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 14 aug 2023 09 05 09 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=5syw3b6yhnmm05v5n9cwiufzbydvrw/d/tb6bc+hqv8txbeu9mx/elzejdgevnwlm8wclucdk ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "2jtn99or00bh3","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 post data breach by find find data breaches endpoint url api/data breach/find method post input argument name type required description filter object optional parameter for post data breach by find filter published string optional parameter for post data breach by find filter username string optional name of the resource filter domainnamesonrecords array optional name of the resource filter severities array optional parameter for post data breach by find filter statuses array optional status value filter alerted boolean optional parameter for post data breach by find filter minimumtotalrecords number optional parameter for post data breach by find filter repostedcredentials array optional parameter for post data breach by find sort object optional parameter for post data breach by find sort property string optional parameter for post data breach by find sort direction string optional parameter for post data breach by find pagination object optional parameter for post data breach by find pagination size number optional parameter for post data breach by find pagination offset number optional parameter for post data breach by find pagination containingid string optional unique identifier input example {"json body" {"filter" {"published" "today","username" "05\@chloe com","domainnamesonrecords" \["example"],"severities" \["very high"],"statuses" \["unread"],"alerted"\ false,"minimumtotalrecords" 20,"repostedcredentials" \["original"]},"sort" {"property" "domainname","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content id number unique identifier content title string response content content occurred string response content content modified string response content content published string response content content incident object unique identifier content incident id number unique identifier content incident scope string unique identifier content incident type string unique identifier content incident severity string unique identifier content incident title string unique identifier content incident closedsource boolean unique identifier content externalsource boolean response content content domaincount number response content content recordcount number response content content sourceurl string url endpoint for the request content organisationusernamecount number name of the resource currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 14 aug 2023 09 48 45 gmt","content type" "application/json;charset=utf 8","content length" "190","connection" "keep alive","set cookie" "awsalb=+/dca5v+lxhm7py31rx0wwefjjevp9atfmybu/itp5fursxbiwd39/2qzd1caspwsxcmsyara ","vary" "origin, access control request method, access control request headers","x correlation id" "ckbbobgvhte6n","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 00 gmt" post data breach by id find data breach records endpoint url api/data breach/{{id}}/records method post input argument name type required description path parameters id number required parameters for the post data breach by id action filter object optional parameter for post data breach by id filter published string optional parameter for post data breach by id filter distinction string optional parameter for post data breach by id filter username string optional name of the resource filter password string optional parameter for post data breach by id filter domainname string optional name of the resource filter domainnames array optional name of the resource filter reviewstatuses array optional status value sort object optional parameter for post data breach by id sort property string optional parameter for post data breach by id sort direction string optional parameter for post data breach by id pagination object optional parameter for post data breach by id pagination size number optional parameter for post data breach by id pagination offset number optional parameter for post data breach by id pagination containingid string optional unique identifier input example {"json body" {"filter" {"published" "today","distinction" "new username","username" "05\@chloe com","password" "$2y$10$es2kjfnshr6e6l8qjbn22eqks03dudz/b238qgjfdptf7ro1kvhbw","domainname" "example","domainnames" \["example com"],"reviewstatuses" \["closed"]},"sort" {"property" "username","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}},"path parameters" {"id" 126096551}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content file name string name of the resource content file string response content currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "thu, 10 aug 2023 17 18 04 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=pjvalli/cvyzad+g+gr2npklaixcifbpm6f0xrganqc8egyjsldkimevno620v8nn/8rlllf6 ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "ch0a8juucc5bj","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 post data breach record by find find data breach records endpoint url api/data breach record/find method post input argument name type required description filter object optional parameter for post data breach record by find filter published string optional parameter for post data breach record by find filter distinction string optional parameter for post data breach record by find filter username string optional name of the resource filter password string optional parameter for post data breach record by find filter domainname string optional name of the resource filter domainnames array optional name of the resource filter reviewstatuses array optional status value sort object optional parameter for post data breach record by find sort property string optional parameter for post data breach record by find sort direction string optional parameter for post data breach record by find pagination object optional parameter for post data breach record by find pagination size number optional parameter for post data breach record by find pagination offset number optional parameter for post data breach record by find pagination containingid string optional unique identifier input example {"json body" {"filter" {"published" "today","distinction" "new username","username" "05\@chloe com","password" "$2y$10$es2kjfnshr6e6l8qjbn22eqks03dudz/b238qgjfdptf7ro1kvhbw","domainname" "example","domainnames" \["example com"],"reviewstatuses" \["closed"]},"sort" {"property" "username","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content file name string name of the resource content file string response content currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "thu, 10 aug 2023 16 36 45 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=wk6v3ztow9gwckacqfckx/9o7sktfg8stl9cj5kmsmn+yrsons/dsstosmjlxeypieaeobe5q ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "e7rnj1kis42s4","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 post data breach record by id snapshot the review status of an data breach record endpoint url api/data breach record/{{id}}/reviews method post input argument name type required description path parameters id number required parameters for the post data breach record by id action note string optional parameter for post data breach record by id status string optional status value version number optional parameter for post data breach record by id input example {"json body" {"note" "optional textual note to include with this status change","status" "closed","version" 1},"path parameters" {"id" 287732637809}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {"server" "nginx","date" "thu, 10 aug 2023 14 43 40 gmt","connection" "keep alive","set cookie" "awsalb=8zid+pxoh8e7iitgzrxqhbabkgebclnos/zq4vrcltgg4fgd1w/l+mlylz5l7qhzn//zejnt/ ","vary" "origin, access control request method, access control request headers","x correlation id" "dddhmc4k09cp","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 00 gmt","pragma" "no cache","x ratelimit limit" "240","x ratelimit remaining" " post data breach username by find find unique usernames found across all data breaches endpoint url api/data breach usernames/find method post input argument name type required description filter object optional parameter for post data breach username by find filter published string optional parameter for post data breach username by find filter domainnames array optional name of the resource filter username string optional name of the resource filter reviewstatuses array optional status value sort object optional parameter for post data breach username by find sort property string optional parameter for post data breach username by find sort direction string optional parameter for post data breach username by find pagination object optional parameter for post data breach username by find pagination size number optional parameter for post data breach username by find pagination offset number optional parameter for post data breach username by find pagination containingid string optional unique identifier input example {"json body" {"filter" {"published" "today","domainnames" \["example com"],"username" "example","reviewstatuses" \["closed"]},"sort" {"property" "username","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content file name string name of the resource content file string response content currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "thu, 10 aug 2023 16 29 10 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=u1revgt5utv9lq4riujt0oo5or1xvovndyycjamunhecsx4g+xnnn4pmjxuijslpw+95r4vtq ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "3l2l1de5po5sk","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 post find indicators retrieve indicators based on the criteria specified in the view object posted endpoint url api/indicators/find method post input argument name type required description headers object optional http headers for the request headers content type string optional http headers for the request headers accept string optional http headers for the request filter object optional parameter for post find indicators filter ids array optional unique identifier filter indicatorids array optional unique identifier filter types array optional type of the resource filter value string optional value for the parameter filter actorthreats array optional parameter for post find indicators filter actorthreats id number optional unique identifier filter malwarethreats array optional parameter for post find indicators filter malwarethreats id number optional unique identifier filter attributiontags array optional parameter for post find indicators filter attributiontags id number optional unique identifier filter malwareattributions array optional parameter for post find indicators filter malwareattributions id number optional unique identifier filter lastupdated string optional parameter for post find indicators filter sourcetype string optional type of the resource filter sourceidentifier string optional unique identifier filter externalids array optional unique identifier sort object optional parameter for post find indicators sort property string optional parameter for post find indicators sort direction string optional parameter for post find indicators pagination object optional parameter for post find indicators pagination size number optional parameter for post find indicators input example {"json body" {"filter" {"ids" \[3245578877],"indicatorids" \[43567],"types" \["url"],"value" "http //zzepms com/askinstall52 exe","actorthreats" \[{"id" 2323566775}],"malwarethreats" \[{"id" 3257889966}],"attributiontags" \[{"id" 2345536778}],"malwareattributions" \[{"id" 3466267887}],"lastupdated" "2021 06 21t00 04 17 000z","sourcetype" "urlhaus","sourceidentifier" "https //urlhaus abuse ch/url/1385034/","externalids" \[8456]},"sort" {"property" "domainname","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}},"headers" {"content type" "application/vnd polaris v47+json","accept" "application/vnd polaris v47+json"}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content id string unique identifier content type string type of the resource content value string value for the parameter content sourceidentifier string unique identifier content sourcetype string type of the resource content lastupdated string response content content attributiontag object response content content attributiontag id number unique identifier content attributiontag name string name of the resource content attributiontag type string type of the resource currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 08 14 52 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=wvfkb0/nkrzc1czp8h7xlozzmdl17bjkfedf1japbpure1rmtegyrptvy+yy97gbwgflb0ltw\ ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "grn0mekeou7k","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 0 post find incident find incidents endpoint url api/incidents/find method post input argument name type required description headers object optional http headers for the request headers content type string optional http headers for the request headers accept string optional http headers for the request filter object optional parameter for post find incident filter identifier number optional unique identifier filter severities array optional parameter for post find incident filter tags array optional parameter for post find incident filter tags id number optional unique identifier filter tags name string optional name of the resource filter tags type string optional type of the resource filter tags threat object optional parameter for post find incident filter tags threat id number optional unique identifier filter tags parent object optional parameter for post find incident filter tags parent id number optional unique identifier filter tags domain string optional parameter for post find incident filter tags created string optional parameter for post find incident filter tagoperator string optional parameter for post find incident filter daterange string optional parameter for post find incident filter daterangefield string optional parameter for post find incident filter incidenttypes array optional unique identifier filter incidenttaggedtypes array optional unique identifier filter incidenttaggedtypes id number optional unique identifier filter incidenttaggedtypes name string optional unique identifier filter incidenttaggedtypes type string optional unique identifier filter incidenttaggedtypes threat object optional unique identifier input example {"json body" {"filter" {"identifier" 138536302,"severities" \["very high"],"tags" \[{"id" 332,"name" "phishing attempt","type" "brand protection","threat" {"id" 138475352},"parent" {"id" 138534893},"domain" "roghtmove uk","created" "2023 08 03t04 45 50 892z"}],"tagoperator" "new","daterange" "2023 08 02t20 35 06 655z","daterangefield" "last","incidenttypes" \["new"],"incidenttaggedtypes" \[{"id" 138463718,"name" "phishing attempt","type" "brand protection","threat" {"id" 138448482},"parent" {"id" 138448482},"domain" "roghtmove uk","created" "2023 08 03t04 45 50 892z"}],"types" \[{"type" "impersonating domain","subtypes" \["phishing attempt"]}],"domainname" "example","domainselection" "roghtmove uk","dateperiod" "todays","from" "2023 08 03t04 45 50 892z","until" "2023 08 03t04 45 50 892z","alerted"\ false,"withtakedown"\ false,"withouttakedown"\ false,"withcontentremoved"\ false,"withoutcontentremoved"\ false,"statuses" \["unread"],"repostedcredentials" \["example"]},"sort" {"property" "domainname","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"},"subscribed"\ false,"subscribedonly"\ false},"headers" {"content type" "application/vnd polaris v47+json","accept" "application/vnd polaris v47+json"}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content id number unique identifier content scope string response content content type string type of the resource content subtype string type of the resource content severity string response content content title string response content content published string response content content closedsource boolean response content content modified string response content content occurred string response content content verified string response content content tags array response content content tags id number unique identifier content tags name string name of the resource content tags type string type of the resource content version number response content content score number response content content entitysummary object response content content entitysummary source string response content content entitysummary domain string response content content entitysummary sourcedate string response content content entitysummary screenshot object response content output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 08 14 52 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=wvfkb0/nkrzc1czp8h7xlozzmdl17bjkfedf1japbpure1rmtegyrptvy+yy97gbwgflb0ltw\ ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "grn0mekeou7k","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 0 post incident pipeline retrieve the incident pipeline data, providing an overview of the curation process used to extract incidents endpoint url api/incidents/pipeline method post input argument name type required description filter object optional parameter for post incident pipeline filter daterange string optional parameter for post incident pipeline input example {"json body" {"filter" {"daterange" "today"}}} output parameter type description status code number http status code of the response reason string response reason phrase from string output field from until string output field until stages array output field stages stages type string type of the resource stages counts array output field stages counts stages counts type string type of the resource stages counts current number output field stages counts current stages counts previous number output field stages counts previous output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 09 15 56 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=v8zxa3viwvijwnjsn9vrxjzbl5q+ej5f5v4drv5qbb3hut7inydhkd3+h+hpeoendcgjlgb4j ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "393b1dacc0bln","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 post incident reviews by id snapshot the review status of an incident endpoint url api/incidents/{{id}}/reviews method post input argument name type required description path parameters id number required parameters for the post incident reviews by id action note string optional parameter for post incident reviews by id status string optional status value version number optional parameter for post incident reviews by id input example {"json body" {"note" "optional textual note to include with this status change","status" "closed","version" 2},"path parameters" {"id" 287732637809}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier version number output field version output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 07 17 50 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=vvl9bkvv8vjvcqr4ob2bsfhgg4b4afdi52irmdq5wqgr6r66+iugwbrk98htqu/dotmlkglra ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "296lunfbf8h14","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 post incident summary aggregated summary of incident information used to generate reports/statistics endpoint url api/incidents/summary method post input argument name type required description filter object optional parameter for post incident summary filter identifier number optional unique identifier filter severities array optional parameter for post incident summary filter tags array optional parameter for post incident summary filter tags id number optional unique identifier filter tags name string optional name of the resource filter tags type string optional type of the resource filter tags threat object optional parameter for post incident summary filter tags threat id number optional unique identifier filter tags parent object optional parameter for post incident summary filter tags parent id number optional unique identifier filter tags domain string optional parameter for post incident summary filter tags created string optional parameter for post incident summary filter tagoperator string optional parameter for post incident summary filter daterange string optional parameter for post incident summary filter daterangefield string optional parameter for post incident summary filter incidenttypes array optional unique identifier filter incidenttaggedtypes array optional unique identifier filter incidenttaggedtypes id number optional unique identifier filter incidenttaggedtypes name string optional unique identifier filter incidenttaggedtypes type string optional unique identifier filter incidenttaggedtypes threat object optional unique identifier filter incidenttaggedtypes threat id number optional unique identifier filter incidenttaggedtypes parent object optional unique identifier filter incidenttaggedtypes parent id number optional unique identifier input example {"json body" {"filter" {"identifier" 138538846,"severities" \["very high"],"tags" \[{"id" 138538846,"name" "example","type" "example","threat" {"id" 138538846},"parent" {"id" 138538846},"domain" "example","created" "2023 08 09t14 50 43 403z"}],"tagoperator" "example","daterange" "p13d","daterangefield" "sample","incidenttypes" \["new"],"incidenttaggedtypes" \[{"id" 138538846,"name" "digital","type" "shadows","threat" {"id" 238765129},"parent" {"id" 243126891},"domain" "example","created" "2023 08 09t14 50 43 403z"}],"types" \[{"type" "string","subtypes" \["string"]}],"domainname" "string","domainselection" "string","dateperiod" "string","from" "2023 08 09t14 50 43 403z","until" "2023 08 09t14 50 43 403z","alerted"\ false,"withtakedown"\ false,"withouttakedown"\ false,"withcontentremoved"\ false,"withoutcontentremoved"\ false,"statuses" \["unread"],"repostedcredentials" \["example"]},"sort" {"property" "domainname","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"},"groupbykey" "high","groupbykeys" \["low"],"temporalgrouping" {"type" "shadows","timespan" "new","mode" "high"}}} output parameter type description status code number http status code of the response reason string response reason phrase keyset array output field keyset keylabels array output field keylabels ranges array output field ranges ranges rangestart string output field ranges rangestart ranges rangeend string output field ranges rangeend ranges groupedincidentcounts array unique identifier ranges groupedincidentcounts file name string unique identifier ranges groupedincidentcounts file string unique identifier ranges total number output field ranges total regulartimespan string output field regulartimespan output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 09 36 59 gmt","content type" "application/json;charset=utf 8","content length" "136","connection" "keep alive","set cookie" "awsalb=+j1qhf/qnr/uv7c7qmznwyyfw4uaolso78likhzdpxhxyagghv0ykpw98wjdrquuqdacll/yr ","vary" "origin, access control request method, access control request headers","x correlation id" "43djqknafeo9a","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 00 gmt" post ip ports find find ports endpoint url api/ip ports/find method post input argument name type required description filter object optional parameter for post ip ports find filter detectedopen string optional parameter for post ip ports find filter published string optional parameter for post ip ports find filter severities array optional parameter for post ip ports find filter alerted boolean optional parameter for post ip ports find filter ipaddress string optional parameter for post ip ports find filter iprange object optional parameter for post ip ports find filter iprange loweraddress string optional parameter for post ip ports find filter iprange upperaddress string optional parameter for post ip ports find filter iprange maskbits number optional parameter for post ip ports find filter domainname string optional name of the resource filter markedclosed boolean optional parameter for post ip ports find filter detectedclosed boolean optional parameter for post ip ports find filter portnumbers array optional parameter for post ip ports find filter incidenttypes array optional unique identifier filter incidenttypes type string optional unique identifier filter incidenttypes subtypes array optional unique identifier sort object optional parameter for post ip ports find sort property string optional parameter for post ip ports find sort direction string optional parameter for post ip ports find pagination object optional parameter for post ip ports find pagination size number optional parameter for post ip ports find pagination offset number optional parameter for post ip ports find pagination containingid string optional unique identifier input example {"json body" {"filter" {"detectedopen" "example","published" "today","severities" \["very high"],"alerted"\ false,"ipaddress" "example123 2","iprange" {"loweraddress" "example","upperaddress" "example","maskbits" 50},"domainname" "example","markedclosed"\ false,"detectedclosed"\ false,"portnumbers" \[5600],"incidenttypes" \[{"type" "data leakage","subtypes" \["brand misuse"]}]},"sort" {"property" "ipaddress","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content file name string name of the resource content file string response content currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 13 13 59 gmt","content type" "application/json;charset=utf 8","content length" "306","connection" "keep alive","set cookie" "awsalb=1uy7zgeeqgguakpn7piiufj27dscrfxejfarijgdqp387hbpeetbmcu4ny3i45spuwnccvhw9 ","vary" "origin, access control request method, access control request headers","x correlation id" "8c3busb4mjucg","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 00 gmt" post ip ports reviews by id snapshot the review status of a port inspection endpoint url api/ip ports/{id}/reviews method post input argument name type required description path parameters id number optional parameters for the post ip ports reviews by id action incident object optional unique identifier incident id number optional unique identifier incident scope string optional unique identifier status string optional status value version number optional parameter for post ip ports reviews by id input example {"json body" {"incident" {"id" 136492687,"scope" "open"},"status" "new","version" 1},"path parameters" {"id" 126096551}} post risk detection pipeline counts the reporting pipeline provides data to support the pipeline graphic on the home page of the searchlight portal endpoint url api/risk detection pipeline/counts method post input argument name type required description visible array optional parameter for post risk detection pipeline counts filter object optional parameter for post risk detection pipeline counts filter timerange string optional parameter for post risk detection pipeline counts filter classifications array optional parameter for post risk detection pipeline counts filter triagestates array optional parameter for post risk detection pipeline counts input example {"json body" {"visible" \["new"],"filter" {"timerange" "2023 09 09t14 50 43 403z","classifications" \["incident"],"triagestates" \["unread"]}}} output parameter type description status code number http status code of the response reason string response reason phrase coveragecounts object output field coveragecounts coveragecounts documentscount number count value coveragecounts technicalsourcescount number count value coveragecounts darkwebcount number count value coveragecounts surfacewebcount number count value footprintcounts object output field footprintcounts footprintcounts documentscount number count value footprintcounts technicalsourcescount number count value footprintcounts darkwebcount number count value footprintcounts surfacewebcount number count value alertandincidentcounts object unique identifier alertandincidentcounts documentscount number unique identifier alertandincidentcounts technicalsourcescount number unique identifier alertandincidentcounts darkwebcount number unique identifier alertandincidentcounts surfacewebcount number unique identifier rangestart string output field rangestart calculatedrangestart string output field calculatedrangestart calculatedrangeend string output field calculatedrangeend output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 14 aug 2023 09 13 04 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","set cookie" "awsalb=pvlak1ltour5uyqgvhm4mxh7klx/70t4w/i3msehslm67snwhxzjpgorua3gqn8mpogewnpga ","vary" "accept encoding, origin, access control request method, access control request h ","x correlation id" "ett21o2mrvv52","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 post search find perform a general search against incidents, threats closed sources, etc endpoint url api/search/find method post input argument name type required description filter object optional parameter for post search find filter tags array optional parameter for post search find filter tags id number optional unique identifier filter tags name string optional name of the resource filter tags type string optional type of the resource filter tags threat object optional parameter for post search find filter tags threat id number optional unique identifier filter tags parent object optional parameter for post search find filter tags parent id number optional unique identifier filter tags domain string optional parameter for post search find filter tags created string optional parameter for post search find filter types array optional type of the resource filter daterange string optional parameter for post search find filter incidenttypes array optional unique identifier filter incidentsubtypes array optional unique identifier filter incidentseverities array optional unique identifier filter webpagenetworks array optional parameter for post search find filter forumpostnetworks array optional parameter for post search find filter marketplacelistingnetworks array optional parameter for post search find filter marketplaces array optional parameter for post search find filter chatservers array optional parameter for post search find filter chatchannels array optional parameter for post search find filter threatleveltypes array optional type of the resource filter webpagesitecategories array optional parameter for post search find filter forumpostsitecategories array optional parameter for post search find input example {"json body" {"filter" {"tags" \[{"id" 136492687,"name" "exampole","type" "0","threat" {"id" 238765129},"parent" {"id" 243126891},"domain" "0","created" "2023 08 09t14 50 43 403z"}],"types" \["blog post"],"daterange" "today","incidenttypes" \["data leakage"],"incidentsubtypes" \["credential compromise"],"incidentseverities" \["very high"],"webpagenetworks" \["internet"],"forumpostnetworks" \["internet"],"marketplacelistingnetworks" \["internet"],"marketplaces" \["alphabay"],"chatservers" \["chat message "],"chatchannels" \["chat message"],"threatleveltypes" \["very high"],"webpagesitecategories" \["activist"],"forumpostsitecategories" \["activist"],"blognames" \["blog post"],"dateperiod" "2023 09 09t14 50 43 403z","from" "2023 08 09t14 50 43 403z","until" "2023 08 09t14 50 43 403z"},"sort" {"property" "ipaddress","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"},"query" "www example com or 8 8 8 8 or 536b5bec4148f0d623f603c1ba0f0a3c","facets" \["results type filtered"]}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content file name string name of the resource content file string response content total number output field total verdict string output field verdict output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 14 aug 2023 08 47 20 gmt","content type" "application/json;charset=utf 8","content length" "136","connection" "keep alive","set cookie" "awsalb=ywrdtkqzmc0k6swju30j6ov5lemluia7snwsaeljg2ap/bioh3wejhjb5lnyogknzc/x3owsu ","vary" "origin, access control request method, access control request headers","x correlation id" "bnb97jstlg9vh","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 00 gmt" post secure socket find find secure sockets endpoint url api/secure socket/find method post input argument name type required description filter object optional parameter for post secure socket find filter domain string optional parameter for post secure socket find filter published string optional parameter for post secure socket find filter detected string optional parameter for post secure socket find filter expiry string optional parameter for post secure socket find filter iprange object optional parameter for post secure socket find filter iprange loweraddress string optional parameter for post secure socket find filter iprange upperaddress string optional parameter for post secure socket find filter iprange maskbits number optional parameter for post secure socket find filter ipaddress string optional parameter for post secure socket find filter revoked boolean optional parameter for post secure socket find filter grade string optional parameter for post secure socket find filter grades array optional parameter for post secure socket find filter issues array optional parameter for post secure socket find filter determinedresolved boolean optional parameter for post secure socket find filter markedclosed boolean optional parameter for post secure socket find filter severities array optional parameter for post secure socket find filter statuses array optional status value filter alerted boolean optional parameter for post secure socket find filter incidenttypes array optional unique identifier filter incidenttypes type string optional unique identifier filter incidenttypes subtypes array optional unique identifier sort object optional parameter for post secure socket find sort property string optional parameter for post secure socket find sort direction string optional parameter for post secure socket find input example {"json body" {"filter" {"domain" "example","published" "today","detected" "new","expiry" "last","iprange" {"loweraddress" "example","upperaddress" "example","maskbits" 123},"ipaddress" "example123 com","revoked"\ false,"grade" "a","grades" \["high"],"issues" \["new"],"determinedresolved"\ false,"markedclosed"\ false,"severities" \["very high"],"statuses" \["unread"],"alerted"\ false,"incidenttypes" \[{"type" "shadows","subtypes" \["example"]}]},"sort" {"property" "domainname","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content file name string name of the resource content file string response content currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 10 41 48 gmt","content type" "application/json;charset=utf 8","content length" "187","connection" "keep alive","set cookie" "awsalb=rkcl1g5fpjrmndcj2ajky8uid2khb8yyckbw+6jgwpkio8ec3jtyxe1itb4wfztcexs9ncuir ","vary" "origin, access control request method, access control request headers","x correlation id" "f12le5n9k2mps","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 00 gmt" post vulnerability find find vulnerabilities endpoint url api/vulnerability/find method post input argument name type required description filter object optional parameter for post vulnerability find filter detected string optional parameter for post vulnerability find filter published string optional parameter for post vulnerability find filter severities array optional parameter for post vulnerability find filter alerted boolean optional parameter for post vulnerability find filter iprange object optional parameter for post vulnerability find filter iprange loweraddress string optional parameter for post vulnerability find filter iprange upperaddress string optional parameter for post vulnerability find filter iprange maskbits number optional parameter for post vulnerability find filter ipaddress string optional parameter for post vulnerability find filter domainname string optional name of the resource filter cveidentifiers array optional unique identifier filter markedclosed boolean optional parameter for post vulnerability find filter detectedclosed boolean optional parameter for post vulnerability find filter incidenttypes array optional unique identifier filter incidenttypes type string optional unique identifier filter incidenttypes subtypes array optional unique identifier sort object optional parameter for post vulnerability find sort property string optional parameter for post vulnerability find sort direction string optional parameter for post vulnerability find pagination object optional parameter for post vulnerability find pagination size number optional parameter for post vulnerability find pagination offset number optional parameter for post vulnerability find pagination containingid string optional unique identifier input example {"json body" {"filter" {"detected" "example","published" "today","severities" \["very high"],"alerted"\ false,"iprange" {"loweraddress" "example com","upperaddress" "example com","maskbits" 23},"ipaddress" "example123","domainname" "new","cveidentifiers" \["example"],"markedclosed"\ false,"detectedclosed"\ false,"incidenttypes" \[{"type" "data leakage","subtypes" \["brand misuse"]}]},"sort" {"property" "ipaddress","direction" "ascending"},"pagination" {"size" 10,"offset" 20,"containingid" "?"}}} output parameter type description status code number http status code of the response reason string response reason phrase content array response content content file name string name of the resource content file string response content currentpage object output field currentpage currentpage offset number output field currentpage offset currentpage size number output field currentpage size total number output field total output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 11 aug 2023 10 54 24 gmt","content type" "application/json;charset=utf 8","content length" "302","connection" "keep alive","set cookie" "awsalb=md0ptp8qfv/if/wevr1fzmni6rwtfxgbhvdrqmm+k6nlbcbmvaakg5xmo6y1qiplb3e9efha8 ","vary" "origin, access control request method, access control request headers","x correlation id" "7ihlf53rdje9o","cache control" "no cache, no store, must revalidate","expires" "thu, 01 jan 1970 00 00 00 gmt" response headers header description example cache control directives for caching mechanisms no cache, no store, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 187 content type the media type of the resource application/json;charset=utf 8 date the date and time at which the message was originated fri, 11 aug 2023 07 01 29 gmt expires the date/time after which the response is considered stale thu, 01 jan 1970 00 00 00 gmt pragma http response header pragma no cache referrer policy http response header referrer policy origin,strict origin, origin,strict origin server information about the software used by the origin server nginx set cookie http response header set cookie awsalb=ndi1u9siirxifnnbbbhfmdhbjknkmyl/duz6a60tb+lswhb7r5gz35swdyiu8oqvsmhpdt1zlqho9tp+avahy+/xbnip6uqrjzgjdyi57hltdigpqzjhzybl4lqv; expires=thu, 17 aug 2023 16 52 04 gmt; path=/, awsalbcors=ndi1u9siirxifnnbbbhfmdhbjknkmyl/duz6a60tb+lswhb7r5gz35swdyiu8oqvsmhpdt1zlqho9tp+avahy+/xbnip6uqrjzgjdyi57hltdigpqzjhzybl4lqv; expires=thu, 17 aug 2023 16 52 04 gmt; path=/; samesite=none; secure strict transport security http response header strict transport security max age=31536000 ; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers x content type options http response header x content type options nosniff x correlation id a unique identifier for correlating requests 3l2l1de5po5sk x ratelimit default limit http response header x ratelimit default limit 60 x ratelimit default period http response header x ratelimit default period 60 x ratelimit default remaining http response header x ratelimit default remaining 60 x ratelimit limit the number of requests allowed in the current rate limit window 60 x ratelimit period http response header x ratelimit period 60 x ratelimit remaining the number of requests remaining in the current rate limit window 59 x ratelimit reset the time at which the current rate limit window resets 1691738280 x xss protection http response header x xss protection 1; mode=block