VMWare Lastline Network

the vmware lastline api offers cybersecurity, vulnerability detection, and network protection services the vmware lastline network api is accessible at https //user lastline com/papi/net/\<function> on premise customers should instead access this api on their lastline enterprise manager at https //user \<manager host name>/papi/net/\<function> an up to date version of this documentation can be browsed at https //user lastline com/papi doc/api/html/overview\ html prerequisites the vmware lastline api is a web based api to get started, you will need to request a set of credentials for accessing the api from lastline these credentials are a username and a password capabilities this plugin provides information on the following areas detected urls downloads incidents emails events configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get detected url stats get detected url stats endpoint url papi/net/url/stats method get input argument name type required description parameters start date string required parameters for the get detected url stats action parameters end date string required parameters for the get detected url stats action parameters timezone string optional parameters for the get detected url stats action parameters time scale string optional parameters for the get detected url stats action parameters key string optional parameters for the get detected url stats action parameters key id string optional parameters for the get detected url stats action parameters subkey id string optional parameters for the get detected url stats action parameters detected url id string optional parameters for the get detected url stats action parameters event id string optional parameters for the get detected url stats action parameters include not analyzed string optional parameters for the get detected url stats action parameters task uuid string optional parameters for the get detected url stats action parameters priority string optional parameters for the get detected url stats action parameters min score string optional parameters for the get detected url stats action parameters url string optional parameters for the get detected url stats action parameters md5 string optional parameters for the get detected url stats action parameters http host string optional parameters for the get detected url stats action parameters src ip string optional parameters for the get detected url stats action parameters dst ip string optional parameters for the get detected url stats action parameters homenet string optional parameters for the get detected url stats action parameters whitelisting string optional parameters for the get detected url stats action parameters analysis task typed tags string optional parameters for the get detected url stats action input example {"parameters" {"start date" "","end date" "","timezone" "","time scale" "","key" "","key id" "","subkey id" "","detected url id" "","event id" "","include not analyzed" "","task uuid" "","priority" "","min score" "","url" "","md5" "","http host" "","src ip" "","dst ip" "","homenet" "","whitelisting" "","analysis task typed tags" ""}} output parameter type description status code number http status code of the response reason string response reason phrase priority string output field priority start date string date value end date string date value total urls number url endpoint for the request distinct urls number url endpoint for the request output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"priority" "","start date" "","end date" "","total urls" 1,"distinct urls" 1}} get download log stats get download log stats endpoint url papi/net/file/download log stats method get input argument name type required description parameters start time string required parameters for the get download log stats action parameters end time string required parameters for the get download log stats action parameters timezone string optional parameters for the get download log stats action parameters key string optional parameters for the get download log stats action parameters key id string optional parameters for the get download log stats action parameters subkey id string optional parameters for the get download log stats action parameters application protocol string optional parameters for the get download log stats action parameters filetype string optional parameters for the get download log stats action parameters md5 string optional parameters for the get download log stats action parameters sha1 string optional parameters for the get download log stats action parameters src ip string optional parameters for the get download log stats action parameters dst ip string optional parameters for the get download log stats action parameters src host string optional parameters for the get download log stats action parameters dst host string optional parameters for the get download log stats action parameters direction string optional parameters for the get download log stats action parameters submitted string optional parameters for the get download log stats action parameters homenet string optional parameters for the get download log stats action parameters whitelisting string optional parameters for the get download log stats action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","application protocol" "","filetype" "","md5" "","sha1" "","src ip" "","dst ip" "","src host" "","dst host" "","direction" "","submitted" "","homenet" "","whitelisting" ""}} output parameter type description status code number http status code of the response reason string response reason phrase file category string output field file category start date string date value total files number output field total files distinct files number output field distinct files output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"file category" "","start date" "","total files" 1,"distinct files" 1}} get download logs get download logs endpoint url papi/net/file/download logs method get input argument name type required description parameters start time string required parameters for the get download logs action parameters end time string required parameters for the get download logs action parameters timezone string optional parameters for the get download logs action parameters key string optional parameters for the get download logs action parameters key id string optional parameters for the get download logs action parameters subkey id string optional parameters for the get download logs action parameters orderby string optional parameters for the get download logs action parameters max results string optional parameters for the get download logs action parameters offset results string optional parameters for the get download logs action parameters application protocol string optional parameters for the get download logs action parameters filetype string optional parameters for the get download logs action parameters md5 string optional parameters for the get download logs action parameters sha1 string optional parameters for the get download logs action parameters task uuid string optional parameters for the get download logs action parameters src ip string optional parameters for the get download logs action parameters dst ip string optional parameters for the get download logs action parameters src host string optional parameters for the get download logs action parameters dst host string optional parameters for the get download logs action parameters direction string optional parameters for the get download logs action parameters submitted string optional parameters for the get download logs action parameters homenet string optional parameters for the get download logs action parameters whitelisting string optional parameters for the get download logs action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","application protocol" "","filetype" "","md5" "","sha1" "","task uuid" "","src ip" "","dst ip" "","src host" "","dst host" "","direction" "","submitted" "","homenet" "","whitelisting" ""}} output parameter type description status code number http status code of the response reason string response reason phrase access key id string unique identifier subkey id string unique identifier time string time value file name string name of the resource file size string output field file size md5 string output field md5 sha1 string output field sha1 raw url string url endpoint for the request url string url endpoint for the request score string score value task uuid string unique identifier src host string output field src host src hostname string name of the resource src port string output field src port dst host string output field dst host dst port string output field dst port dst hostname string name of the resource application protocol string output field application protocol file upload status string status value output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"access key id" "","subkey id" "","time" "","file name" "","file size" "","md5" "","sha1" "","raw url" "","url" "","score" "","task uuid" "","src host" "","src hostname" "","src port" "","dst host" ""}} get download stats get download stats endpoint url papi/net/file/download stats method get input argument name type required description parameters start time string required parameters for the get download stats action parameters end time string required parameters for the get download stats action parameters timezone string optional parameters for the get download stats action parameters key string optional parameters for the get download stats action parameters key id string optional parameters for the get download stats action parameters subkey id string optional parameters for the get download stats action parameters include not uploaded string optional parameters for the get download stats action parameters application protocol string optional parameters for the get download stats action parameters md5 string optional parameters for the get download stats action parameters task uuid string optional parameters for the get download stats action parameters min score string optional parameters for the get download stats action parameters src ip string optional parameters for the get download stats action parameters dst ip string optional parameters for the get download stats action parameters http host string optional parameters for the get download stats action parameters homenet string optional parameters for the get download stats action parameters whitelisting string optional parameters for the get download stats action parameters analysis task typed tags string optional parameters for the get download stats action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","include not uploaded" "","application protocol" "","md5" "","task uuid" "","min score" "","src ip" "","dst ip" "","http host" "","homenet" "","whitelisting" "","analysis task typed tags" ""}} output parameter type description status code number http status code of the response reason string response reason phrase file category string output field file category start date string date value total files number output field total files distinct files number output field distinct files max score string score value output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"file category" "","start date" "","total files" 1,"distinct files" 1,"max score" ""}} get downloads get downloads endpoint url papi/net/file/downloads method get input argument name type required description parameters start time string required parameters for the get downloads action parameters end time string required parameters for the get downloads action parameters timezone string optional parameters for the get downloads action parameters key string optional parameters for the get downloads action parameters key id string optional parameters for the get downloads action parameters subkey id string optional parameters for the get downloads action parameters orderby string optional parameters for the get downloads action parameters max results string optional parameters for the get downloads action parameters offset results string optional parameters for the get downloads action parameters include not uploaded string optional parameters for the get downloads action parameters application protocol string optional parameters for the get downloads action parameters event id string optional parameters for the get downloads action parameters md5 string optional parameters for the get downloads action parameters task uuid string optional parameters for the get downloads action parameters min score string optional parameters for the get downloads action parameters filetype string optional parameters for the get downloads action parameters src ip string optional parameters for the get downloads action parameters src hostname string optional parameters for the get downloads action parameters dst ip string optional parameters for the get downloads action parameters http host string optional parameters for the get downloads action parameters homenet string optional parameters for the get downloads action parameters whitelisting string optional parameters for the get downloads action parameters analysis task typed tags string optional parameters for the get downloads action parameters include typed tags string optional parameters for the get downloads action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","include not uploaded" "","application protocol" "","event id" "","md5" "","task uuid" "","min score" "","filetype" "","src ip" "","src hostname" "","dst ip" "","http host" "","homenet" "","whitelisting" "","analysis task typed tags" "","include typed tags" ""}} output parameter type description status code number http status code of the response reason string response reason phrase access key id string unique identifier subkey id string unique identifier time string time value file name string name of the resource file size string output field file size md5 string output field md5 sha1 string output field sha1 file type string type of the resource extracted filename string name of the resource score string score value pending string output field pending task uuid string unique identifier event id string unique identifier src host string output field src host src hostname string name of the resource src port string output field src port dst host string output field dst host dst port string output field dst port relevant host ip string output field relevant host ip relevant host port string output field relevant host port relevant host hostname string name of the resource other host ip string output field other host ip other host port string output field other host port output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"access key id" "","subkey id" "","time" "","file name" "","file size" "","md5" "","sha1" "","file type" "","extracted filename" "","score" "","pending" "","task uuid" "","event id" "","src host" "","src hostname" " get event get event endpoint url papi/net/event/get method get input argument name type required description parameters timezone string optional parameters for the get event action parameters event id string optional parameters for the get event action parameters start time string optional parameters for the get event action parameters end time string optional parameters for the get event action input example {"parameters" {"timezone" "","event id" "","start time" "","end time" ""}} output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value transport string output field transport occurrences number output field occurrences blocked boolean output field blocked relevant host ip string output field relevant host ip other host ip string output field other host ip server port string output field server port relevant host hostname string name of the resource other host hostname string name of the resource src id string unique identifier host label string output field host label host whitelisted boolean output field host whitelisted src mac string output field src mac event type id string unique identifier event type string type of the resource threat string output field threat threat class string output field threat class impact string output field impact output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"event id" "","access key id" "","subkey id" "","time" "20130623t13 22 0500","start time" "23/01/2023","end time" "23/01/2023","transport" "","occurrences" 1,"blocked"\ true,"relevant host ip" "","other host ip" ""," get event attributes get event attributes endpoint url papi/net/event/attributes method get input argument name type required description parameters event id string required parameters for the get event attributes action parameters event time string required parameters for the get event attributes action parameters key string optional parameters for the get event attributes action parameters key id string optional parameters for the get event attributes action parameters subkey id string optional parameters for the get event attributes action parameters customer string optional parameters for the get event attributes action input example {"parameters" {"event id" "","event time" "","key" "","key id" "","subkey id" "","customer" ""}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource value string value for the parameter output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"name" "","value" ""}} get event blacklist match info get event blacklist match info endpoint url papi/net/event/blacklist match method get input argument name type required description parameters event id string required parameters for the get event blacklist match info action parameters event time string required parameters for the get event blacklist match info action parameters key string optional parameters for the get event blacklist match info action parameters key id string optional parameters for the get event blacklist match info action parameters subkey id string optional parameters for the get event blacklist match info action parameters customer string optional parameters for the get event blacklist match info action input example {"parameters" {"event id" "","event time" "","key" "","key id" "","subkey id" "","customer" ""}} output parameter type description status code number http status code of the response reason string response reason phrase domain string output field domain ip string output field ip url path string url endpoint for the request port string output field port is local blacklist string output field is local blacklist output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"domain" "","ip" "","url path" "","port" "","is local blacklist" ""}} get event evidence get event evidence endpoint url papi/net/event/evidence method get input argument name type required description parameters event id string required parameters for the get event evidence action parameters event time string required parameters for the get event evidence action parameters key string optional parameters for the get event evidence action parameters key id string optional parameters for the get event evidence action parameters subkey id string optional parameters for the get event evidence action parameters customer string optional parameters for the get event evidence action input example {"parameters" {"event id" "","event time" "","key" "","key id" "","subkey id" "","customer" ""}} output parameter type description status code number http status code of the response reason string response reason phrase threat string output field threat threat class string output field threat class confidence string unique identifier severity string output field severity impact string output field impact evidence type string unique identifier detector string output field detector activity string output field activity subject string output field subject signature id string unique identifier output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"threat" "","threat class" "","confidence" "","severity" "","impact" "","evidence type" "","detector" "","activity" "","subject" "","signature id" ""}} get event network iocs get event network iocs endpoint url papi/net/event/network iocs method get input argument name type required description parameters event id string required parameters for the get event network iocs action parameters event time string required parameters for the get event network iocs action parameters key string optional parameters for the get event network iocs action parameters key id string optional parameters for the get event network iocs action parameters subkey id string optional parameters for the get event network iocs action parameters customer string optional parameters for the get event network iocs action parameters limit number optional parameters for the get event network iocs action input example {"parameters" {"event id" "","event time" "","key" "","key id" "","subkey id" "","customer" "","limit" 1}} output parameter type description status code number http status code of the response reason string response reason phrase task uuid string unique identifier score string score value domain string output field domain ip string output field ip url path string url endpoint for the request port string output field port detector string output field detector threat string output field threat impact string output field impact output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"task uuid" "","score" "","domain" "","ip" "","url path" "","port" "","detector" "","threat" "","impact" ""}} get incident get incident endpoint url papi/net/incident/get method get input argument name type required description parameters incident id string required parameters for the get incident action parameters timezone string optional parameters for the get incident action input example {"parameters" {"incident id" "","timezone" ""}} output parameter type description status code number http status code of the response reason string response reason phrase incident id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value events number output field events src host string output field src host num src ips number output field num src ips src hostname string name of the resource blocked string output field blocked src id string unique identifier src label string output field src label host label string output field host label host whitelisted string output field host whitelisted threat string output field threat threat class string output field threat class impact string output field impact is archived string output field is archived is read string output field is read archived cause string output field archived cause comment string output field comment mitigation string output field mitigation output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"incident id" "","access key id" "","subkey id" "","time" "","start time" "","end time" "","events" 1,"src host" "","num src ips" 1,"src hostname" "","blocked" "","src id" "","src label" "","host label" "","host whi get incident evidence get incident evidence endpoint url papi/net/incident/evidence method get input argument name type required description parameters incident id string required parameters for the get incident evidence action parameters key string optional parameters for the get incident evidence action parameters key id string optional parameters for the get incident evidence action parameters subkey id string optional parameters for the get incident evidence action parameters customer string optional parameters for the get incident evidence action parameters timezone string optional parameters for the get incident evidence action parameters extended boolean optional parameters for the get incident evidence action input example {"parameters" {"incident id" "","key" "","key id" "","subkey id" "","customer" "","timezone" "","extended"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase threat string output field threat threat class string output field threat class confidence string unique identifier severity string output field severity impact string output field impact evidence type string unique identifier detector string output field detector activity string output field activity subject string output field subject first seen string output field first seen last seen string output field last seen reference type string type of the resource reference id string unique identifier reference time string time value reference event string output field reference event urls string url endpoint for the request blacklist match info string output field blacklist match info dga domains string output field dga domains dga domain count number count value download file type string type of the resource download file name string name of the resource llanta rule name string name of the resource detector goal string output field detector goal output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"threat" "","threat class" "","confidence" "","severity" "","impact" "","evidence type" "","detector" "","activity" "","subject" "","first seen" "","last seen" "","reference type" "","reference id" "","reference tim get incident stats get incident stats endpoint url papi/net/file/incident stats method get input argument name type required description parameters start date string required parameters for the get incident stats action parameters end date string required parameters for the get incident stats action parameters time scale string required parameters for the get incident stats action parameters timezone string optional parameters for the get incident stats action parameters key string optional parameters for the get incident stats action parameters key id string optional parameters for the get incident stats action parameters subkey id string optional parameters for the get incident stats action parameters group by impact string optional parameters for the get incident stats action parameters priority string optional parameters for the get incident stats action parameters threat class string optional parameters for the get incident stats action parameters threat string optional parameters for the get incident stats action parameters src id string optional parameters for the get incident stats action parameters src ip string optional parameters for the get incident stats action parameters src hostname string optional parameters for the get incident stats action parameters archived string optional parameters for the get incident stats action parameters read string optional parameters for the get incident stats action parameters whitelisting string optional parameters for the get incident stats action parameters homenet string optional parameters for the get incident stats action parameters breach uuid string optional parameters for the get incident stats action parameters host tag string optional parameters for the get incident stats action parameters incidents older than string optional parameters for the get incident stats action input example {"parameters" {"start date" "","end date" "","time scale" "","timezone" "","key" "","key id" "","subkey id" "","group by impact" "","priority" "","threat class" "","threat" "","src id" "","src ip" "","src hostname" "","archived" "","read" "","whitelisting" "","homenet" "","breach uuid" "","host tag" "","incidents older than" ""}} output parameter type description status code number http status code of the response reason string response reason phrase max impact string output field max impact incidents number unique identifier events number output field events sources number output field sources priority string output field priority start date string date value end date string date value output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"max impact" "","incidents" 1,"events" 1,"sources" 1,"priority" "","start date" "","end date" ""}} get mail attachment stats get mail attachment stats endpoint url papi/net/mail/attachment stats method get input argument name type required description parameters start date string required parameters for the get mail attachment stats action parameters end date string required parameters for the get mail attachment stats action parameters timezone string optional parameters for the get mail attachment stats action parameters key string optional parameters for the get mail attachment stats action parameters key id string optional parameters for the get mail attachment stats action parameters subkey id string optional parameters for the get mail attachment stats action parameters mail message id string optional parameters for the get mail attachment stats action parameters recipient string optional parameters for the get mail attachment stats action parameters subject string optional parameters for the get mail attachment stats action parameters sender string optional parameters for the get mail attachment stats action parameters min score string optional parameters for the get mail attachment stats action parameters md5 string optional parameters for the get mail attachment stats action parameters task uuid string optional parameters for the get mail attachment stats action parameters action string optional parameters for the get mail attachment stats action parameters message action string optional parameters for the get mail attachment stats action parameters content action string optional parameters for the get mail attachment stats action parameters blocked boolean optional parameters for the get mail attachment stats action parameters analysis task typed tags string optional parameters for the get mail attachment stats action parameters mail processing state string optional parameters for the get mail attachment stats action parameters mail analysis status string optional parameters for the get mail attachment stats action parameters mail delivery outcome string optional parameters for the get mail attachment stats action parameters lastline mail uuid string optional parameters for the get mail attachment stats action input example {"parameters" {"start date" "","end date" "","timezone" "","key" "","key id" "","subkey id" "","mail message id" "","recipient" "","subject" "","sender" "","min score" "","md5" "","task uuid" "","action" "","message action" "","content action" "","blocked"\ true,"analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase file type string type of the resource start date string date value total files number output field total files distinct files number output field distinct files max score string score value output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"file type" "","start date" "","total files" 1,"distinct files" 1,"max score" ""}} get mail attachments get mail attachments endpoint url papi/net/mail/attachments method get input argument name type required description parameters start time string required parameters for the get mail attachments action parameters end time string required parameters for the get mail attachments action parameters timezone string optional parameters for the get mail attachments action parameters key string optional parameters for the get mail attachments action parameters key id string optional parameters for the get mail attachments action parameters subkey id string optional parameters for the get mail attachments action parameters orderby string optional parameters for the get mail attachments action parameters max results string optional parameters for the get mail attachments action parameters offset results string optional parameters for the get mail attachments action parameters mail message id string optional parameters for the get mail attachments action parameters recipient string optional parameters for the get mail attachments action parameters subject string optional parameters for the get mail attachments action parameters sender string optional parameters for the get mail attachments action parameters min score string optional parameters for the get mail attachments action parameters md5 string optional parameters for the get mail attachments action parameters task uuid string optional parameters for the get mail attachments action parameters action string optional parameters for the get mail attachments action parameters message action string optional parameters for the get mail attachments action parameters content action string optional parameters for the get mail attachments action parameters blocked boolean optional parameters for the get mail attachments action parameters analysis task typed tags string optional parameters for the get mail attachments action parameters include typed tags string optional parameters for the get mail attachments action parameters mail processing state string optional parameters for the get mail attachments action parameters mail analysis status string optional parameters for the get mail attachments action parameters mail delivery outcome string optional parameters for the get mail attachments action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","mail message id" "","recipient" "","subject" "","sender" "","min score" "","md5" "","task uuid" "","action" "","message action" "","content action" "","blocked"\ true,"analysis task typed tags" "","include typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier time string time value message id string unique identifier timestamp string output field timestamp file name string name of the resource file type string type of the resource file size string output field file size md5 string output field md5 sha1 string output field sha1 task uuid string unique identifier score string score value llfiletype string type of the resource sender string output field sender recipient string output field recipient subject string output field subject action string output field action message action string response message typed tags string type of the resource appliance uuid string unique identifier output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"mail message id" "","subkey id" "","time" "","message id" "","timestamp" "","file name" "","file type" "","file size" "","md5" "","sha1" "","task uuid" "","score" "","llfiletype" "","sender" "","recipient" ""}} get mail delivery log get mail delivery log endpoint url papi/net/mail/mail delivery log method get input argument name type required description parameters start time string required parameters for the get mail delivery log action parameters end time string required parameters for the get mail delivery log action parameters timezone string optional parameters for the get mail delivery log action parameters mail message id string optional parameters for the get mail delivery log action parameters mail message log id string optional parameters for the get mail delivery log action input example {"parameters" {"start time" "","end time" "","timezone" "","mail message id" "","mail message log id" ""}} output parameter type description status code number http status code of the response reason string response reason phrase mail delivery outcome string output field mail delivery outcome delivery timestamp string output field delivery timestamp details string output field details host string output field host output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"mail delivery outcome" "","delivery timestamp" "","details" "","host" ""}} get mail detections get mail detections endpoint url papi/net/mail/detections method get input argument name type required description parameters start time string required parameters for the get mail detections action parameters end time string required parameters for the get mail detections action parameters timezone string optional parameters for the get mail detections action parameters mail message id string optional parameters for the get mail detections action input example {"parameters" {"start time" "","end time" "","timezone" "","mail message id" ""}} output parameter type description status code number http status code of the response reason string response reason phrase detector string output field detector action string output field action threat string output field threat threat class string output field threat class output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"detector" "","action" "","threat" "","threat class" ""}} get mail message get mail message endpoint url papi/net/mail/messages method get input argument name type required description parameters start time string required parameters for the get mail message action parameters end time string required parameters for the get mail message action parameters timezone string optional parameters for the get mail message action parameters mail message id string optional parameters for the get mail message action parameters include typed tags string optional parameters for the get mail message action input example {"parameters" {"start time" "","end time" "","timezone" "","mail message id" "","include typed tags" ""}} output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier date string date value message id string unique identifier timestamp string output field timestamp size string output field size sender string output field sender recipient string output field recipient subject string output field subject threat string output field threat threat class string output field threat class attachments number output field attachments urls number url endpoint for the request impact string output field impact relevant content string response content message action string response message content action string response content breach uuid string unique identifier assigned to string output field assigned to mail state string output field mail state typed tags string type of the resource mail processing state string output field mail processing state mail analysis status string status value output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"mail message id" "","subkey id" "","date" "","message id" "","timestamp" "","size" "","sender" "","recipient" "","subject" "","threat" "","threat class" "","attachments" 1,"urls" 1,"impact" "","relevant content" "" get mail message headers get mail message headers endpoint url papi/net/mail/mail message headers method get input argument name type required description parameters start time string required parameters for the get mail message headers action parameters end time string required parameters for the get mail message headers action parameters timezone string optional parameters for the get mail message headers action parameters mail message id string optional parameters for the get mail message headers action parameters mail message log id string optional parameters for the get mail message headers action input example {"parameters" {"start time" "","end time" "","timezone" "","mail message id" "","mail message log id" ""}} output parameter type description status code number http status code of the response reason string response reason phrase header field name string name of the resource header field body string request body data output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"header field name" "","header field body" ""}} get mail messages get mail messages endpoint url papi/net/mail/messages method get input argument name type required description parameters start time string required parameters for the get mail messages action parameters end time string required parameters for the get mail messages action parameters timezone string optional parameters for the get mail messages action parameters key string optional parameters for the get mail messages action parameters key id string optional parameters for the get mail messages action parameters subkey id string optional parameters for the get mail messages action parameters orderby string optional parameters for the get mail messages action parameters max results string optional parameters for the get mail messages action parameters offset results string optional parameters for the get mail messages action parameters mail message id string optional parameters for the get mail messages action parameters recipient string optional parameters for the get mail messages action parameters subject string optional parameters for the get mail messages action parameters sender string optional parameters for the get mail messages action parameters min score string optional parameters for the get mail messages action parameters md5 string optional parameters for the get mail messages action parameters task uuid string optional parameters for the get mail messages action parameters action string optional parameters for the get mail messages action parameters message action string optional parameters for the get mail messages action parameters content action string optional parameters for the get mail messages action parameters blocked boolean optional parameters for the get mail messages action parameters analysis task typed tags string optional parameters for the get mail messages action parameters mail processing state string optional parameters for the get mail messages action parameters mail analysis status string optional parameters for the get mail messages action parameters mail delivery outcome string optional parameters for the get mail messages action parameters lastline mail uuid string optional parameters for the get mail messages action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","mail message id" "","recipient" "","subject" "","sender" "","min score" "","md5" "","task uuid" "","action" "","message action" "","content action" "","blocked"\ true,"analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier date string date value message id string unique identifier timestamp string output field timestamp size string output field size sender string output field sender recipient string output field recipient subject string output field subject threat string output field threat threat class string output field threat class attachments number output field attachments urls number url endpoint for the request impact string output field impact relevant content string response content message action string response message content action string response content assigned to string output field assigned to mail state string output field mail state typed tags string type of the resource mail processing state string output field mail processing state mail analysis status string status value mail delivery outcome string output field mail delivery outcome output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"mail message id" "","subkey id" "","date" "","message id" "","timestamp" "","size" "","sender" "","recipient" "","subject" "","threat" "","threat class" "","attachments" 1,"urls" 1,"impact" "","relevant content" "" get mail messages malware get mail messages malware endpoint url papi/net/mail/messages malware method get input argument name type required description parameters start date string required parameters for the get mail messages malware action parameters end date string required parameters for the get mail messages malware action parameters timezone string optional parameters for the get mail messages malware action parameters key string optional parameters for the get mail messages malware action parameters key id string optional parameters for the get mail messages malware action parameters subkey id string optional parameters for the get mail messages malware action parameters recipient string optional parameters for the get mail messages malware action parameters subject string optional parameters for the get mail messages malware action parameters sender string optional parameters for the get mail messages malware action parameters relevant content string optional parameters for the get mail messages malware action parameters min impact string optional parameters for the get mail messages malware action parameters priority string optional parameters for the get mail messages malware action parameters threat string optional parameters for the get mail messages malware action parameters threat class string optional parameters for the get mail messages malware action parameters message action string optional parameters for the get mail messages malware action parameters content action string optional parameters for the get mail messages malware action parameters blocked boolean optional parameters for the get mail messages malware action parameters assigned to string optional parameters for the get mail messages malware action parameters mail state string optional parameters for the get mail messages malware action parameters analysis task typed tags string optional parameters for the get mail messages malware action parameters mail processing state string optional parameters for the get mail messages malware action parameters mail analysis status string optional parameters for the get mail messages malware action parameters mail delivery outcome string optional parameters for the get mail messages malware action parameters lastline mail uuid string optional parameters for the get mail messages malware action input example {"parameters" {"start date" "","end date" "","timezone" "","key" "","key id" "","subkey id" "","recipient" "","subject" "","sender" "","relevant content" "","min impact" "","priority" "","threat" "","threat class" "","message action" "","content action" "","blocked"\ true,"assigned to" "","mail state" "","analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase start time string time value end time string time value max impact string output field max impact occurrences number output field occurrences threat string output field threat threat class string output field threat class priority string output field priority output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"start time" "","end time" "","max impact" "","occurrences" 1,"threat" "","threat class" "","priority" ""}} get mail messages malware priority get mail messages malware priority endpoint url papi/net/mail/messages malware priority method get input argument name type required description parameters start date string required parameters for the get mail messages malware priority action parameters end date string required parameters for the get mail messages malware priority action parameters timezone string optional parameters for the get mail messages malware priority action parameters key string optional parameters for the get mail messages malware priority action parameters key id string optional parameters for the get mail messages malware priority action parameters subkey id string optional parameters for the get mail messages malware priority action parameters recipient string optional parameters for the get mail messages malware priority action parameters subject string optional parameters for the get mail messages malware priority action parameters sender string optional parameters for the get mail messages malware priority action parameters relevant content string optional parameters for the get mail messages malware priority action parameters min impact string optional parameters for the get mail messages malware priority action parameters priority string optional parameters for the get mail messages malware priority action parameters threat string optional parameters for the get mail messages malware priority action parameters threat class string optional parameters for the get mail messages malware priority action parameters message action string optional parameters for the get mail messages malware priority action parameters content action string optional parameters for the get mail messages malware priority action parameters blocked boolean optional parameters for the get mail messages malware priority action parameters assigned to string optional parameters for the get mail messages malware priority action parameters mail state string optional parameters for the get mail messages malware priority action parameters analysis task typed tags string optional parameters for the get mail messages malware priority action parameters mail processing state string optional parameters for the get mail messages malware priority action parameters mail analysis status string optional parameters for the get mail messages malware priority action parameters mail delivery outcome string optional parameters for the get mail messages malware priority action parameters lastline mail uuid string optional parameters for the get mail messages malware priority action input example {"parameters" {"start date" "","end date" "","timezone" "","key" "","key id" "","subkey id" "","recipient" "","subject" "","sender" "","relevant content" "","min impact" "","priority" "","threat" "","threat class" "","message action" "","content action" "","blocked"\ true,"assigned to" "","mail state" "","analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {}} get mail messages stats get mail messages stats endpoint url papi/net/mail/messages stats method get input argument name type required description parameters start date string required parameters for the get mail messages stats action parameters end date string required parameters for the get mail messages stats action parameters timezone string optional parameters for the get mail messages stats action parameters time scale string optional parameters for the get mail messages stats action parameters key string optional parameters for the get mail messages stats action parameters key id string optional parameters for the get mail messages stats action parameters subkey id string optional parameters for the get mail messages stats action parameters group by priority string optional parameters for the get mail messages stats action parameters recipient string optional parameters for the get mail messages stats action parameters subject string optional parameters for the get mail messages stats action parameters sender string optional parameters for the get mail messages stats action parameters relevant content string optional parameters for the get mail messages stats action parameters min impact string optional parameters for the get mail messages stats action parameters priority string optional parameters for the get mail messages stats action parameters threat string optional parameters for the get mail messages stats action parameters threat class string optional parameters for the get mail messages stats action parameters message action string optional parameters for the get mail messages stats action parameters content action string optional parameters for the get mail messages stats action parameters blocked boolean optional parameters for the get mail messages stats action parameters assigned to string optional parameters for the get mail messages stats action parameters mail state string optional parameters for the get mail messages stats action parameters analysis task typed tags string optional parameters for the get mail messages stats action parameters mail processing state string optional parameters for the get mail messages stats action parameters mail analysis status string optional parameters for the get mail messages stats action parameters mail delivery outcome string optional parameters for the get mail messages stats action input example {"parameters" {"start date" "","end date" "","timezone" "","time scale" "","key" "","key id" "","subkey id" "","group by priority" "","recipient" "","subject" "","sender" "","relevant content" "","min impact" "","priority" "","threat" "","threat class" "","message action" "","content action" "","blocked"\ true,"assigned to" "","mail state" "","analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase start date string date value end date string date value max impact string output field max impact occurrences number output field occurrences priority string output field priority output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"start date" "","end date" "","max impact" "","occurrences" 1,"priority" ""}} get mail processing log get mail processing log endpoint url papi/net/mail/mail processing log method get input argument name type required description parameters start time string required parameters for the get mail processing log action parameters end time string required parameters for the get mail processing log action parameters timezone string optional parameters for the get mail processing log action parameters mail message id string optional parameters for the get mail processing log action parameters mail message log id string optional parameters for the get mail processing log action input example {"parameters" {"start time" "","end time" "","timezone" "","mail message id" "","mail message log id" ""}} output parameter type description status code number http status code of the response reason string response reason phrase state string output field state timestamp string output field timestamp output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"state" "","timestamp" ""}} get mail url stats get mail url stats endpoint url papi/net/mail/url stats method get input argument name type required description parameters start date string required parameters for the get mail url stats action parameters end date string required parameters for the get mail url stats action parameters timezone string optional parameters for the get mail url stats action parameters key string optional parameters for the get mail url stats action parameters key id string optional parameters for the get mail url stats action parameters subkey id string optional parameters for the get mail url stats action parameters mail message id string optional parameters for the get mail url stats action parameters recipient string optional parameters for the get mail url stats action parameters subject string optional parameters for the get mail url stats action parameters sender string optional parameters for the get mail url stats action parameters min score string optional parameters for the get mail url stats action parameters md5 string optional parameters for the get mail url stats action parameters task uuid string optional parameters for the get mail url stats action parameters action string optional parameters for the get mail url stats action parameters message action string optional parameters for the get mail url stats action parameters content action string optional parameters for the get mail url stats action parameters blocked boolean optional parameters for the get mail url stats action parameters analysis task typed tags string optional parameters for the get mail url stats action parameters mail processing state string optional parameters for the get mail url stats action parameters mail analysis status string optional parameters for the get mail url stats action parameters mail delivery outcome string optional parameters for the get mail url stats action parameters lastline mail uuid string optional parameters for the get mail url stats action input example {"parameters" {"start date" "","end date" "","timezone" "","key" "","key id" "","subkey id" "","mail message id" "","recipient" "","subject" "","sender" "","min score" "","md5" "","task uuid" "","action" "","message action" "","content action" "","blocked"\ true,"analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase start date string date value total urls number url endpoint for the request distinct url number url endpoint for the request max score string score value output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"start date" "","total urls" 1,"distinct url" 1,"max score" ""}} get mail urls get mail urls endpoint url papi/net/mail/urls method get input argument name type required description parameters start time string required parameters for the get mail urls action parameters end time string required parameters for the get mail urls action parameters timezone string optional parameters for the get mail urls action parameters key string optional parameters for the get mail urls action parameters key id string optional parameters for the get mail urls action parameters subkey id string optional parameters for the get mail urls action parameters orderby string optional parameters for the get mail urls action parameters max results string optional parameters for the get mail urls action parameters offset results string optional parameters for the get mail urls action parameters mail message id string optional parameters for the get mail urls action parameters recipient string optional parameters for the get mail urls action parameters subject string optional parameters for the get mail urls action parameters sender string optional parameters for the get mail urls action parameters min score string optional parameters for the get mail urls action parameters md5 string optional parameters for the get mail urls action parameters task uuid string optional parameters for the get mail urls action parameters action string optional parameters for the get mail urls action parameters message action string optional parameters for the get mail urls action parameters content action string optional parameters for the get mail urls action parameters blocked boolean optional parameters for the get mail urls action parameters analysis task typed tags string optional parameters for the get mail urls action parameters mail processing state string optional parameters for the get mail urls action parameters mail analysis status string optional parameters for the get mail urls action parameters mail delivery outcome string optional parameters for the get mail urls action parameters lastline mail uuid string optional parameters for the get mail urls action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","mail message id" "","recipient" "","subject" "","sender" "","min score" "","md5" "","task uuid" "","action" "","message action" "","content action" "","blocked"\ true,"analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value date string date value message id string unique identifier timestamp string output field timestamp url string url endpoint for the request raw url string url endpoint for the request md5 string output field md5 task uuid string unique identifier score string score value sender string output field sender recipient string output field recipient subject string output field subject action string output field action message action string response message typed tags string type of the resource appliance uuid string unique identifier output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"mail message id" "","access key id" "","subkey id" "","time" "","date" "","message id" "","timestamp" "","url" "","raw url" "","md5" "","task uuid" "","score" "","sender" "","recipient" "","subject" ""}} get malware get malware endpoint url papi/net/incident/malware method get input argument name type required description parameters start date string required parameters for the get malware action parameters end date string required parameters for the get malware action parameters timezone string optional parameters for the get malware action parameters key string optional parameters for the get malware action parameters key id string optional parameters for the get malware action parameters subkey id string optional parameters for the get malware action parameters split by priority string optional parameters for the get malware action parameters whitelisting string optional parameters for the get malware action parameters homenet string optional parameters for the get malware action parameters archived string optional parameters for the get malware action parameters read string optional parameters for the get malware action parameters src ip string optional parameters for the get malware action parameters src hostname string optional parameters for the get malware action parameters breach uuid string optional parameters for the get malware action parameters host tag string optional parameters for the get malware action parameters incidents older than string optional parameters for the get malware action input example {"parameters" {"start date" "","end date" "","timezone" "","key" "","key id" "","subkey id" "","split by priority" "","whitelisting" "","homenet" "","archived" "","read" "","src ip" "","src hostname" "","breach uuid" "","host tag" "","incidents older than" ""}} output parameter type description status code number http status code of the response reason string response reason phrase start time string time value end time string time value max impact string output field max impact incidents number unique identifier events number output field events sources number output field sources threat string output field threat threat class string output field threat class priority string output field priority output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"start time" "","end time" "","max impact" "","incidents" 1,"events" 1,"sources" 1,"threat" "","threat class" "","priority" ""}} get similar event filters get similar event filters endpoint url papi/net/event/similar events filters/get method get input argument name type required description parameters event id string required parameters for the get similar event filters action parameters event time string required parameters for the get similar event filters action parameters key string optional parameters for the get similar event filters action parameters key id string optional parameters for the get similar event filters action parameters subkey id string optional parameters for the get similar event filters action input example {"parameters" {"event id" "","event time" "","key" "","key id" "","subkey id" ""}} output parameter type description status code number http status code of the response reason string response reason phrase relevant host ip string output field relevant host ip other host ip string output field other host ip server port string output field server port other host hostname string name of the resource transport protocol string output field transport protocol relevant host in homenet string output field relevant host in homenet other host in homenet string output field other host in homenet relevant host whitelisted string output field relevant host whitelisted detector string output field detector threat string output field threat threat class string output field threat class event outcome string output field event outcome event type string type of the resource file category string output field file category file type string type of the resource av class string output field av class malware string output field malware llanta rule uuid string unique identifier custom ids rule id string unique identifier relevant host tags string output field relevant host tags other host tags string output field other host tags output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"relevant host ip" "","other host ip" "","server port" "","other host hostname" "","transport protocol" "","relevant host in homenet" "","other host in homenet" "","relevant host whitelisted" "","detector" "","threa get source incident evidence get source incident evidence endpoint url papi/net/incident/host evidence method get input argument name type required description parameters start time string required parameters for the get source incident evidence action parameters end time string required parameters for the get source incident evidence action parameters src ip string optional parameters for the get source incident evidence action parameters key string optional parameters for the get source incident evidence action parameters key id string optional parameters for the get source incident evidence action parameters subkey id string optional parameters for the get source incident evidence action parameters customer string optional parameters for the get source incident evidence action parameters timezone string optional parameters for the get source incident evidence action parameters extended boolean optional parameters for the get source incident evidence action input example {"parameters" {"start time" "","end time" "","src ip" "","key" "","key id" "","subkey id" "","customer" "","timezone" "","extended"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase incident id string unique identifier reference event string output field reference event urls string url endpoint for the request blacklist match info string output field blacklist match info dga domains string output field dga domains dga domain count number count value download file type string type of the resource download file name string name of the resource llanta rule name string name of the resource detector goal string output field detector goal output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"incident id" "","reference event" "","urls" "","blacklist match info" "","dga domains" "","dga domain count" 1,"download file type" "","download file name" "","llanta rule name" "","detector goal" ""}} get unique detected urls get unique detected urls endpoint url papi/net/url/unique method get input argument name type required description parameters start time string required parameters for the get unique detected urls action parameters end time string required parameters for the get unique detected urls action parameters timezone string optional parameters for the get unique detected urls action parameters key string optional parameters for the get unique detected urls action parameters key id string optional parameters for the get unique detected urls action parameters subkey id string optional parameters for the get unique detected urls action parameters orderby string optional parameters for the get unique detected urls action parameters max results string optional parameters for the get unique detected urls action parameters offset results string optional parameters for the get unique detected urls action parameters detected url id string optional parameters for the get unique detected urls action parameters event id string optional parameters for the get unique detected urls action parameters include not analyzed string optional parameters for the get unique detected urls action parameters task uuid string optional parameters for the get unique detected urls action parameters priority string optional parameters for the get unique detected urls action parameters min score string optional parameters for the get unique detected urls action parameters url string optional parameters for the get unique detected urls action parameters md5 string optional parameters for the get unique detected urls action parameters http host string optional parameters for the get unique detected urls action parameters src ip string optional parameters for the get unique detected urls action parameters dst ip string optional parameters for the get unique detected urls action parameters homenet string optional parameters for the get unique detected urls action parameters whitelisting string optional parameters for the get unique detected urls action parameters analysis task typed tags string optional parameters for the get unique detected urls action parameters include typed tags string optional parameters for the get unique detected urls action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","detected url id" "","event id" "","include not analyzed" "","task uuid" "","priority" "","min score" "","url" "","md5" "","http host" "","src ip" "","dst ip" "","homenet" "","whitelisting" "","analysis task typed tags" "","include typed tags" ""}} output parameter type description status code number http status code of the response reason string response reason phrase url string url endpoint for the request md5 string output field md5 num requests number output field num requests num sensors number output field num sensors first seen string output field first seen last seen string output field last seen score string score value pending string output field pending task uuid string unique identifier src ip string output field src ip dst ip string output field dst ip num source ips number output field num source ips num dst ips number output field num dst ips http host string output field http host num http host number output field num http host typed tags string type of the resource output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"url" "","md5" "","num requests" 1,"num sensors" 1,"first seen" "","last seen" "","score" "","pending" "","task uuid" "","src ip" "","dst ip" "","num source ips" 1,"num dst ips" 1,"http host" "","num http host" 1}} get unique downloads get unique downloads endpoint url papi/net/file/unique downloads method get input argument name type required description parameters start time string required parameters for the get unique downloads action parameters end time string required parameters for the get unique downloads action parameters timezone string optional parameters for the get unique downloads action parameters key string optional parameters for the get unique downloads action parameters key id string optional parameters for the get unique downloads action parameters subkey id string optional parameters for the get unique downloads action parameters orderby string optional parameters for the get unique downloads action parameters max results string optional parameters for the get unique downloads action parameters offset results string optional parameters for the get unique downloads action parameters include not uploaded string optional parameters for the get unique downloads action parameters application protocol string optional parameters for the get unique downloads action parameters event id string optional parameters for the get unique downloads action parameters md5 string optional parameters for the get unique downloads action parameters task uuid string optional parameters for the get unique downloads action parameters min score string optional parameters for the get unique downloads action parameters filetype string optional parameters for the get unique downloads action parameters src ip string optional parameters for the get unique downloads action parameters src hostname string optional parameters for the get unique downloads action parameters dst ip string optional parameters for the get unique downloads action parameters http host string optional parameters for the get unique downloads action parameters homenet string optional parameters for the get unique downloads action parameters whitelisting string optional parameters for the get unique downloads action parameters analysis task typed tags string optional parameters for the get unique downloads action parameters include typed tags string optional parameters for the get unique downloads action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","include not uploaded" "","application protocol" "","event id" "","md5" "","task uuid" "","min score" "","filetype" "","src ip" "","src hostname" "","dst ip" "","http host" "","homenet" "","whitelisting" "","analysis task typed tags" "","include typed tags" ""}} output parameter type description status code number http status code of the response reason string response reason phrase access key id string unique identifier subkey id string unique identifier time string time value file name string name of the resource file size string output field file size md5 string output field md5 sha1 string output field sha1 file type string type of the resource extracted filename string name of the resource score string score value pending string output field pending task uuid string unique identifier event id string unique identifier src host string output field src host src hostname string name of the resource src port string output field src port dst host string output field dst host dst port string output field dst port relevant host ip string output field relevant host ip relevant host port string output field relevant host port relevant host hostname string name of the resource other host ip string output field other host ip other host port string output field other host port output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"access key id" "","subkey id" "","time" "","file name" "","file size" "","md5" "","sha1" "","file type" "","extracted filename" "","score" "","pending" "","task uuid" "","event id" "","src host" "","src hostname" " get unique mail attachments get unique mail attachments endpoint url papi/net/mail/unique attachments method get input argument name type required description parameters start time string required parameters for the get unique mail attachments action parameters end time string required parameters for the get unique mail attachments action parameters timezone string optional parameters for the get unique mail attachments action parameters key string optional parameters for the get unique mail attachments action parameters key id string optional parameters for the get unique mail attachments action parameters subkey id string optional parameters for the get unique mail attachments action parameters orderby string optional parameters for the get unique mail attachments action parameters max results string optional parameters for the get unique mail attachments action parameters offset results string optional parameters for the get unique mail attachments action parameters mail message id string optional parameters for the get unique mail attachments action parameters recipient string optional parameters for the get unique mail attachments action parameters subject string optional parameters for the get unique mail attachments action parameters sender string optional parameters for the get unique mail attachments action parameters min score string optional parameters for the get unique mail attachments action parameters md5 string optional parameters for the get unique mail attachments action parameters task uuid string optional parameters for the get unique mail attachments action parameters action string optional parameters for the get unique mail attachments action parameters message action string optional parameters for the get unique mail attachments action parameters content action string optional parameters for the get unique mail attachments action parameters blocked boolean optional parameters for the get unique mail attachments action parameters analysis task typed tags string optional parameters for the get unique mail attachments action parameters include typed tags string optional parameters for the get unique mail attachments action parameters mail processing state string optional parameters for the get unique mail attachments action parameters mail analysis status string optional parameters for the get unique mail attachments action parameters mail delivery outcome string optional parameters for the get unique mail attachments action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","mail message id" "","recipient" "","subject" "","sender" "","min score" "","md5" "","task uuid" "","action" "","message action" "","content action" "","blocked"\ true,"analysis task typed tags" "","include typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier time string time value message id string unique identifier timestamp string output field timestamp file name string name of the resource file type string type of the resource file size string output field file size md5 string output field md5 sha1 string output field sha1 task uuid string unique identifier score string score value llfiletype string type of the resource sender string output field sender recipient string output field recipient subject string output field subject action string output field action message action string response message typed tags string type of the resource appliance uuid string unique identifier output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"mail message id" "","subkey id" "","time" "","message id" "","timestamp" "","file name" "","file type" "","file size" "","md5" "","sha1" "","task uuid" "","score" "","llfiletype" "","sender" "","recipient" ""}} get unique mail urls get unique mail urls endpoint url papi/net/mail/unique urls method get input argument name type required description parameters start time string required parameters for the get unique mail urls action parameters end time string required parameters for the get unique mail urls action parameters timezone string optional parameters for the get unique mail urls action parameters key string optional parameters for the get unique mail urls action parameters key id string optional parameters for the get unique mail urls action parameters subkey id string optional parameters for the get unique mail urls action parameters orderby string optional parameters for the get unique mail urls action parameters max results string optional parameters for the get unique mail urls action parameters offset results string optional parameters for the get unique mail urls action parameters mail message id string optional parameters for the get unique mail urls action parameters recipient string optional parameters for the get unique mail urls action parameters subject string optional parameters for the get unique mail urls action parameters sender string optional parameters for the get unique mail urls action parameters min score string optional parameters for the get unique mail urls action parameters md5 string optional parameters for the get unique mail urls action parameters task uuid string optional parameters for the get unique mail urls action parameters action string optional parameters for the get unique mail urls action parameters message action string optional parameters for the get unique mail urls action parameters content action string optional parameters for the get unique mail urls action parameters blocked boolean optional parameters for the get unique mail urls action parameters analysis task typed tags string optional parameters for the get unique mail urls action parameters mail processing state string optional parameters for the get unique mail urls action parameters mail analysis status string optional parameters for the get unique mail urls action parameters mail delivery outcome string optional parameters for the get unique mail urls action parameters lastline mail uuid string optional parameters for the get unique mail urls action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","mail message id" "","recipient" "","subject" "","sender" "","min score" "","md5" "","task uuid" "","action" "","message action" "","content action" "","blocked"\ true,"analysis task typed tags" "","mail processing state" "","mail analysis status" "","mail delivery outcome" "","lastline mail uuid" ""}} output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value date string date value message id string unique identifier timestamp string output field timestamp url string url endpoint for the request raw url string url endpoint for the request md5 string output field md5 task uuid string unique identifier score string score value sender string output field sender recipient string output field recipient subject string output field subject action string output field action message action string response message typed tags string type of the resource appliance uuid string unique identifier output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"mail message id" "","access key id" "","subkey id" "","time" "","date" "","message id" "","timestamp" "","url" "","raw url" "","md5" "","task uuid" "","score" "","sender" "","recipient" "","subject" ""}} get url detections get url detections endpoint url papi/net/url/all method get input argument name type required description parameters start time string required parameters for the get url detections action parameters end time string required parameters for the get url detections action parameters timezone string optional parameters for the get url detections action parameters key string optional parameters for the get url detections action parameters key id string optional parameters for the get url detections action parameters subkey id string optional parameters for the get url detections action parameters orderby string optional parameters for the get url detections action parameters max results string optional parameters for the get url detections action parameters offset results string optional parameters for the get url detections action parameters detected url id string optional parameters for the get url detections action parameters event id string optional parameters for the get url detections action parameters include not analyzed string optional parameters for the get url detections action parameters task uuid string optional parameters for the get url detections action parameters priority string optional parameters for the get url detections action parameters min score string optional parameters for the get url detections action parameters url string optional parameters for the get url detections action parameters md5 string optional parameters for the get url detections action parameters http host string optional parameters for the get url detections action parameters src ip string optional parameters for the get url detections action parameters dst ip string optional parameters for the get url detections action parameters homenet string optional parameters for the get url detections action parameters whitelisting string optional parameters for the get url detections action parameters analysis task typed tags string optional parameters for the get url detections action parameters include typed tags string optional parameters for the get url detections action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" "","offset results" "","detected url id" "","event id" "","include not analyzed" "","task uuid" "","priority" "","min score" "","url" "","md5" "","http host" "","src ip" "","dst ip" "","homenet" "","whitelisting" "","analysis task typed tags" "","include typed tags" ""}} output parameter type description status code number http status code of the response reason string response reason phrase url string url endpoint for the request md5 string output field md5 detected url id string url endpoint for the request access key id string unique identifier subkey id string unique identifier timestamp string output field timestamp detection time string time value event id string unique identifier score string score value pending string output field pending task uuid string unique identifier src host string output field src host src ip string output field src ip src port string output field src port dst host string output field dst host dst ip string output field dst ip dst port string output field dst port http host string output field http host user agent string output field user agent referer string output field referer typed tags string type of the resource output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"url" "","md5" "","detected url id" "","access key id" "","subkey id" "","timestamp" "","detection time" "","event id" "","score" "","pending" "","task uuid" "","src host" "","src ip" "","src port" "","dst host" ""} list event urls list event urls endpoint url papi/net/event/urls method get input argument name type required description parameters event id string optional parameters for the list event urls action parameters event time string optional parameters for the list event urls action parameters key string optional parameters for the list event urls action parameters key id string optional parameters for the list event urls action parameters subkey id string optional parameters for the list event urls action parameters customer string optional parameters for the list event urls action parameters limit number optional parameters for the list event urls action input example {"parameters" {"event id" "","event time" "","key" "","key id" "","subkey id" "","customer" "","limit" 1}} output parameter type description status code number http status code of the response reason string response reason phrase url string url endpoint for the request raw url string url endpoint for the request method string http method to use output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"url" "","raw url" "","method" ""}} list events list events endpoint url papi/net/event/list method get input argument name type required description parameters start time string optional parameters for the list events action parameters end time string optional parameters for the list events action parameters timezone string optional parameters for the list events action parameters key string optional parameters for the list events action parameters key id string optional parameters for the list events action parameters subkey id string optional parameters for the list events action parameters orderby string optional parameters for the list events action parameters max results number optional parameters for the list events action parameters offset results number optional parameters for the list events action parameters event id string optional parameters for the list events action parameters incident id string optional parameters for the list events action parameters priority string optional parameters for the list events action parameters threat class string optional parameters for the list events action parameters threat string optional parameters for the list events action parameters src id string optional parameters for the list events action parameters relevant host ip string optional parameters for the list events action parameters other host ip string optional parameters for the list events action parameters relevant host hostname string optional parameters for the list events action parameters other host string optional parameters for the list events action parameters host tag string optional parameters for the list events action parameters src ip string optional parameters for the list events action parameters dest ip string optional parameters for the list events action parameters src hostname string optional parameters for the list events action parameters entry string optional parameters for the list events action parameters min impact string optional parameters for the list events action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","orderby" "","max results" 1,"offset results" 1,"event id" "","incident id" "","priority" "","threat class" "","threat" "","src id" "","relevant host ip" "","other host ip" "","relevant host hostname" "","other host" "","host tag" "","src ip" "","dest ip" "","src hostname" "","entry" "","min impact" "","transport" "","port" "","whitelisting" "","homenet" "","event outcome" ""}} output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value transport string output field transport occurrences number output field occurrences blocked boolean output field blocked relevant host ip string output field relevant host ip other host ip string output field other host ip server port number output field server port relevant host hostname string name of the resource other host hostname string name of the resource src host string output field src host dst host string output field dst host dst port number output field dst port src hostname string name of the resource src id string unique identifier host label string output field host label host whitelisted boolean output field host whitelisted src mac string output field src mac entry string output field entry output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"event id" "","access key id" "","subkey id" "","time" "20130623t13 22 0500","start time" "23/01/2023","end time" "23/01/2023","transport" "","occurrences" 1,"blocked"\ true,"relevant host ip" "","other host ip" ""," list incidents list incidents endpoint url papi/net/incident/list method get input argument name type required description parameters start time string required parameters for the list incidents action parameters end time string required parameters for the list incidents action parameters timezone string optional parameters for the list incidents action parameters key string optional parameters for the list incidents action parameters key id string optional parameters for the list incidents action parameters subkey id string optional parameters for the list incidents action parameters max results number optional parameters for the list incidents action parameters offset results number optional parameters for the list incidents action parameters priority string optional parameters for the list incidents action parameters threat class string optional parameters for the list incidents action parameters threat string optional parameters for the list incidents action parameters src id string optional parameters for the list incidents action parameters src ip string optional parameters for the list incidents action parameters src hostname string optional parameters for the list incidents action parameters archived string optional parameters for the list incidents action parameters read string optional parameters for the list incidents action parameters whitelisting string optional parameters for the list incidents action parameters homenet string optional parameters for the list incidents action parameters breach uuid string optional parameters for the list incidents action parameters host tag string optional parameters for the list incidents action parameters incidents older than string optional parameters for the list incidents action input example {"parameters" {"start time" "","end time" "","timezone" "","key" "","key id" "","subkey id" "","max results" 1,"offset results" 1,"priority" "","threat class" "","threat" "","src id" "","src ip" "","src hostname" "","archived" "","read" "","whitelisting" "","homenet" "","breach uuid" "","host tag" "","incidents older than" ""}} output parameter type description status code number http status code of the response reason string response reason phrase incident id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value events number output field events src host string output field src host num src ips number output field num src ips src hostname string name of the resource blocked string output field blocked src id string unique identifier src label string output field src label host label string output field host label host whitelisted string output field host whitelisted threat string output field threat threat class string output field threat class impact string output field impact is archived string output field is archived is read string output field is read archived cause string output field archived cause breach uuid string unique identifier output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" 65,"strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google"},"reason" "ok","json body" {"incident id" "","access key id" "","subkey id" "","time" "20130623t13 22 0500","start time" "","end time" "","events" 1,"src host" "","num src ips" 1,"src hostname" "","blocked" "","src id" "","src label" "","host response headers header description example content length the length of the response body in bytes 65 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated tue, 20 jun 2023 15 12 14 gmt server information about the software used by the origin server ingress nginx strict transport security http response header strict transport security max age=15724800; includesubdomains via http response header via 1 1 google