Skip to content

Explanation of automated actions

CyberQuestPlayBook/SendAlert method

This action generates an alert with a provided parameters.

Inputs Description
alert_name (is required) The name that will be used in the alert
description The drescription that will be used in the alert
alert_security_level (is required) The alert security level that will be used in the alert
alert_security_score (is required) The alert security score that will be used in the alert

CyberQuestPlayBook/IF method

IF node evaluates the condition and directs the flow through the green output if the evaluation is TRUE otherwise through the red output if the evaluation is FALSE.

Inputs Description
condition (is required) Condition which will be evaluated

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/Code method

Code node is using a DTS object from CYBERQUEST to modify/enrich the playbook data flow with custom functionality which is defined by the user.

Inputs Description
DTS (is required) DTS, or Data Transformation Services, is a JavaScript-based parsing service with multifunctional capabilities. Its main function is to perform advanced transformations on data derived from gathered events

CyberQuestPlayBook/Eval method

This action it's used to evaluate a condition and stop the playbook if it failes.

Inputs Description
condition (is required) Condition which will be evaluated

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/Count method

This operation determines the number of elements present in the array.

Inputs Description
Left Argument (is required) The argument which you want to count
Operation (is required) The operation which is used to count the arguments
Right Argument (is required) The value of the count

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/RunPlayBook method

Enables the execution of a pre-existing playbook.

Inputs Description
PlayBook (is required) The name of the playbook which you want to run
Playbook Input (is required) The input of the playbook

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/ForEachRunPlayBook method

Enables the execution of a pre-existing playbook by a number of times.

Inputs Description
PlayBook (is required) The name of the playbook which you want to run
Playbook Input (is required) The input of the playbook
Iterated Variable (is required) The variable which indicates how many times the playbook will be executed

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/BreakLoopAfterEnd method

This action is used to stop the ForEachRunPlayBook execution.

CyberQuestPlayBook/Check Items In TI method

Checks a list of IP or Domains or Tor Exit Nodes in Threat Intelligence.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
List (is required) The list of IPs or Domains or Tor Exit Nodes which will be verified
Type (is required) The type of check, you can choose from the dropdown list the following items: IPs or Domains or Tor Exit Nodes
Outputs Description
Data (data) The results of the API call

CyberQuestPlayBook/Check And Block IP method

Verified whether the IPs are present in the CQTI list, and block them if they are found in that list.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
IPs A list of the IPs (one per line)
IPs as Array IPs as Array
expires The duration of blocking
comment Additional informations
List The name of the list
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/ValidateCertificates method

This action is verifying for list of hosts the SSL Certificates.

Inputs Description
Hosts (is required) The Hosts you want to check

CyberQuestPlayBook/ValidateCertificate method

This action is verifying a host the SSL Certificates.

Inputs Description
Host (is required) The Host you want to check

CyberQuestPlayBook/Add Case Types method

This action is used to add one or more case types to an already open case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you wish to assign the case type
Case Types (is required) The case types which you want to add of the existing case

CyberQuestPlayBook/Remove Case Types method

This action is used to remove one or more case types to an already open case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to delete the case type
Case Types (is required) The case types which you want to delete of the existing case (one per line)

CyberQuestPlayBook/Create Case method

This action is used to create a new investigation case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Name (is required) The name of the investigation case
Collaborators A list of users ids that can work on this case (array)
Case Types A list of case types which you want to add to the investigation case (array of strings)
Description Additional details about the investigation case.
Outputs Description
Case ID (case_id) The ID of the new created investigation case
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Event Evidence method

This method is used to add additional information (Event) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add event
Input Event (is required) Event to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/SetKeyValueToGlobalEnv method

Set a variable to be called globally.

Inputs Description
Key (is required) The name of the variable
Value (is required) The value which you want to be stored in variable

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/GetKeyValueToGlobalEnv method

This action gets the global parameter.

Inputs Description
Key (is required) The name of the variable which is set globally

This action is intended to work in a playbook not to be used in a single action.

CyberQuestPlayBook/Case Add Events method

This method is used to add additional information (Events) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add events
Input Events (is required) Events to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Alert Evidence method

This method is used to add additional information (Alert) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add alert
Input Alert (is required) Alert to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Alerts method

This method is used to add additional information (Alerts) to the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to add alerts
Input Alerts (is required) Alerts to be added in the existing case
Note Additional details about the evidence
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Get Alerts method

This method is used to get the alerts from the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to get the alerts
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Get Events method

This method is used to get the events from the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to get the events
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Get Notes method

This method is used to get the notes from the existing case.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID where you want to get the notes
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Reopen Case method

This method is used to reopen the case which were closed.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to reopen
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Open Case method

This action help to classify the open cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to classify
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Solved Case method

This action help to classify the solved cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to classify
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Close Case method

This action help to classify the closed cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to classify
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Achieve case method

This action help to archive the cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the case which you want to archive
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Case Add Note method

This action help to create a note for the existing cases.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Case ID (is required) The Case ID of the existing case which you want to add the note
Note (is required) The informations you want to add to the Note
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Blocked IPs method

This method help you to block a list of IPs.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
List The list of IPs that you want to block
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Blocked Domains method

This method help you to block a list of Domains.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
List The list of Domains that you want to block
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Add Blocked IPs method

This action help you to block a list o IPs.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
IPs (is required) A list of the IPs (one per line)
expires The duration of blocking
comment Additional informations
List The name of the list
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

CyberQuestPlayBook/Add Blocked Domains method

This action help you to block a list o Domains.

Inputs Description
Host (is required) The host of the CQServer
API Key (is required) The API Key of the CQServer
Domains (is required) A list of the Domains (one per line)
expires The duration of blocking
comment Additional informations
List The name of the list
Outputs Description
Data (data) The results of the API call
Is Success (isSuccess) True if the API call is successfull
Message (message) Additional details of the API call
Error Message (errorMessage) Additional details of the errors

LinuxActions/Disable User method

This action is used to Disable a User.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to disable

LinuxActions/Enable User method

This action is used to Enable a User.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to enable

LinuxActions/Expire User Password method

This action is used to set the period of the User password.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to set the period of the password

LinuxActions/Disable User Password Expire method

This action is used to disable the period of the User password.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to disable the period of the password

LinuxActions/Start Service method

This action is used to start a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Start a Service

LinuxActions/Stop Service method

This action is used to stop a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Stop a Service

LinuxActions/Restart Service method

This action is used to restart a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Restart a Service

LinuxActions/Enable Service method

This action is used to enable a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Enable a Service

LinuxActions/Disable Service method

This action is used to enable a service disable a service.

Inputs Description
Service Name (is required) Provide the Service Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Disable a Service

LinuxActions/Kill Process by PID method

This action is used to Kill a process by PID.

Inputs Description
PID (is required) Provide the Process ID (PID)
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Kill a Process by Process ID

LinuxActions/Kill Process by Name method

This action is used to Kill a process by name.

Inputs Description
Process Name (is required) Provide the Process Name
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to Kill a Process by Name

LinuxActions/CQ Services Status method

This action is used to check the services status.

Inputs Description
Host (is required) The target host
Credentials (is required) The credentials of the Computer that you want to check the CYBERQUEST Services

LinuxActions/Block IP Address method

This action is used to Block IP Address.

Inputs Description
ipAddress (is required) The IP Address that you want to block
host (is required) The host that you want to block the IP Address
credentialsGUID (is required) The credentials of the Computer that you want to block the IP Address

LinuxActions/Remove Block IP Address method

This action is used to Remove Block IP Address.

Inputs Description
ipAddress (is required) The blocked IP Address that you want to remove
host (is required) The host that you want to remove the blocked IP Address
credentialsGUID (is required) The credentials of the Computer that you want to remove the blocked IP Address

LinuxActions/Check if OS Is Windows method

This action is used to check if OS Is Windows.

Inputs Description
host (is required) The host that you want to verify the Operating System

WindowsActions/Disable User method

This action is used to disable a User.

Inputs Description
Targeted User (is required) The user who is targeted
Host (is required) The target host
Credentials GUID (is required) Credentials GUID

WindowsActions/Enable User method

This action is used to enable a User.

Inputs Description
Target User (is required) The user who is targeted
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to disable

WindowsActions/Start Service method

This action is used to start a service.

Inputs Description
Targeted Service (is required) Provide the Service Name
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to Start a Service

WindowsActions/Stop Service method

This action is used to stop a service.

Inputs Description
Targeted Service (is required) Provide the Service Name
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to Stop a Service

WindowsActions/Restart Service method

This action is used to restart a service.

Inputs Description
Targeted Service (is required) Provide the Service Name
Host (is required) The target host
Credentials GUID (is required) The credentials of the Computer that you want to Restart a Service

Notifications/Microsoft Teams method

This action help you to send notification to Microsoft Teams.

Inputs Description
Notification Content (is required) The content of notification

Notifications/Slack method

This action help you to send notification to Slack.

Inputs Description
Notification Content (is required) The content of notification

Notifications/Jira method

This action help you to send notification to Jira.

Inputs Description
Notification Content (is required) The content of notification

Notifications/Email

This action help you to send notification to Email.

Inputs Description
To (is required) To
Subject (is required) Subject
Message (is required) Subject

AbuseIPDB

AbuseIPDB/Check IP method

This action executes an AbuseIPDB IP lookup using the IP address you provided.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP Address (is required) The IP Address which is verified by AbuseIPDB
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Verbose Reports can be included in this response if the verbose flag is added
Outputs Description
IP Address(ipAddress) The investigated IP address
Is Public(isPublic) True or False if the ip is public or not
IP Version(ipVersion) The version of the investigated IP
Is Whitelisted(isWhitelisted) True or false if the investigated IP is in Whitelist of AbuseIPDB
Abuse Confidence Score(abuseConfidenceScore) This score is calculated by AbuseIPDB. This score can be used to take action against a malicious IP
Country Code(countryCode) The country code from which the investigated IP originates
Country Name(countryName) The country name from which the investigated IP originates
Usage Type(usageType) The general use of the investigate IP address (for example: Comercial, Organization, Government, Military, etc.)
ISP(isp) The name of the Internet Service Provider which provided the IP which is investigated
Domain Name(domain) The domain name of the ISP which provided the IP which is investigated
Is TOR(isTor) True or False if the investigated IP was seen in TOR nodes
Total Reports(totalReports) The total number of registered reports about the investigated IP
Distinct Users(numDistinctUsers) The number of distinct users who reported the investigated IP
Last Reported at(lastReportedAt) The date when the investigated IP was last time reported
Reports(reports) The list of reports for the investigated IP

AbuseIPDB/Reports method

This action get reports about IP address.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP Address (is required) The IP address which is verified
Page Navigate the created pagination via PerPage parameter
PerPage Adjust the pagination
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Outputs Description
Total(total) Total number of reports for investigated IP
Page(page) The page number of reports list
Count(count) The number of reports presented in the page
Per Page(perPage) How many reports are listed by page
Last Page(lastPage) The number of the last page which contains reports
Next Page URL(nextPageUrl) The URL of the next page which contains reports
Previous Page URL(previousPageUrl) The URL of the previous page which contains reports
Results(results) The reports listed by page

AbuseIPDB/Blacklist method

This action depending on the input settings you have chosen, AbuseIPDB will return a list of all reported IP addresses or a list of a specific subset of reported IP addresses.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
Minimum Confidence It helps to determine the level of trust or reliability assigned to the reported information associated with an IP address
Limit The number of IP addresses included in the list
Plain Text Set the Plain Text flag if you prefer a simple newline-separated plaintext response
Only Countries This parameter retrieves IPs that only originate in the given country or countries
Except Countries This parameter retrieves all IPs except those that originate in the given country or countries
IP Version Filter results by IP version (v4 or v6) with this parameter
Outputs Description
Generated at(generatedAt) The date when the blacklist was generated
Data(data) List of blacklisted IPs and additional details (Abuse Confidence Score and date the IP was last reported)

AbuseIPDB/Create Report method

Based on the IP address and malware category you have chosen, reports a specific IP address that has been linked to malicious online activity to AbuseIPDB.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP (is required) The reported IP address (IPv4 or IPv6)
Categories (is required) The category in which the IP will be reported
Comment Related information (server logs, timestamps, etc.)
Outputs Description
IP Address(ipAddress) The reported IP Address
Abuse Confidence Score(abuseConfidenceScore) This score is calculated by AbuseIPDB. This score can be used to take action against a malicious IP

AbuseIPDB/Check Blocked IP method

This action check if the IP is block.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
Network (is required) The network address that will be queried
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Outputs Description
Network Address(networkAddress) The starting IP address of the subnet
Netmask(netmask) The subnet mask
Min Address(minAddress) The minimum IP address within the subnet
Max Address(maxAddress) The maximum IP address within the subnet
Number of Possible Hosts(numPossibleHosts) The total number of possible hosts in the subnet
Address Space Description(addressSpaceDesc) A description of the address space (e.g., “Loopback”)
Reported Address(reportedAddress) For each IP address within the subnet, the following details are provided:
ipAddress: The specific IP address;
numReports: The total number of abuse reports for that IP;
mostRecentReport: The timestamp of the most recent report;
abuseConfidenceScore: A calculated evaluation of how abusive the IP is based on user reports;
countryCode: The country code (if available).

AbuseIPDB/Clear Address method

This action clear an IP address.

Inputs Description
Token (is required) To use the AbuseIPDB API, you must have an API key
IP Address (is required) The IP address which is cleared
Fetch Reports from Past (days) The Fetch Reports from Past parameter determines how far back in time(days) we go to fetch reports. By default is 30 days, but not older than 90 days
Outputs Description
Number of Reports Deleted(numReportsDeleted) The number of reports deleted associated with the specified IP address reported by you ( you cant delete reports from another user account)

AlienVault

AlienVault User/Validate User API Key method

Validate your API Key configuration.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Outputs Description
Subscriber Count(subscriber_count) The number of subscribers of the user
Follower Count(follower_count) The number of followers of the user
Member Since(member_since) The timestamp of the creation of the account of the user
Award Count(award_count) The number of awards of the user
Username(username) The username of the user

AlienVault User/User Actions method

Perform actions like follow/subscribe to other users by username.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Username (is required) The user on whom the action takes place
Action (is required) The action that will happen: subscribe, unsubscribe, follow, unfollow
Outputs Description
Status(status) The status of API call

AlienVault Users/Validate API Key method

Validate your API Key configuration.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Outputs Description
Subscriber Count(subscriber_count) The number of subscribers of the user
Follower Count(follower_count) The number of followers of the user
Member Since(member_since) The timestamp of the creation of the account of the user
User ID(user_id) The ID of the user
Username(username) The username of the user

AlienVault Users/Users Actions method

Perform actions like follow/subscribe to other users by username.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Username (is required) The user on whom the action takes place
Action (is required) The action that will happen: subscribe, unsubscribe, follow, unfollow
Outputs Description
Status(status) The status of the API call

AlienVault Search/Search Users method

Search for users matcing query.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
User (is required) Query string to search results with
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: username, pulse_count
Outputs Description
Results(results) The results of the API call

AlienVault Search/Search Pulses method

Search for pulses matcing query.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: modified, created, subscriber_count
Query Query string to search results with
Outputs Description
Results(results) The results of the API call

AlienVault Pulses/View Pulse method

View or edit of pulse with id pulse_id. When editing a pulse, use PATCH.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse
Outputs Description
ID(id) The ID of the interogated Pulse
Name(name) The name of the Pulse
Description(description) Details about Pulse
Author Name(author_name) The name of the person/authority who created the Pulse
Modified(modified) The timestamp when Pulse was last time modified
Created(created) The timestamp when Pulse was created
Tags(tags) A list which contains the tags added by the creator of the Pulse
References(references) A collection of information containing references to various external sources relevant Pulse
Targeted Countries(targeted_countries) A list which contains countries affected by the malware from the Pulse
Indicators(indicators) Informations about the specific threat or security event which is investigated
Groups(groups) A list which contains Open Source Threat Intelligence
Malware Families(malware_families) A list containing the categories in which the malware was classified
Attack IDs(attack_ids) A list which contains attack ids
Industries(industries) A list containing possible industries affected by malware

AlienVault Pulses/List indicators for Pulse method

Returns paginated list view of the indicators inside the pulse pulse_id.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse that will be used
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Related Pulses based on an indicator method

Return all pulses that share an indicator with this pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse that will be used
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Related Pulses By Malware Family method

Find pulses related to either an existing a malware family.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Malware Family (is required) The malware family you'd like to find pulsed related to
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

Find pulses related to either an existing an adversary.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Adversary (is required) Adversary you'd like to find pulsed related to
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Show Subscribed Pulses method

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Modified since (optional, ISO format datetime (UTC) string) Only include pulses who is modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00.123+00:00)
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/IDs of subscribed Pulses method

List the IDs of all pulses you are subscribed to.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Activity of Pulses method

Activity feed consists of pulses:

  • All pulse subscriptions (directly subscribed to pulse, and all pulses by subscribed to users)

  • All pulses created by myself

  • All pulses by users I am following

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Modified since (optional, ISO 8601 format datetime (UTC) string) Only include pulses who is modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00+00:00)
Outputs Description
Results(results) A list which contains reports for the Pulse based of API call

AlienVault Pulses/Subscribe to a Pulse method

Subscribe to pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse the will be used
Outputs Description
Status(status) The status of the action
Subscriber Count(subscriber_count) The number of subscribers of the Pulse

AlienVault Pulses/Unsubscribe from a Pulse method

Unsubscribe from pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Pulse ID (is required) The ID of Pulse the will be used
Outputs Description
Status(status) The status of the action
Subscriber Count(subscriber_count) The number of subscribers of the Pulse

AlienVault Pulses/List indicators recognized by OTX method

Returns string representations of each indicator type (i.e. "domain"), as recognized by OTX.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Outputs Description
Detail(detail) A list with indicators recognized by AlienVault

AlienVault Pulses/List Events for a Pulses method

List events, such as subscribe/unsubscribe to user/pulse.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Modified since (optional, ISO format datetime (UTC) string) Only include pulses modified more recently than a specific time.
Outputs Description
Results(results) A list of events related to pulse

AlienVault Pulses/Return authenticated or passed users method

Returns authenticated users or passed in user created pulse feed, default sorted by latest modified.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Username (is required) Retrieve details about the username that will be introduced
Since (optional, ISO format datetime (UTC) string) Only include pulses who has modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00.123+00:00)
Outputs Description
Results(results) The results of the API call

AlienVault Pulses/My Pulses method

Returns your feed of pulses you've created, default sorted by latest modified.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Since (optional, ISO format datetime (UTC) string) Only include pulses who has modified time is strictly greater than the supplied parameter. Accepts any valid ISO 8601 formatted datetime, with resolution up to and including milliseconds (for example 2017-01-01T12:35:00.123+00:00)
Outputs Description
Results(results) A list with pulses created by you
Count(count) The number of pulses created by you

AlienVault Indicators/Details about Domains HTTP Scans Section method

Indicator page API for https scan section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Data(data) A list of reports for the intevestigated IP

AlienVault Indicators/Details about Domains Malware Section method

Indicator page API for malware section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Data(data) A list of reports for the intevestigated IP

AlienVault Indicators/Details about Domains Passive DNS Section method

Indicator page API for DNS section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated domain

AlienVault Indicators/Details about Domains URL List Section method

Indicator page API for URL List section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
url_list(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about Domains Geo Section method

Indicator page API for Geo Section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
ASN(asn) The name of ASN
Country Code(country_code) The country name from where originates investigated IP

AlienVault Indicators/Details about Domains General Section method

Indicator page API for General section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
WHOIS(whois) An external link to gain additional WHOIS informations
Alexa(alexa) An external link to gain additional informations from Amazon Alexa
Indicator(indicator) Informations about the specific threat or security event which is investigated
Type(type) The type of the investigation
Validation(validation) A list of validations done on the investigated domain

AlienVault Indicators/Details about Domains WHOIS Section method

Indicator page API for WHOIS section.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Domain (is required) Retrieve details about domain that will be introduced
Outputs Description
Data(data) A list of reports for the intevestigated domain
Related(related) A list of domains related to the investigated domain

AlienVault Indicators/Get Correlation Rule method

Indicator page API for Correlation Rules.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Correlation Rule (is required) Correlation rules in AlienVault are used to analyze and correlate data from various security data sources, such as logs, network traffic, and vulnerability scans
Outputs Description
Indicator(indicator) Indicator (Correlation Rule from input parameter) link related events to detect security threats
Pulses Info(pulses) Threat summaries available in the AlienVault Open Threat Exchange (OTX).

AlienVault Indicators/Submit URL method

This is an endpoint to Submit a single URL at once.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) The url that will be submitted
TLP (is required) Select the color of TLP for the url that will be submitted
Outputs Description
Status(status) The status of API call
Result(result) The result of analysis

AlienVault Indicators/Get Network Intrusion Detection Systems General Section method

Indicator page API for NIDSs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
NIDS (is required) Retrieve details about NIDS that will be introduced
Outputs Description
Base Indicator(base_indicator) Essential information about the specific threat or security event which is investigated
Pulses Info(pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX)
False Positive(false_positive) An Array which includes the false positives detected
Category(category) The main category of security event detected by NIDS
Subcategory(subcategory) Additional details about security event detected by NIDS
Name(name) The name of the security event
Malware Name(malware_name) The malware category in which is classified the security event
Event Activity(event_activity) Details security event
CVE(cve) CVE (Common Vulnerabilities and Exposures) is a program that assigns unique identifiers to publicly disclosed cybersecurity vulnerabilities

AlienVault Indicators/Get Common Vulnerability Enumeration General Section method

Indicator page API for CVEs (MITRE's Common Vulnerability Enumeration).

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
CVE (is required) Retrieve details about CVE (Common Vulnerabilities and Exposures) that will be introduced
Outputs Description
MITRE URL(mitre_url) The Mitre URL to CVE ID investigated
NVD URL(nvd_url) The NDV URL to CVE ID investigated
Base Indicator(base_indicator) Essential information about the specific threat or security event which is investigated
CVE(cve) CVE ID which is investigated
Pulses Info(pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX).
Configurations(configurations) The configurations used to test the CVE
Exploits(exploits) A structured set of data containing information about vulnerabilities
Products(products) A structured set of data containing information about affected products
References(references) A collection of information containing references to various external sources relevant to the CVE investigated
Description(description) General description about
Date modified(date_modified) The last timestamp when the report was modified
Date created(date_created) The timestamp when the report was created
CVSS(cvss) Common Vulnerability Scoring System
CVSS V2(cvss_v2) Common Vulnerability Scoring System Version 2
CVSS V3(cvss_v3) Common Vulnerability Scoring System Version 3

AlienVault Indicators/Get details for URLs HTTPS Scans Section method

Indicator page API for URLs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) Retrieve details about URL that will be introduced
Outputs Description
Data(data) The results of the API call which contains

AlienVault Indicators/Get details for URLs URL List Section method

Indicator page API for URLs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) Retrieve details about URL that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API
City(city) The city from where originates investigated URL
Region(region) The region from where originates investigated URL
Country Code(country_code) The country code from where originates investigated URL

AlienVault Indicators/Get details for URLs General Section method

Indicator page API for URLs.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
URL (is required) Retrieve details about URL that will be introduced
Outputs Description
Indicator(indicator) Informations about the specific threat or security event which is investigated
Alexa(alexa) An external link to gain additional informations from Amazon Alexa
WHOIS(whois) An external link to gain additional WHOIS informations
Domain(domain) The domain name of the investigated URL

AlienVault Indicators/Details about Files Hashes Analysis Section method

Indicator page API for files (file hashes).

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
File Hash (is required) Retrieve details about file hash that will be introduced
Outputs Description
Analysis (analysis) The result of the investigation
Malware (malware) The possible types of malware detected

AlienVault Indicators/Details about Files Hashes General Section method

Indicator page API for files (file hashes).

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
File Hash (is required) Retrieve details about file hash that will be introduced
Outputs Description
Type (type) The type of the investigated hash
Type Title (type_title) The full name of the investigated hash
Indicator (indicator) Informations about the specific threat or security event which is investigated
Validation (validation) A list of validations done on the investigated hash
Base Indicator (base_indicator) Essential information about the specific threat or security event which is investigated
Pulse Info (pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX).
False Positive (false_positive) An Array which includes the false positives detected

AlienVault Indicators/Details about Hostnames Passive WHOIS Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
Data(data) A list of reports for investigated hostname
Related(related) A list of hostnames related to the investigated hostname

AlienVault Indicators/Details about Hostnames Passive Malware Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
Data(data) A list of reports for investigated hostname
Count(count) A list of reports for investigated hostname

AlienVault Indicators/Details about Hostnames Passive DNS Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated hostname
Count(count) The number of reports for the investigated hostname

AlienVault Indicators/Details about Hostnames URL List Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about Hostnames General Section method

Indicator page API for hostname names.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Hostname (is required) Retrieve details about hostname that will be introduced
Outputs Description
WHOIS (whois) An external link to gain additional WHOIS informations
Alexa (alexa) An external link to gain additional informations from Amazon Alexa
Indicator (indicator) Informations about the specific threat or security event which is investigated
Type (type) The type of the investigated hash
Type Title (type_title) The full name of the investigated hash
Pulses (pulses) Threat summaries available in the AlienVault Open Threat Exchange (OTX)

AlienVault Indicators/Details about IPv6 Passive DNS Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated IP
Count(count) The number of reports for the investigated IP

AlienVault Indicators/Details about IPv6 URL List Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about IPv6 Malware Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
Data (data) The reports about the investigated IP
Count (count) The number of reports for investigated IP

AlienVault Indicators/Details about IPv6 Geo Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
ASN(asn) The name of ASN
City Data(city_data) Details about the city from where originates investigated IP
Country Code(country_code) The country name from where originates investigated IP

AlienVault Indicators/Details about IPv6 Reputation Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
Reputation(reputation) This value is calculated by AlienVault, it represents the degree of trust of the investigated IP

AlienVault Indicators/Details about IPv6 General Section method

Indicator page API for IPv6 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv6 (is required) Retrieve details about IPv6 that will be introduced
Outputs Description
WHOIS (whois) An external link to gain additional WHOIS informations
Reputation (reputation) This value is calculated by AlienVault, it represents the degree of trust of the investigated IP
Indicator (indicator) Informations about the specific threat or security event which is investigated
Type (type) The type of the investigated IP
ASN (asn) The name of ASN
Country Code (country_code) The country code from where originates investigated IP
Country Name (country_name) The country name from where originates investigated IP
Pulses Info (pulses) Threat summaries available in the AlienVault Open Threat Exchange (OTX)

AlienVault Indicators/Details about IPv4 HTTP Scans Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
Data(Data) A list of reports for the intevestigated IP

AlienVault Indicators/Details about IPv4 Passive DNS Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
Passive DNS(passive_dns) A list of reports for investigated IP

AlienVault Indicators/Details about IPv4 URL List Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
URL List(url_list) The reports obtained after calling the API

AlienVault Indicators/Details about IPv4 Malware Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
Data(data) The results of the API call

AlienVault Indicators/Details about IPv4 Geo Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
ASN (asn) The name of ASN
Country Code (country_code) The country name from where originates investigated IP
City (city) The city from where originates investigated IP
Region (region) The region from where originates investigated IP
Latitude (latitude) The latitude from where originates investigated IP
Longitude (longitude) The longitude from where originates investigated IP

AlienVault Indicators/Details about IPv4 General Section method

Indicator page API for IPv4 Addresses.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
IPv4 (is required) Retrieve details about IPv4 that will be introduced
Outputs Description
WHOIS (whois) An external link to gain additional WHOIS informations
Reputation (reputation) This value is calculated by AlienVault, it represents the degree of trust of the investigated IP
Indicator (indicator) Informations about the specific threat or security event which is investigated
Type (type) The type of the investigated IP
ASN (asn) The name of ASN
Country Code (country_code) The country name from where originates investigated IP
Pulses info (pulse_info) Threat summaries available in the AlienVault Open Threat Exchange (OTX).
Base Indicator (base_indicator) Essential information about the specific threat or security event which is investigated
False Positive (false_positive) An Array which includes the false positives detected

AlienVault Indicators/List of submitted URLs method

Returns a list of all submitted URLs, along with the status of the submission.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: add_date,url,complete_date
Outputs Description
Results(results) A list with subbmited URLs
Count(count) The number of submitted URLs for investigation

AlienVault Indicators/List of submitted Files method

Returns a list of all submitted files, along with the status of the submission.

Inputs Description
Token (is required) To use the AlienVault API, you must have an API key
Limit Number of results to include per page
Page Which page of results is desired
Sort Order by one of these fields: add_date,sha256,complete_date
Outputs Description
Result(result) The result of analysis

APIVoid

APIVoid/Query ThreatLog method

This API lets you query ThreatLog.com database of malicious domains.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Outputs Description
Data (Data) The result of the API call
Credits Remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/IP Reputation method

This API lets you check the reputation and geolocation of an IPv4 address.Additionally the API also detects public proxy, web proxy, Tor and VPN IP addresses.

Inputs Description
Token (is required) Your APIVoids API key
IP (is required) IPv4 address to submit
Exclude Engines List of comma-separated engines to exclude
Spamhaus Key Your Spamhaus ZEN DQS key, this will enable Spamhaus engine
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain Reputation method

This API lets you check if a domain name is blacklisted by trusted sources.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Exclude Engines List of comma-separated engines to exclude
Spamhaus Key Your Spamhaus DBL DQS key, this will enable Spamhaus engine
Outputs Description
Data (data) The result of the API call
Credits Remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Take Screenshot method

This API lets you take high-quality screenshots of any web page and URL.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
Format Image format, can be png or jpg
Full Page Lets you take a full page screenshot
Viewport Width Lets you change browser viewport width in pixels
Viewport Height Lets you change browser viewport height in pixels
Image Width Lets you change the thumbnail image width in pixels
Image Height Lets you change the thumbnail image height in pixels
User Agent Lets you change the browser user agent string, must be encoded
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Disable JavaScript Lets you disable JavaScript
Disable Pop-ups Lets you disable alerts, prompts and confirmation dialogs
Disable Images Lets you disable loading of images
Disable Ads Lets you disable advertisements
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/URL Reputation method

This API can help you identify potentially unsafe and phishing URLs.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
User Agent Lets you change the browser user agent string, must be encoded
Referer Lets you change the referer URL
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain Age method

This API lets you get domain registration date and domain age in days.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Timeout Set a custom timeout in seconds, can be from 5 to 30 seconds
Cache Only Get data only from cache (if present) for faster response
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Check Site method

This API provides you important details about a website to check if it is legit.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain Name Availability method

This API lets you check if a domain name is parked/for sale.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/URL Status Check method

This API lets you check if an URL is online or offline (down or not accessible).

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) Host to submitURL to submit, must be encoded
User Agent Lets you change the browser user agent string, must be encoded
Referer Lets you change the referer URL
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain DNS Propagation method

This API lets you check if DNS records of a domain have propagated globally.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
DNS Type (is required) DNS type
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if notOutputs

APIVoid/Capture HTML Page method

This API lets you capture the HTML page source after JavaScript has been executed.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/SSL Info method

This API provides you details about a websites SSL certificate.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit, i.e google.com
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Check Email method

This API provides you useful information about an email address.

Inputs Description
Token (is required) Your APIVoids API key
Email (is required) Email to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Hosted Domains hosted on the same IP method

This API lets you find a list of domains hosted on the same IPv4 address.

Inputs Description
Token (is required) Your APIVoids API key
IP (is required) IPv4 address to submit
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Outputs Description
Success (success) True if the API call is successfully executed, false if not

APIVoid/Check SPF method

This API lets you check and validate SPF record of any domain.

Inputs Description
Token (is required) Your APIVoids API key
Host (is required) Host to submit
IP IPv4 or IPv6 address you want to check if it is authorized to send emails
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/HTTP Request Checker method

This API lets you check HTTP requests made by an URL or a website.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
User Agent Lets you change the browser user agent string, must be encoded
Accepted Language Lets you change the accept language HTTP header, format is like en or en-US
Geolocation Change geolocation
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/URL to PDF Conversion method

This API lets you convert an URL into a high-quality PDF document.

Inputs Description
Token (is required) Your APIVoids API key
URL (is required) URL to submit, must be encoded
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

APIVoid/Domain DNS Records method

This API lets you easily get DNS records of domain names.

Inputs Description
Token (is required) Your APIVoids API key
Action (is required) DNS lookup type, can be dns-a, dns-aaaa, dns-mx, dns-ns, dns-dmarc, dns-ptr, dns-txt, dns-any, dns-cname, dns-soa, dns-srv, dns-caa
Host (is required) Host to submit
Outputs Description
Data (data) The result of the API call
Credits remained (credits_remained) The number of the remained credits
Success (success) True if the API call is successfully executed, false if not

Blocklist.de

Blocklist.de/Return all IP from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Return All SSH IPs from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Return All Mails IPs from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Return All Apache IPs from 48h method

All IP addresses that have attacked one of our customers/servers in the last 48 hours.

Outputs Description
values(values) The results of the API call

Blocklist.de/Last Added IP Addresses method

Get only the last added IP Addresses.

Inputs Description
Token (is required) To use the Blocklist.de API, you must have an API key
Time (is required) The hour you want to see the last added IPs in the last 48 hours
Outputs Description
values(values) The results of the API call

Blocklist.de/Last Added IP Addresses and Reports method

The API can currently only issue attacks and reports per user, server or ip-address.

Inputs Description
Token (is required) To use the Blocklist.de API, you must have an API key
IP (is required) IP-Address to check the Attacks
Server ID of the server to query
Email E-mail address of the user
Start Start time as a Unix timestamp if the number is passed one is being sought for the first time
End Should end as a Unix timestamp, to find where (End of Time-List)
Format Output format: text (default, two rows), php (serialized), xml (xml file), json (json encoded)
Outputs Description
values(values) The results of the API call

BOTVRIJ.EU

Botvreij.eu MISP OSINT/Open Source IOCs method

Botvrij.eu provides different sets of open source IOCs that you can use in your security devices to detect possible malicious activity.

Inputs Description
Data Type (is required) The dataset you want to access
Outputs Description
raw_encoded(raw_encoded) The results of the API call

CheckPhish

CheckPhish/URL Scan Submission method

Submit URL for Scan.

Inputs Description
Token (is required) To use the CheckPhish API, you must have an API key
URL (is required) The URL which is submitted for analysis
Outputs Description
Job ID(jobID) jobID of the scan
Timestamp(timestamp) Timestamp of when the scan the submission of report started

CheckPhish/Scan Results Retrieval method

Get API results from scan.

Inputs Description
Token (is required) To use the CheckPhish API, you must have an API key
Job ID (is required) This parameter is used to identify the report of the URL submitted
Insights Additional details for report
Outputs Description
Job ID (jobID) jobID of the scan
Timestamp (timestamp) Timestamp of when the scan of report was finalised
Status (status) Status of whether the job has completed. Returns DONE when completed
URL (url) URL submitted for scanning
URL SHA256 (url_sha256) SHA256 of the url submitted for scanning
Disposition (disposition) The list of dispositions can be found below
Brand (brand) Brand being targeted by the URL
Insights (insights) insights link
Resolved (resolved) True if the URL resolved. Else False
Screenshot Path (screenshot_path) Storage location of the screenshot for the scan
Error (error) False if the API call execution successfully, otherwise true

Checkpoint Management API

Checkpoint Management API/Login with Credentials method

Log in to the server with username and password. The server shows your session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request.

Inputs Description
User (is required) Administrator user name.
Password (is required) Administrator password.
Server (is required) Server Address
Port (is required) Web Port
Continue Last Session When continue-last-session is set to True, the new session would continue where the last session was stopped. This option is available when the administrator has only one session that can be continued. If there is more than one session, see switch-session API.
Domain Use domain to login to specific domain. Domain can be identified by name or UID.
Enter Last Published Session Login to the last published session. Such login is done with the Read Only permissions.
New Password Administrator new password. Can only be used for first login, when the administrator password must be changed.
Read Only Login with Read Only permissions. This parameter is not considered in case continue-last-session is true.
Session Comments Session comments. Can be viewed only using the show-session API.
Session Description A description of the sessions purpose.
Session Name Session unique name.
Session Timeout general: General metadata about the Correlation Rule
Outputs Description
SID (sid) Session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Disk Space Message (disk_space_message) Information about the available disk space on the management server
Last Login (last_login_was_at) Timestamp when administrator last accessed the management server
Login Message (login_message) Login message
Read Only (read_only) True if this session is read only
Session Timeout (session_timeout) Session expiration timeout in seconds
Standby (standby) True if this management server is in the standby mode
UID (uid) Session object unique identifier. This identifier may be used in the discard API to discard changes that were made in this session, when administrator is working from another session, or in the switch-session API
URL (url) URL that was used to reach the API server

Checkpoint Management API/Login with API Key method

Log in to the server with username and password. The server shows your session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request.

Inputs Description
API Key (is required) Administrator API key. When using api-key, there is no need to send user/password parameters.
Server (is required) Server Address
Port (is required) Web Port
Continue Last Session When continue-last-session is set to True, the new session would continue where the last session was stopped. This option is available when the administrator has only one session that can be continued. If there is more than one session, see switch-session API.
Domain Use domain to login to specific domain. Domain can be identified by name or UID.
Enter Last Published Session Login to the last published session. Such login is done with the Read Only permissions.
New Password Administrator new password. Can only be used for first login, when the administrator password must be changed.
Read Only Login with Read Only permissions. This parameter is not considered in case continue-last-session is true.
Session Comments Session comments. Can be viewed only using the show-session API.
Session Description A description of the sessions purpose.
Session Name Session unique name.
Session Timeout general: General metadata about the Correlation Rule
Outputs Description
SID (sid) Session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Api Server Version (api_server_version) API Server version
Disk Space Message (disk_space_message) Information about the available disk space on the management server
Last Login (last_login_was_at) Timestamp when administrator last accessed the management server
Login Message (login_message) Login message
Read Only (read_only) True if this session is read only
Session Timeout (session_timeout) Session expiration timeout in seconds
Standby (standby) True if this management server is in the standby mode
UID (uid) Session object unique identifier. This identifier may be used in the discard API to discard changes that were made in this session, when administrator is working from another session, or in the switch-session API
URL (url) URL that was used to reach the API server

Checkpoint Management API/Publish method

All the changes done by this user will be seen by all users only after publish is called.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
UID Session unique identifier. Specify it to publish a different session than the one you currently use
Outputs Description
Task ID (task_id) Publish task UID. Use show-task command to check the progress of the task

Checkpoint Management API/Discard method

All changes done by user are discarded and removed from database.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
UID Session unique identifier. Specify it to discard a different session than the one you currently use
Outputs Description
Message (message) Publish task UID. Use show-task command to check the progress of the task
Number of discarded changes (number_of_discarded_changes) Publish task UID. Use show-task command to check the progress of the task

Checkpoint Management API/Logout method

Log out from the current session. After logging out the session id is not valid any more.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
Outputs Description
Message (message) Operation status

Checkpoint Management API/Disconnect method

Disconnect a private session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
UID (is required) Session unique identifier
Discard Discard all changes committed during the session
Outputs Description
Message (message) Operation status

Checkpoint Management API/Keep Alive method

Keep the session valid/alive.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Port (is required) Web Port
Outputs Description
Message (message) Operation status

Checkpoint Management API/Login to Domain method

Login from MDS to other domain.This command is available only after logging in to the System Data domain.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Domain (is required) Domain identified by the name or UID
Continue Last Session When continue-last-session is set to True, the new session would continue where the last session was stopped. This option is available when the administrator has only one session that can be continued. If there is more than one session, see switch-session API
Read Only Login with Read Only permissions. This parameter is not considered in case continue-last-session is true
Outputs Description
SID (sid) Session unique identifier. Enter this session unique identifier in the X-chkp-sid header of each request
API Server Version (api_server_version) API Server version
Disk Space Message (disk_space_message) Information about the available disk space on the management server
Last Login (last_login_was_at) Timestamp when administrator last accessed the management server
Login Message (login_message) Login message
Read Only (read_only) True if this session is read only.
Session Timeout (session_timeout) Session expiration timeout in seconds
Standby (standby) True if this management server is in the standby mode
UID (uid) Session object unique identifier. This identifier may be used in the discard API to discard changes that were made in this session, when administrator is working from another session, or in the switch-session API
URL (url) URL that was used to reach the API server

Checkpoint Management API/Revert to Revision method

Revert the Management Database to the selected revision.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
To session Session unique identifier. Specify the session id you would like to revert your database to
Outputs Description
Task ID (task_id) Asynchronous task unique identifier. Use show-task command to check the progress of the task

Checkpoint Management API/Set Session method

Edit users current session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Description Session description
Tags Collection of tag identifiers
Color Color of the object. Should be one of existing colors
Comments Comments string
Ignore Warnings Apply changes ignoring warnings
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored
Outputs Description
Name (name) Object name. Must be unique in the domain
UID (uid) Object unique identifier
Application (application) The name of the application serving the Management API requests.
Changes (changes) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Connected Server (connected_server) The server which the user is currently connected to.
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Session (expired_session) True if the session is expired.
In Work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login Time (last_login_time) Session description
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Phone Number (phone_number) Administrator phone number.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Username (user_name) The name of the logged in user.
Workflow History (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Domain (domain) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Icon (icon) Object icon.
Meta Info (meta_info) Object metadata.
Read Only (read_only) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Show Session method

Show session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Session unique identifier
Detailed Admin Info Session unique identifier. Specify the session id you would like to revert your database to
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier
Type (type) Object type
Administrator (administrator) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Application (application) The name of the application serving the Management API requests
Changes (changes) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Connected Server (connected_server) The server which the user is currently connected to
Connection Mode (connection_mode) Session connection mode
Description (description) Session description
Email (email) Administrator email
Expired Sessions (expired_session) True if the session is expired
In work (in_work) True if the session is in work state
IP Address (ip_address) IP address from which the session was initiated
Last Login Time (last_login_time) Session description
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server
Locks (locks) Number of locked objects
Phone Number (phone_number) Administrator phone number
Publish Time (publish_time) Timestamp when user published changes on the management server
Session Timeout (session_timeout) Session expiration timeout in seconds
State (state) Session state
Tags (tags) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Username (user_name) The name of the logged in user
Workflow History (workflow_history) Show details per each workflow action
Workflow State (workflow_state) Workflow session state
Color (color) Color of the object. Should be one of existing colors
Comments (comments) Comments string
Domain (domain) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Icon (icon) Object icon
Meta Info (meta_info) Object metadata
Read Only (read_only) Asynchronous task unique identifier. Use show-task command to check the progress of the task
Available Actions (available_actions) Actions that are available on the object

Checkpoint Management API/Switch Session method

Switch to a disconnected Management API session of the same administrator. To switch to an open session or to a session of a different administrator use the take-over session API.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier
Type (type) Object type.
Application (application) The name of the application serving the Management API requests
Changes (changes) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Connected Server (connected_server) The server which the user is currently connected to
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Sessions (expired_session) True if the session is expired.
In work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login Time (last_login_time) Session description
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Phone Number (phone_number) Administrator phone number.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state.
Tags (tags) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Username (user_name) The name of the logged in user.
Workflow History (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Domain (domain) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Icon (icon) Object icon.
Meta Info (meta_info) Object metadata.
Read Only (read_only) Asynchronous task unique identifier. Use show-task command to check the progress of the task.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Continue Session in Smartconsole method

Logout from existing session. The session will be continued next time your open SmartConsole. In case uid is not provided, use current session. In order for the session to pass successfully to SmartConsole, make sure you dont have any other active GUI sessions.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Session unique identifier.
Outputs Description
Name (name) Object name. Must be unique in the domain.

Checkpoint Management API/Show Sessions method

Retrieve all objects.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Filter Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The logical operators in the expression (AND, OR) should be provided in capital letters. The search involves both a IP search and a textual search in name, comment, tags etc.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts results by the given field. By default the results are sorted in the descending order by the session publish time.
View Published Sessions Show a list of published sessions.
Details Level he level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
From (from) From which element number the query was done.
Objects (objects) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
To (to) To which element number the query was done.
Total (total) Total number of elements returned by the query.

Checkpoint Management API/Show Last Published Session method

Shows the last published session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application (application) The name of the application serving the Management API requests.
Changes (changes) Number of pending changes.
Connected Server (connected_server) The server which the user is currently connected to.
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Session (expired_session) True if the session is expired.
In Work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login Time (last_login_time) Session description.
Last Logout Time (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Phone Number (phone_number) Administrator phone number.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Username (user_name) The name of the logged in user.
Workflow history (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Icon (icon) Object icon.
Meta Info (meta_info) Object metadata.
Read Only (read_only) Indicates whether the object is read-only.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Assign Session method

Assign a session ownership to another administrator.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Administrator Name Assignee administrator name. Specify it to assign a session to another administrator.
UID Session unique identifier. Specify it to assign a different session than the one you currently use.
Disconnect Active Session Allows assignment of an active session, currently executed by another administrator.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Take Over Session method

Take ownership of another session and start working on it.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Disconnect Active Session Allows taking over of an active session, currently executed by another administrator.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application (application) The name of the application serving the Management API requests.
Changes (changes) Number of pending changes.
Connected Server (connected_server) The server which the user is currently connected to.
Connection Mode (connection_mode) Session connection mode.
Description (description) Session description.
Email (email) Administrator email.
Expired Session (expired_session) True if the session is expired.
In Work (in_work) True if the session is in work state.
IP Address (ip_address) IP address from which the session was initiated.
Last Login time (last_login_time) Session description.
Last Logout (last_logout_time) Timestamp when user last accessed the management server.
Locks (locks) Number of locked objects.
Publish Time (publish_time) Timestamp when user published changes on the management server.
Session Timeout (session_timeout) Session expiration timeout in seconds.
State (state) Session state
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Username (user_name) The name of the logged in user.
Workflow History (workflow_history) Show details per each workflow action.
Workflow State (workflow_state) Workflow session state.

Checkpoint Management API/Purge Published Sessions method

Permanently deletes all data which belongs to the published sessions not selected for preservation. This operation is irreversible.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Number of sessions to preserve The number of newest sessions to preserve, by the sessionss publish date. Number of sessions to preserve or Preserve to date is REQUIRED!
Preserve to date The date until which sessions are preserved, by the sessionss publish date. ISO 8601. If timezone isnt specified in the input, the Management servers timezone is used. Number of sessions to preserve or Preserve to date is REQUIRED!
Outputs Description
Task ID (task_id) Asynchronous task unique identifier. Use show-task command to check the progress of the task.

Checkpoint Management API/Submit Session method

Workflow feature - Submit the session for approval.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Session unique identifier.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Approve Session method

Workflow feature - Approve and Publish the session.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Reject Session method

Workflow feature - Return the session to the submitter administrator.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID (is required) Session unique identifier.
Comments (is required) Reject justification.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Show Login Message method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Details Lever The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Type (type) Object type.
Header (header) Login message header
Message (message) Login message body.
Show Message (show_message) Whether to show login message.
Warning (warning) Add warning sign.
Domain (domain) Information about the domain that holds the Object.

Checkpoint Management API/Set Login Message method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Header Login message header.
Message Login message body.
Show Message Whether to show login message.
Warning Add warning sign.
Details Lever The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Type (type) Object type.
Header (header) Login message header
Message (message) Login message body.
Show Message (show_message) Whether to show login message.
Warning (warning) Add warning sign.
Domain (domain) Information about the domain that holds the Object

Checkpoint Management API/Set Login Purge method

Set Automatic Purge. NOTE! this command will permanently delete all of the data which belongs to the published sessions not selected for preservation. In Multi-Domain Server, it should be done for each domain.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Enabled (is required) Login message header.
Keep sessions by count Whether or not to keep the latest N sessions. Note: when the automatic purge feature is enabled, this field and/or the keep-sessions-by-date field must be set to true.
Number of sessions to keep When keep-sessions-by-count = true this sets the number of newest sessions to preserve, by the sessionss publish date.
Keep sessions by days Whether or not to keep the sessions for D days. Note: when the automatic purge feature is enabled, this field and/or the keep-sessions-by-count field must be set to true.
Number of days keep When keep-sessions-by-days = true this sets the number of days to keep the sessions.
Scheduling When to purge sessions that do not meet the keep criteria. Note: when the automatic purge feature is enabled, this field must be set.
Outputs Description
Enabled (enabled) Turn on/off the automatic-purge feature.
Keep session by count (keep_sessions_by_count) Whether or not to keep the latest N sessions.
Number of sessions to keep (number_of_sessions_to_keep) The number of newest sessions to preserve, by the sessionss publish date.
Keep sessions by days (keep_sessions_by_days) Whether or not to keep the sessions for D days.
Number of days to keep (number_of_days_to_keep) When keep-sessions-by-days = true this sets the number of days to keep the sessions.
Scheduling (scheduling) When to purge sessions that do not meet the keep criteria.

Checkpoint Management API/Show Automatic Purge method

Show Automatic Purge.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Outputs Description
Enabled (enabled) Turn on/off the automatic-purge feature.
Keep session by count (keep_sessions_by_count) Whether or not to keep the latest N sessions.
Number of sessions to keep (number_of_sessions_to_keep) The number of newest sessions to preserve, by the sessionss publish date.
Keep sessions by days (keep_sessions_by_days) Whether or not to keep the sessions for D days.
Number of days to keep (number_of_days_to_keep) When keep-sessions-by-days = true this sets the number of days to keep the sessions.
Scheduling (scheduling) When to purge sessions that do not meet the keep criteria.

Checkpoint Management API/Show Logs method

Showing logs according to the given filter.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
New Query Running a new query.
Query ID Get the next page of last run query with specified limit.
Ignore Warnings Ignore warnings if exist
Outputs Description
Incidents (incidents) Incident object when error or warning occur.
Logs (logs) Logs result.
Logs Count (logs_count) Number of logs in the result.
Query ID (query_id) Get the next page of last run query with specified limit.
Tops (tops) Tops result.
Tops Count (tops_count) Total logs in top response.

Checkpoint Management API/Set Access Rule method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Must be unique in the domain. Name or UID or Rule Number is REQUIRED!
UID Object unique identifier. Name or UID or Rule Number is REQUIRED!
Rule Number Rule number. Name or UID or Rule Number is REQUIRED!
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Action Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer.
Action settings Action settings.
Content List of processed file types that this rule applies on.
Content Direction On which direction the file types processing is applied.
Content Negate True if negate is set for data.
Custom Fields Custom fields.
Destination Collection of Network objects identified by the name or UID.
Destination Negate True if negate is set for destination.
Enabled Enable/Disable the rule.
Inline Layer Inline Layer identified by the name or UID. Relevant only if Action was set to Apply Layer.
Install on Which Gateways identified by the name or UID to install the policy on.
New Name The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
New position New position in the rulebase.
Service Collection of Network objects identified by the name or UID.
Service negate True if negate is set for service.
Service resource Resource of the service identified by the name or UID. When a service-resource exists, the service parameter should contains exactly one service element.
Source Collection of Network objects identified by the name or UID.
Source negate True if negate is set for source.
Tags Collection of tag objects identified by the name or UID.
Time List of time objects. For example: Weekend, Off-Work, Every-Day.
Track Track Settings.
User check UserCheck settings.
VPN Communities or Directional.
Comments Comments string.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Action (action) Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Action Settings (action_settings) Action settings.
Content (content) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Content Direction (content_direction) On which direction the file types processing is applied.
Content Negate (content_negate) True if negate is set for data.
Custom Fields (custom_fields) Custom fields.
Destination (destination) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Destination Negate (destination_negate) True if negate is set for destination.
Destination Ranges (destination_ranges) Displays the destination as ranges of IP addresses, in case show-as-ranges is set to true.In this case, destination and destination-negate parameters are omitted.
Enabled (enabled) Enable/Disable the rule.
Expiration Settings (expiration_settings) Displays the expiration date settings.
Hits (hits) Hits count object.
Inline Layer (inline_layer) Inline Layer identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Layer (layer)
Service (service) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Service Negate (service_negate) True if negate is set for service.
Service Ranges (service_ranges) Displays the services and applications as ranges of port numbers, in case show-as-ranges is set to true.In this case, service and service-negate parameters are omitted.
Service Resource (service_resource) Resource of the service.
Source (source) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Source Negate (source_negate) True if negate is set for source.
Source Ranges (source_ranges) Displays the source as ranges of IP addresses, in case show-as-ranges is set to true.In this case, source and source-negate parameters are omitted.
Tags (tags) Collection of tag objects identified by the name or UID
Time (time) List of time objects. For example: Weekend, Off-Work, Every-Day. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Track (track) Track Settings.
User Check (user_check) UserCheck settings.
VPN (vpn) VPN settings. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Show Access Rulebase method

Shows the entire Access Rules layer. This layer is divided into sections. An Access Rule may be within a section, or independent of a section (in which case it is said to be under the global section). The reply features a list of objects. Each object may be a section of the layer, with all its rules in, or a rule itself, for the case of rules which are under the global section. An optional filter field may be added in order to filter out only those rules that match a search criteria.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Must be unique in the domain. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Filter Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical operators in the expression (AND, OR) should be provided in capital letters. If an operator is not used, the default OR operator applies.
Filter Settings Sets filter preferences.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
Package Name of the package.
Show as ranges When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than network objects.Objects that are not represented using IP addresses or port numbers are presented as objects.In addition, the response of each rule does not contain the parameters: source, source-negate, destination, destination-negate, service and service-negate, but instead it contains the parameters: source-ranges, destination-ranges and service-ranges.Note: Requesting to show rules as ranges is limited up to 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request.
Show expiration settings Indicates whether to calculate and show expiration date settings field in reply.
Show hits
User object dictionary
Hits settings
Dereference group members Indicates whether to dereference members field by details level for every object in reply.
Show membership Indicates whether to calculate and show groups field for every object in reply.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Action (action) Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Action Settings (action_settings) Action settings.
Content (content) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Content Direction (content_direction) On which direction the file types processing is applied.
Content Negate (content_negate) True if negate is set for data.
Custom Fields (custom_fields) Custom fields.
Destination (destination) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Destination Negate (destination_negate) True if negate is set for destination.
Destination Ranges (destination_ranges) Displays the destination as ranges of IP addresses, in case show-as-ranges is set to true.In this case, destination and destination-negate parameters are omitted.
Enabled (enabled) Enable/Disable the rule.
Expiration Settings (expiration_settings) Displays the expiration date settings.
Hits (hits) Hits count object.
Inline Layer (inline_layer) Inline Layer identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Layer (layer)
Service (service) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Service Negate (service_negate) True if negate is set for service.
Service Ranges (service_ranges) Displays the services and applications as ranges of port numbers, in case show-as-ranges is set to true.In this case, service and service-negate parameters are omitted.
Service Resource (service_resource) Resource of the service.
Source (source) Collection of Network objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Source Negate (source_negate) True if negate is set for source.
Source Ranges (source_ranges) Displays the source as ranges of IP addresses, in case show-as-ranges is set to true.In this case, source and source-negate parameters are omitted.
Tags (tags) Collection of tag objects identified by the name or UID
Time (time) List of time objects. For example: Weekend, Off-Work, Every-Day. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Track (track) Track Settings.
User Check (user_check) UserCheck settings.
VPN (vpn) VPN settings. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Add Access Rule method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Layer Layer that the rule belongs to identified by the name or UID.
Position Position in the rulebase.
Name Rule name.
Action Accept, Drop, Ask, Inform, Reject, User Auth, Client Auth, Apply Layer
Action Settings Action settings.
Content List of processed file types that this rule applies on.
Content Direction On which direction the file types processing is applied.
Content Negate True if negate is set for data.
Custom Fields Custom fields.
Destination Collection of Network objects identified by the name or UID.
Destination Negate True if negate is set for destination.
Enabled Enable/Disable the rule.
Inline Layer Inline Layer identified by the name or UID. Relevant only if Action was set to Apply Layer
Install On Which Gateways identified by the name or UID to install the policy on.
Service Collection of Network objects identified by the name or UID.
Service Negate True if negate is set for service.
Service Resource Resource of the service identified by the name or UID. When a service-resource exists, the service parameter should contains exactly one service element.
Source Collection of Network objects identified by the name or UID.
Source Negate True if negate is set for source.
Tags Collection of tag objects identified by the name or UID.
Time List of time objects. For example: Weekend, Off-Work, Every-Day.
Track Track Settings.
User Check UserCheck settings.
VPN Communities or Directional.
Comments Comments string.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
From (from) From which element number the query was done.
Object Dictionary (objects_dictionary) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Rulebase (rulebase)
To (to) To which element number the query was done.
Total (total) Total number of elements returned by the query.

Checkpoint Management API/Delete Access Rule method

Delete existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name.
UID Object unique identifier.
Rule Number (is required) Rule number.
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Message (message) Object name. Must be unique in the domain.

Checkpoint Management API/Add Access Section method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Position (is required) Position in the rulebase
Tags Collection of tag objects identified by the name or UID.
Name Object name. Must be unique in the domain.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.

Checkpoint Management API/Show Access Section method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Name REQUIRED
Name Object name. UID or Name REQUIRED
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Set Access Section method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Name REQUIRED
Name Object name. UID or Name REQUIRED
Layer (is required) Layer that the rule belongs to identified by the name or UID.
New name New name of the object.
Tags Collection of tag objects identified by the name or UID.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Domain (domain) Information about the domain that holds the Object.
Meta Info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available Actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Delete Access Section method

Delete existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Name REQUIRED
Name Object name. UID or Name REQUIRED
Layer (is required) Layer that the rule belongs to identified by the name or UID.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Add Access Layer method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name (is required) Object name. Must be unique in the domain.
Add default rule Indicates whether to include a cleanup rule in the new layer.
Applications and URL filtering Whether to enable Applications & URL Filtering blade on the layer.
Content Awareness Whether to enable Content Awareness blade on the layer.
Detect using x forward for Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
Firewall Whether to enable Firewall blade on the layer.
Implicit cleanup action The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile access Whether to enable Mobile Access blade on the layer.
Shared Whether this layer is shared.
Tags Collection of tag identifiers.
Color Color of the object. Should be one of existing colors.
Comments Comments string.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Show Access Layer method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application and URL filtering (applications_and_url_filtering) Whether Applications & URL Filtering blade is enabled on this layer.
Content Awareness (content_awareness) Whether Content Awareness blade is enabled on this layer.
Detect using x forward for (detect_using_x_forward_for) Whether X-Forward-For HTTP header is been used.
Firewall (firewall) Whether Firewall blade is enabled on this layer.
Implicit cleanup action (implicit_cleanup_action) The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile access (mobile_access) Whether Mobile Access blade is enabled on this layer.
Parent layer (parent_layer) Parent layer of this layer.
Shared (shared) Whether this layer is shared.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Message (message) Operation status.
Domain (domain) Information about the domain that holds the Object.
Icon (icon) Object icon.
Meta info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Set Access Layer method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Application and URL filtering Whether to enable Applications & URL Filtering blade on the layer.
Content Awareness Whether to enable Content Awareness blade on the layer.
Detect using x forward for Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
Firewall Whether to enable Firewall blade on the layer.
Implicit cleanup action The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile Access Whether to enable Mobile Access blade on the layer.
New Name New name of the object.
Shared Whether this layer is shared.
Tags Collection of tag identifiers.
Color Color of the object. Should be one of existing colors.
Comments The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Application and URL filtering (applications_and_url_filtering) Whether Applications & URL Filtering blade is enabled on this layer.
Content Awareness (content_awareness) Whether Content Awareness blade is enabled on this layer.
Detect using x forward for (detect_using_x_forward_for) Whether X-Forward-For HTTP header is been used.
Firewall (firewall) Whether Firewall blade is enabled on this layer.
Implicit cleanup action (implicit_cleanup_action) The default catch-all action for traffic that does not match any explicit or implied rules in the layer.
Mobile access (mobile_access) Whether Mobile Access blade is enabled on this layer.
Parent layer (parent_layer) Parent layer of this layer.
Shared (shared) Whether this layer is shared.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Color (color) Color of the object. Should be one of existing colors.
Comments (comments) Comments string.
Message (message) Operation status.
Domain (domain) Information about the domain that holds the Object.
Icon (icon) Object icon.
Meta info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Delete Access Layer method

Delete existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name Object name. Name or UID is REQUIRED!
UID Object unique identifier. Name or UID is REQUIRED!
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Message (message) Operation status.

Checkpoint Management API/Show Access Layers method

Retrieve all objects.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Filter Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The logical operators in the expression (AND, OR) should be provided in capital letters. The search involves both a IP search and a textual search in name, comment, tags etc.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
Ignore Errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Domain to process Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are: CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
Outputs Description
Access Layers (access_layers) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
From (from) From which element number the query was done.
To (to) Operation status.
Total (total) Total number of elements returned by the query.

Checkpoint Management API/Clone Access Layer method

Clone access layer using layer name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Name The name of the layer to be cloned.
UID The uid of the layer to be cloned.
New name The name of the cloned layer.
Outputs Description
Task ID (task_id) Asynchronous task unique identifier. Use show-task command to check the progress of the task.

Checkpoint Management API/Show Nat Rulebase method

Shows the entire NAT Rules layer. This layer is divided into sections. A NAT Rule may be within a section, or independent of a section (in which case it is said to be under the global section). There are two types of sections: auto generated read only sections and general sections which are created manually. The reply features a list of objects. Each object may be a section of the layer, within which its rules may be found, or a rule itself, for the case of rules which are under the global section. An optional filter field may be added in order to filter out only those rules that match a search criteria.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Package (is required) Name of the package
Filter Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical operators in the expression (AND, OR) should be provided in capital letters. If an operator is not used, the default OR operator applies.
Filter Settings Sets filter preferences.
Limit The maximal number of returned results.
Offset Number of the results to initially skip.
Order Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
Use Object Dictionary
Dereference Group Members Indicates whether to dereference members field by details level for every object in reply.
Show membership Indicates whether to calculate and show groups field for every object in reply.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
From (from) From which element number the query was done.
Objects Dictionary (objects_dictionary) Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Rulebase (rulebase)
To (to) To which element number the query was done.
Total (total) Total number of elements returned by the query

Checkpoint Management API/Add Nat Rule method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Package (is required) Name of the package.
Position (is required) Position in the rulebase.
Name Rule name.
Enabled Enable/Disable the rule.
Install on Which Gateways identified by the name or UID to install the policy on.
Method Nat method.
Original Destination Original destination.
Original Service Original service.
Original Source Original source.
Tags Collection of tag objects identified by the name or UID.
Translated Destination Translated destination.
Translated Service Translated service.
Translated Source Translated source.
Comments Comments string.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Auto generated (auto_generated)
Enabled (enabled) Enable/Disable the rule.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Method (method) Nat method.
Original destination (original_destination) Original destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original service (original_service) Original service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original source (original_source) Original source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Package (package)
Tags (tags) Collection of tag objects identified by the name or UID.
Translated destination (translated_destination) Translated destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated service (translated_service) Translated service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated source (translated_source) Translated source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Show Nat Rule method

Retrieve existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Rule number or Name is REQUIRED!
Rule number Rule number. UID or Rule number or Name is REQUIRED!
Name Rule name. UID or Rule number or Name is REQUIRED!
Package (is required) Name of the package.
Details Level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Auto generated (auto_generated)
Enabled (enabled) Enable/Disable the rule.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Method (method) Nat method.
Original destination (original_destination) Original destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original service (original_service) Original service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original source (original_source) Original source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Package (package)
Tags (tags) Collection of tag objects identified by the name or UID.
Translated destination (translated_destination) Translated destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated service (translated_service) Translated service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated source (translated_source) Translated source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Set Nat Rule method

Edit existing object using object name or uid.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
UID Object unique identifier. UID or Rule number or Name is REQUIRED!
Rule number Rule number. UID or Rule number or Name is REQUIRED!
Name Rule name. UID or Rule number or Name is REQUIRED!
Package (is required) Name of the package.
Enabled Enable/Disable the rule.
Install on Which Gateways identified by the name or UID to install the policy on.
Method Nat method.
New name New name of the object.
New position New position in the rulebase.
Original destination Original destination.
Original service Original service.
Original source The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Tags The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Translated destination The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Translated service The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Translated source The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Comments The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore warnings The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore errors The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Auto generated (auto_generated)
Enabled (enabled) Enable/Disable the rule.
Install on (install_on) Which gateway, identified by the name or UID, to install the policy. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Method (method) Nat method.
Original destination (original_destination) Original destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original service (original_service) Original service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Original source (original_source) Original source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Package (package)
Tags (tags) Collection of tag objects identified by the name or UID.
Translated destination (translated_destination) Translated destination. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated service (translated_service) Translated service. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Translated source (translated_source) Translated source. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Comments (comments) Comments string.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Available actions (available_actions) Actions that are available on the object.

Checkpoint Management API/Add Nat Section method

Create new object.

Inputs Description
Session Unique Identifier (is required) Session unique identifier as it returned by the login request
Server (is required) Server Address
Package (is required) Name of the package.
Position (is required) Position in the rulebase.
Name Object name. Must be unique in the domain.
Tags Collection of tag objects identified by the name or UID.
Details level The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
Ignore Warnings Apply changes ignoring warnings.
Ignore errors Apply changes ignoring errors. You wont be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
Outputs Description
Name (name) Object name. Must be unique in the domain.
UID (uid) Object unique identifier.
Type (type) Object type.
Tags (tags) Collection of tag objects identified by the name or UID. Level of details in the output corresponds to the number of details for search. This table shows the level of details in the Standard level.
Domain (domain) Information about the domain that holds the Object.
Meta info (meta_info) Object metadata.
Read only (read_only) Indicates whether the object is read-only.
Available actions (available_actions) Actions that are available on the object.

Cymon

Cymon/Username and Password Authentication for JWT Generation method

Authenticate with username and password to get a JSON Web Token.

Inputs Description
Username (is required) The Username which is used to create JSON Web Token
Password (is required) The Password which is used to create JSON Web Token
Outputs Description
JWT(jwt) JSON Web Token
Message(message) Success message

Cymon/Search by IP Address method

Search threat reports by IP address (IPv4 and IPv6).

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
IP (is required) The query value (IP) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total(total) Total number of objects in database for query
From(from) The query offset value
Size(size) The query limit value for how many objects to return
Hits(hits) The threat reports searched by IP address

Cymon/Search by Domain method

Search threat reports by domain name.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Domain (is required) The query value (domain) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by Hostname method

Search threat reports by hostname.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Hostname (is required) The query value (hostname) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/MD5 Hash Threat Reports Search method

Search threat reports by MD5 hash.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
MD5 (is required) The query value (MD5) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by SHA1 Hash method

Search threat reports by SHA1 hash.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
SHA1 (is required) The query value (sha1) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by SHA256 Hash method

Search threat reports by SHA256 hash.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
SHA256 (is required) The query value(SHA256) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
From (from) The query offset value
Total (total) Total number of objects in database for query
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by Term method

Search threat reports by a term.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Term (is required) The query value(term) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Search by Feed ID method

Get threat reports in a feed.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) The query value(Feed ID) to search for
Start Date The start date for searching
End Date The end date for searching
From The offset to use for pagination
Size The limit to use for pagination
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Hits (hits) The threat reports searched by IP address

Cymon/Paginated Feeds List method

Get paginated list of feeds.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
From The offset to use for pagination
Privacy Return list of private or public feeds
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Feeds (feeds) A list of searched feeds

Cymon/Feed Details method

Get feed object.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) ID of the Feed
Outputs Description
ID (id) Feed ID
Name (name) Feed name
Slug (slug) URL-friendly slug
Description (description) Feed description tex
Tags (tags) List of tags to categorize and help others find this feed
Link (link) URL for blog or website where users can learn more about this feed
TOS (tos) Terms of Use for this feed
Privacy (privacy) Can be set to either private or public (default)
Is Owner (is_owner) Boolean indicating if current user owns this feed
Is Admin (is_admin) Boolean indicating if current user can administer this feed
Is Member (is_member) Boolean indicating if current user can contribute to this fee
Is guest (is_guest) Boolean indicating if current user can read from this feed

Cymon/Paginated User Feeds List method

Get paginated list of feeds that user has access to.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Outputs Description
Total (total) Total number of objects in database for query
From (from) The query offset value
Size (size) The query limit value for how many objects to return
Feeds (feeds) A list of searched feeds

Cymon/Threat Report Retrieval from Feed method

Get threat report from feed.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) ID of the Feed
Report ID (is required) ID of the report
Outputs Description
Feed (feed) Feed details
Report (report) The reports from feed

Cymon/Feed Creation method

Create a new feed for threat reports.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Name (is required) Feed name
Link (is required) URL for blog or website where users can learn more about this feed
Terms of Use Terms of Use for this feed
Logo URL for small thumbnail for this feed (must be hosted on imgur CDN)
Privacy (is required) Can be set to either private or public (default)
Tags List of tags to categorize and help others find this feed
Outputs Description
Message (message) Success message
Feed (feed) Feed details

Cymon/Feed Details Update method

Update details of an existing feed.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID (is required) The ID of the Feed which will be updated
Link URL for blog or website where users can learn more about this feed
Terms of Use Terms of Use for this feed
Logo URL for small thumbnail for this feed (must be hosted on imgur CDN)
Privacy Can be set to either private or public (default)
Tags List of tags to categorize and help others find this feed
Admins List of usernames that have update, post, and read permissions to this feed
Members List of usernames that have post and read permissions to this feed
Guests List of usernames that have read permission to this feed
Outputs Description
Message (message) Success message
Feed (feed) Feed details

Cymon/Threat Report Upload method

Upload a threat report with observables.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Feed ID The Feed ID to post this report in
Title Short report title
Description Long technical description
Tags List of tags to categorize and help others find this report
Timestamp An ISO8601 date string for when this IoC was observed
IP IPv4 or IPv6
URL Malicious URL indicator
Hostname Domain with all subdomains
Domain Root domain
MD5 MD5 hash of a malicious binary
SHA1 SHA1 hash of a malicious binary
SHA256 SHA256 hash of a malicious binary
SSDEEP SSDEEP hash of a malicious binary
Outputs Description
Message (message) Success message.
Report (report) Details about submitted report

Cymon/Bulk Threat Report Upload method

Upload multiple threat reports in one request.

Inputs Description
JWT (is required) The JSON Web Token which was created previously (in Login)
Body (is required) The body of this method
Outputs Description
Message(message) Success message
Reports(reports) Details of submitted reports

DShield

DShield/IP Address Information Summary method

Returns a summary of the information our database holds for a particular IP address.

Inputs Description
IP (is required) The IP that is being searched
Outputs Description
IP Results(ip) The results of the API call

DShield/Open Threat Feeds Retrieval method

The DShield server is the source of retrieval for open threat feeds.

Outputs Description
values(values) The results of the API call

Feodo Tracker

FeodoTracker/IP Blocklist Retrieval method

Get IP Blocklist.

Outputs Description
values(values) The results of the API call

FeodoTracker/IoC Retrieval method

Get Indicators of Compromise(IOC).

Outputs Description
values(values) The results of the API call

FeodoTracker/IoC Retrieval Comprehensive method

Feodo Tracker provides a comprehensive list of botnet C2s ever detected. However, due to IP address recycling, there is a higher risk of false positives in this dataset.

Outputs Description
values(values) The results of the API call

GeoIP

GeoIP/Country Informations method

Receives information about the country of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
Continent Details(continent) A JSON object containing information about the continent associated with the IP address.
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/City Informations method

Receives information about the city of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
City Details(city) A JSON object containing details about the city associated with the IP address
Continent Details(continent) A JSON object containing information about the continent associated with the IP address.
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Location Details(location) A JSON object containing specific details about the location associated with the IP address
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Postal Details(postal) A JSON object containing details about the postal code associated with the IP address
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Subdivisions Details(subdivisions) An array of JSON objects. Each of these objects contains details about a subdivision of the country in which the IP address resides. Subdivisions are arranged from largest to smallest.
For instance, the response for Oxford in the United Kingdom would have an object for England as the first element in subdivisions array and an object for Oxfordshire as the second element. The subdivisions array for Minneapolis in the United States will have a single object for Minnesota.
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/Insights method

Receives information about the insights of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
City Details(city) A JSON object containing details about the city associated with the IP address
Continent Details(continent) A JSON object containing information about the continent associated with the IP address
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Location Details(location) A JSON object containing specific details about the location associated with the IP address
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Postal Details(postal) A JSON object containing details about the postal code associated with the IP address
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Subdivisions Details(subdivisions) An array of JSON objects. Each of these objects contains details about a subdivision of the country in which the IP address resides. Subdivisions are arranged from largest to smallest.
For instance, the response for Oxford in the United Kingdom would have an object for England as the first element in subdivisions array and an object for Oxfordshire as the second element. The subdivisions array for Minneapolis in the United States will have a single object for Minnesota.
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/Country Informations Lite method

Receives information about the country of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
Continent Details(continent) A JSON object containing information about the continent associated with the IP address
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Traits Details(traits) A JSON object containing general traits associated with the IP address

GeoIP/City Informations Lite method

Receives information about the city of the entered IP.

Inputs Description
Username (is required) To use this API you must have an account on Maxmind
Password (is required) To use this API you must have an account on Maxmind
IP (is required) The investigated IP
Outputs Description
City Details(city) A JSON object containing details about the city associated with the IP address
Continent Details(continent) A JSON object containing information about the continent associated with the IP address
Country Details(country) A JSON object containing details about the country where MaxMind believes the end user is located
Location Details(location) A JSON object containing specific details about the location associated with the IP address
Maxmind Details(maxmind) A JSON object containing information related to your MaxMind account
Postal Details(postal) A JSON object containing details about the postal code associated with the IP address
Registered Country Details(registered_country) A JSON object containing details about the country in which the ISP has registered the IP address
Subdivisions Details(subdivisions) An array of JSON objects. Each of these objects contains details about a subdivision of the country in which the IP address resides. Subdivisions are arranged from largest to smallest.
For instance, the response for Oxford in the United Kingdom would have an object for England as the first element in subdivisions array and an object for Oxfordshire as the second element. The subdivisions array for Minneapolis in the United States will have a single object for Minnesota.
Traits Details(traits) A JSON object containing general traits associated with the IP address

Github

Github/Create Organization Repository method

Creates a new repository in the specified organization. The authenticated user must be a member of the organization.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Organisation (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Name (is required) The name of the repository
Description A short description of the repository
Homepage The organization name. The name is not case sensitive.
Private Whether the repository is private
Has Issues Either true to enable issues for this repository or false to disable them
Has projects Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Wiki Either true to enable the wiki for this repository or false to disable it
Has Downloads Whether downloads are enabled
Is template Either true to make this repo available as a template repository or false to prevent it
Team ID The id of the team that will be granted access to this repository. This is only valid when creating a repository in an organization
Auto init Pass true to create an initial commit with empty README
Gitignore Template Desired language or platform .gitignore template to apply
License Template Choose an open source license template that best suits your needs
Allow Squash Merge Either true to allow squash-merging pull requests, or false to prevent squash-merging
Allow Merge Commit Either true to allow merging pull requests with a merge commit, or false to prevent merging pull requests with merge commits
Allow Rebase Merge Either true to allow rebase-merging pull requests, or false to prevent rebase-merging
Allow Auto Merge Either true to allow auto-merge on pull requests, or false to disallow auto-merge
Delete Branch on Merge Either true to allow automatically deleting head branches when pull requests are merged, or false to prevent automatic deletion. The authenticated user must be an organization owner to set this property to true
Use Squash Title as Default Either true to allow squash-merge commits to use pull request title, or false to use commit message. **This property has been deprecated. Please use squash_merge_commit_title instead.
Squash Merge Commit Title The default value for a squash merge commit title:PR_TITLE - default to the pull requests title.COMMIT_OR_PR_TITLE - default to the commits title (if only one commit) or the pull requests title (when more than one commit)
Squash Merge Commit Message The default value for a squash merge commit message:PR_BODY - default to the pull requests body.COMMIT_MESSAGES - default to the branchs commit messages.BLANK - default to a blank commit messagE
Merge Commit Title The default value for a merge commit title.PR_TITLE - default to the pull requests title.MERGE_MESSAGE - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name
Merge Commit Message The default value for a merge commit message.PR_TITLE - default to the pull requests title.PR_BODY - default to the pull requests body.BLANK - default to a blank commit messagE
Outputs Description
Name(name) The name of the organization repository
Full Name(full_name) The full name of the organization repository
Private(private) True if the repository is private, otherwise is false
Owner Login Name(owner_login) The owner login name
Visibility(visibility) The visibility of the repository ( public or private)
Default Branch(default_branch) The name of the default branch
Organization Login Name(organization_login) The organization login name

Github/Create Repository Using Template method

Creates a new repository using a repository template.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Template Owner (is required) The account owner of the template
Template Repo (is required) The name of the repository without the .git extension
Name (is required) The name of the repository
Private Either true to create a new private repository or false to create a new public one
Owner The organization or person who will own the new repository. To create a new repository in an organization, the authenticated user must be a member of the specified organization
Description A short description of the new repository
Include all Branches The name of the new repository
Outputs Description
Name(name) The name of repository template
Full Name(full_name) The full name of repository template
Private(private) True if the repository is private, otherwise is false
Description(description) The description of the templetate repository
Visibility(visibility) The visibility of the repository ( public or private)
Default Branch(default_branch) The name of the default branch
Organization Login Name(organization_login) The organization login name
Has Issues(has_issues) Either true to enable issues for this repository or false to disable them
Has Projects(has_projects) Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Downloads(has_downloads) Whether downloads are enabled
Has Wiki(has_wiki) Either true to enable the wiki for this repository or false to disable it
Has Pages(has_pages) True if the repository has pages, otherwise false
Has Discussions(has_discussions) True if the repository has discussions
Allow Forking(allow_forking) True if the repository allows forking

Github/List Repositories for a User method

Lists public repositories for the specified user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Username (is required) The handle for the GitHub user account
Type Limit results to repositories of the specified type
Sort The property to sort the results by
Direction The order to sort by. Default: asc when using full_name, otherwise desc.
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/List Repositories Authenticated User method

Lists repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Type Limit results to repositories of the specified type
Sort The property to sort the results by
Direction The order to sort by. Default: asc when using full_name, otherwise desc.
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Visibility Limit results to repositories with the specified visibility
Affiliation Comma-separated list of values. Can include:owner: Repositories that are owned by the authenticated user.collaborator: Repositories that the user has been added to as a collaborator.organization_member: Repositories that the user has access to through being a member of an organization. This includes every repository on every team that the user is on
Since Only show repositories updated after the given time
Before Only show repositories updated before the given time
Outputs Description
values(values) The results of the API call

Github/Update Repository method

Update he repository given by user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Name The name of the repository
Organisation The organization name. The name is not case sensitive
Description A short description of the repository
Homepage The organization name. The name is not case sensitive
Private Whether the repository is private
Has Issues Either true to enable issues for this repository or false to disable them
Has projects Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Wiki Either true to enable the wiki for this repository or false to disable it
Has Downloads Whether downloads are enabled
Is template Either true to make this repo available as a template repository or false to prevent it.
Team ID The id of the team that will be granted access to this repository. This is only valid when creating a repository in an organization
Auto init Pass true to create an initial commit with empty README
Gitignore Template Desired language or platform .gitignore template to apply
License Template Choose an open source license template that best suits your needs
Allow Squash Merge Either true to allow squash-merging pull requests, or false to prevent squash-merging
Allow Merge Commit Either true to allow merging pull requests with a merge commit, or false to prevent merging pull requests with merge commits
Allow Rebase Merge Either true to allow rebase-merging pull requests, or false to prevent rebase-merging
Allow Auto Merge Either true to allow auto-merge on pull requests, or false to disallow auto-merge
Delete Branch on Merge Either true to allow automatically deleting head branches when pull requests are merged, or false to prevent automatic deletion. The authenticated user must be an organization owner to set this property to true
Use Squash Title as Default Either true to allow squash-merge commits to use pull request title, or false to use commit message. **This property has been deprecated. Please use squash_merge_commit_title instead
Squash Merge Commit Title The default value for a squash merge commit title:PR_TITLE - default to the pull requests title.COMMIT_OR_PR_TITLE - default to the commits title (if only one commit) or the pull requests title (when more than one commit)
Squash Merge Commit Message The default value for a squash merge commit message:PR_BODY - default to the pull requests body.COMMIT_MESSAGES - default to the branchs commit messages.BLANK - default to a blank commit message
Merge Commit Title The default value for a merge commit title.PR_TITLE - default to the pull requests title.MERGE_MESSAGE - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name)
Merge Commit Message The default value for a merge commit message.PR_TITLE - default to the pull requests title.PR_BODY - default to the pull requests body.BLANK - default to a blank commit message
Archived Whether to archive this repository. false will unarchive a previously archived repository
Web Commit Sign off Either true to require contributors to sign off on web-based commits, or false to not require contributors to sign off on web-based commits
Outputs Description
Name(name) The name of the repository
Full Name(full_name) The full name of repository
Private(private) Whether the repository is private
Owner Login Name(owner.login) The account owner of the repository
Description(description) A short description of the repository
Has Issues(has_issues) Either true to enable issues for this repository or false to disable them
Has Projects(has_projects) Either true to enable projects for this repository or false to disable them. Note: If youre creating a repository in an organization that has disabled repository projects, the default is false, and if you pass true, the API returns an error
Has Wiki(has_wiki) Either true to enable the wiki for this repository or false to disable it
has_discussions(has_discussions) True if the repository has discussions
Allow Forking(allow_forking) True if the repository allows forking
Visibility(visibility) The visibility of the repository ( public or private)
Created at(created_at) The timestamp when the update of the repository was initialised
Updated at(updated_at) The timestamp when the update of the repository was updated
Pushed at(pushed_at) The timestamp when the update of the repository was pushed

Github/Delete Repository method

Delete the repository given by user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension

Github/Create Fork method

Create a fork for the authenticated user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Organization (is required) Parameter to specify the organization name if forking into an organization
Name (is required) When forking from an existing repository, a new name for the fork
Default Branch Only (is required) When forking from an existing repository, fork with only the default branch
Outputs Description
Name(name) The name of the fork
Full Name(full_name) The full name of the fork
Owner Login Name(owner_login) The login name of the owner of the fork
Number of Forks(size) The number of the forks created
Organization Login(organization_login) The login name of the organization
Parent Full Name(parent_full_name) The full name of the fork parent
Parent Owner Login(parent_owner_login) The owner login name of the fork parent
Source Name(source_name) The source name of the fork
Source Full Name(source_full_name) The source full name of the fork
Source Owner Login(source_owner_login) Source owner login name of the fork

Github/List Forks method

List Forks for a repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Sort The sort order. stargazers will sort by star count
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/Add Repository Collaborator method

Add a external colaborator to the repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Username (is required) The handle for the GitHub user account.
Permission (is required) The permission to grant the collaborator
Outputs Description
Repository Full Name(repository.full_name) The full name of the repository
Repository Owner Login(repository.owner.login) The login name of the owner of the repository
Repository Invitee Login Name(repository.invitee.login) The login name of the invitee
Repository Inviter Login Name(repository.inviter.login) The login name of the inviter

Github/List Repository Collaborators method

This applies to organization-owned repositories. Collaborators encompass outside collaborators, direct/indirect organization members, and owners. Members with certain privileges can employ this endpoint.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Affiliation Filter collaborators returned by their affiliation
Permission Filter collaborators by the permissions they have on the repository. If not specified, all collaborators will be returned
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Get a Branch method

Returns a branch selected by the user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Branch (is required) Filter collaborators returned by their affiliation
Outputs Description
Name of Branch(name) The name of the branch
Author Name(author_name) The author of the branch
Author Email(author_email) The email of the author
Author Date(author_date) The timestamp when the branch was created
Committer Name(committer_name) The name of the commiter
Committer Email(committer_email) The committer email
Committer Login(login) The committer login name
Committer Type(type) The committer type
Commit Parents(parents) The parent of the branch
Protected(protected) True if the branch is protected

Github/List Branches method

List branches for the selected repository and user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Protected Setting to true returns only protected branches. When set to false, only unprotected branches are returned. Omitting this parameter returns all branches
Outputs Description
values(values) The result of the API call

Github/Rename Branch method

Rename a branch, selected by the user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Branch Name (is required) The name of the repository without the .git extension
New Branch Name (is required) The new name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
Name(name) The new name of the branch
Commit Author Name(author_name) The author name of the rename
Commit Author Email(author_email) The author mail
Commit Author Date(author_date) The timestamp when the author executed the operation
Committer Name(committer_name) The name of the committer
Committer Email(committer_email) The email of the committer
Committer Date(committer_date) The timestamp when the commiter did actions
Login Author Name(author_login) The name of login of author

Github/Merge Branch method

Merge selected branch.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Base (is required) The name of the base branch that the head will be merged into
Head (is required) The head to merge. This can be a branch name or a commit SHA1
Commit Message Commit message to use for the merge commit. If omitted, a default message will be used
Outputs Description
Commit Author Name(author_name) The author name of the rename
Commit Author Email(author_email) The author mail
Commit Author Date(author_date) The timestamp when the author executed the operation
Committer Name(committer_name) The name of the committer
Committer Email(committer_email) The email of the committer
Committer Date(committer_date) The timestamp when the commiter did actions
Commit Message(commit_message) Commit message added by the user
Commit Author Login Name(author_login) The name of login of author

Github/Sync Fork Branch method

Sync a branch of a forked repository to keep it up-to-date with the upstream repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Branch (is required) The name of the branch which should be updated to match upstream
Outputs Description
Message(message) The message with details about sync process
Merge Type(merge_type) The type of the merge
Base Branch(base_branch) The name of the base branch

Github/Create Pull Request method

Creation of a Pull Request.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Head (is required) The name of the branch where your changes are implemented
Base (is required) The name of the branch you want the changes pulled into. This should be an existing branch on the current repository. You cannot submit a pull request to one repository that requests a merge to a base of another repository
Title The title of the new pull request. Required unless issue is specified
Body The contents of the pull request
Head Repo The name of the repository where the changes in the pull request were made. This field is required for cross-repository pull requests if both repositories are owned by the same organization.
Draft Indicates whether the pull request is a draft
Issue An issue in the repository to convert to a pull request. The issue title, body, and comments will become the title, body, and comments on the new pull request. Required unless title is specified
Maintainer can modify Indicates whether maintainers can modify the pull request
Outputs Description
ID(id) The ID of the pull request
Number(number) The number of the pull request
State(state) The state of request
Locked(locked) True if the pull requests are false, otherwise false
User Login(user_login) The user login name
Body(body) The content of the pull reuquest
Created at(created_at) The timestamp when the pull request was created
Updated at(updated_at) The timestamp when the pull request was updated
Closed at(closed_at) The timestamp when the pull request was closed
Merged at(merged_at) The timestamp when the merged was accomplished
Head Name(head_label) The head name of the dead
User Login Name(label_user_login) The user login name
Repo Full Name(repo_full_name) The full name of the repository
Is repo private(repo_private) True if the repository is private, otherwise is false
Repo Owner Login Name(repo_owner_login) The login name of the repository owner

Github/List Pull Requests method

List all pull requests for the repo provided by the user.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
State Either open, closed, or all to filter by state
Head Filter pulls by head user or head organization and branch name in the format of user:ref-name or organization:ref-name
Base Filter pulls by base branch name
Sort What to sort results by
Direction The direction of the sort
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/Merge a Pull Requests method

Merges a pull request into the base branch.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Pull number (is required) The number that identifies the pull request
Commit Title Title for the automatic commit message
Commit Message Extra detail to append to automatic commit message
SHA SHA that pull request head must match to allow merge
Merge Method The merge method to use
Outputs Description
SHA(sha) The SHA of the action
Merged(merged) True if the merged was accomplished, otherwise false
Message(message) The message with details about merge process

Github/Create Review Pull Request method

Create a review for a pull request.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Pull number (is required) The number that identifies the pull request
Commit ID The SHA of the commit needing a comment. Not using the latest commit SHA may render your comment outdated if a subsequent commit modifies the line you specify as the position
Body The relative path to the file that necessitates a comment
Event The number that identifies the pull request
Comments The number that identifies the pull request
Outputs Description
User Login Name(user_login) The user login name
Body(body) The description the release
State(state) Either open, closed, or all to filter by state.

Github/Create Issue method

Any user with pull access to a repository can create an issue. If issues are disabled in the repository, the API returns a 410 Gone status.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Title (is required) The title of the issue
Body (is required) The contents of the issue
Assignee Login for the user that this issue should be assigned to
Milestone The number of the milestone to associate this issue with
Labels Labels to associate with this issue
Assignees Logins for Users to assign to this issue.
Outputs Description
Number of Issues(number) The number of the issues
Tile(title) The title of the issues
User Login Name(user.login) The login name of the user
Labels(labels) Labels to associate with this issue. Pass one or more labels to replace the set of labels on this issue. Send an empty array ([]) to clear all labels from the issue. Only users with push access can set labels for issues. Without push access to the repository, label changes are silently dropped
Assignee(assignee) Can be the name of a user. Pass in none for issues with no assigned user, and * for issues assigned to any user
Assignees(assignees) Usernames to assign to this issue. Pass one or more user logins to replace the set of assignees on this issue. Send an empty array ([]) to clear all assignees from the issue. Only users with push access can set assignees for new issues. Without push access to the repository, assignee changes are silently dropped
Milestone(milestone) The number of the milestone to associate this issue with or use null to remove the current milestone. Only users with push access can set the milestone for issues. Without push access to the repository, milestone changes are silently dropped
Created at(created_at) The timestamp when the issue was created
Updated at(updated_at) The timestamp when the issue was updated
Body(body) The contents of the issue
Closed By(closed_by) The name of the person who resolved/closed the issue

Github/List Repository Issue method

List issues in a repository. Only open issues will be listed.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Milestone If an integer is passed, it should refer to a milestone by its number field. If the string * is passed, issues with any milestone are accepted. If the string none is passed, issues without milestones are returned
State Indicates the state of the issues to return
Assignee Can be the name of a user. Pass in none for issues with no assigned user, and * for issues assigned to any user
Creator The user that created the issue
Mentioned A user thats mentioned in the issue
Labels A list of comma separated label names
Sort What to sort results by
Direction The direction to sort the results by
Since Only show results that were last updated after the given time
Per Page The number of results per page
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Update an Issue method

Issue owners and users with push access can edit an issue.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Issue Number (is required) The number that identifies the issue.
Title The title of the issue
Body The contents of the issue
State The open or closed state of the issue
State Reason The reason for the state change. Ignored unless state is changed
Milestone The number of the milestone to associate this issue with or use null to remove the current milestone. Only users with push access can set the milestone for issues. Without push access to the repository, milestone changes are silently dropped
Labels Labels to associate with this issue. Pass one or more labels to replace the set of labels on this issue. Send an empty array ([]) to clear all labels from the issue. Only users with push access can set labels for issues. Without push access to the repository, label changes are silently dropped
Assignees Usernames to assign to this issue. Pass one or more user logins to replace the set of assignees on this issue. Send an empty array ([]) to clear all assignees from the issue. Only users with push access can set assignees for new issues. Without push access to the repository, assignee changes are silently dropped
Outputs Description
Number(number) The number of the issues
Title(title) The title of the issue
User Login(user.login) The login name of the user
Labels(labels) Labels to associate with this issue. Pass one or more labels to replace the set of labels on this issue. Send an empty array ([]) to clear all labels from the issue. Only users with push access can set labels for issues. Without push access to the repository, label changes are silently dropped
State(state) The open or closed state of the issue
Assignee(assignee) Can be the name of a user. Pass in none for issues with no assigned user, and * for issues assigned to any user
Assignees(assignees) Usernames to assign to this issue. Pass one or more user logins to replace the set of assignees on this issue. Send an empty array ([]) to clear all assignees from the issue. Only users with push access can set assignees for new issues. Without push access to the repository, assignee changes are silently dropped
Milestone(milestone) The number of the milestone to associate this issue with or use null to remove the current milestone. Only users with push access can set the milestone for issues. Without push access to the repository, milestone changes are silently dropped
Created at(created_at) The timestamp when the issue was created
Updated at(updated_at) The timestamp when the issue was updated
Closed at(closed_at) The timestamp when repository was created
Body(Body) The contents of the issue
Closed By(closed_by) The name of the person who resolved/closed the issue

Github/Create Issue Comment method

You can use the REST API to create comments on issues and pull requests. Every pull request is an issue, but not every issue is a pull request.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Issue Number (is required) The number that identifies the issue.
Body (is required) The contents of the comment
Outputs Description
User Login Name(user.login) The login name of the user
Created at(created_at) The timestamp when the issue comment was created
Updated at(updated_at) The timestamp when the issue comment was updated
Body(Body) The contents of the issue comment
User(user) User details
Reactions(reactions) A list with reactions of different users for the comment

Github/Create Release method

Users with push access to the repository can create a release.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Tag Name (is required) The name of the tag
Target Commitish Specifies the commitish value that determines where the Git tag is created from. Can be any branch or commit SHA. Unused if the Git tag already exists. Default: the repositorys default branch
Name The name of the release
Body The name of the tag
Draft True to create a draft (unpublished) release, false to create a published one.
Prerelease True to identify the release as a prerelease. false to identify the release as a full release.
Generate Release Notes Whether to automatically generate the name and body for this release. If name is specified, the specified name will be used; otherwise, a name will be automatically generated. If body is specified, the body will be pre-pended to the automatically generated notes
Discussion Category Name If specified, a discussion of the specified category is created and linked to the release. The value must be a category that already exists in the repository
Make Latest Specifies whether this release should be set as the latest release for the repository
Outputs Description
Author Login Name(author.login) The login name of the author
Tag Name(tag_name) The version of the release
Target Commitish(target_commitish) The name of the branch which is used for release
Release Name(name) The name of the release
Draft(draft) True if the release is draft, otherwise false
Prerelease(prerelease) True if it is prerelease, otherwise false
Created At(created_at) The timestamp when the release was created
Published At(published_at) The timestamp when the release was published
Body(body) The description the release

Github/List Releases method

This returns a list of releases, which does not include regular Git tags that have not been associated with a release.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The results of the API call

Github/List Stargazers method

Lists the people that have starred the repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Star Repository by Authenticated User method

Lists repositories the authenticated user has starred.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension

Github/List Watchers method

Lists the people watching the specified repository.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Per Page The number of results per page (max 100)
Page Page number of the results to fetch
Outputs Description
values(values) The result of the API call

Github/Set Repository Subscription method

If you would like to watch a repository, set subscribed to true.

Inputs Description
Token (is required) To use the Github API, you must have an API key
Github API Version (is required) This parameter it is used to specify the version of the GitHub API being utilized
Owner (is required) The account owner of the repository
Repository (is required) The name of the repository without the .git extension
Subscribed (is required) The number of results per page (max 100)
Ignored (is required) Page number of the results to fetch
Outputs Description
Subscribed(subscribed) Determines if notifications should be received from this repository
Ignored(ignored) Determines if all notifications should be blocked from this repository
Reason(reason) Description about why the action was taken
Created at(created_at) The timestamp when you subscribed to a repository

GreyNoise

GreyNoise/CommunityAPI method

The Community API provides community users with a free tool to query IPs in the GreyNoise dataset and retrieve a subset of the full IP context data returned by the IP Lookup API.

Inputs Description
Token (is required) To use GreyNoise API you need to have a API Key
IP (is required) IP address to query
Outputs Description
IP(ip) The investigated IP
Noise(noise) If true, this IP has been observed scanning the internet
Riot(riot) If true, this IP was found in the RIOT project dataset
Classification(classification) The GreyNoise classification for this IP (e.g., “malicious”)
Name(name) Name of the Organization that owns the IP
Link(link) A link to the GreyNoise Visualizer for that IP
Last seen(last_seen) The last date the IP was observed by GreyNoise
Message(message) The status of the API call

HoneyDB

HoneyDB/Bad Hosts method

Retrieve a list of bad hosts from HoneyDB.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs.The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Bad Hosts Filtered method

Returns the data provided by the user to HoneyDB and enables you to download bad-host data generated by the sensors you operate.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Bad Hosts by Service method

Retrieve bad hosts by service name.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Service (is required) Provide the service name
Outputs Description
values(values) The results of the API call

HoneyDB/Bad Hosts by Service Filtered method

Returns bad hosts by service name provided by the user to HoneyDB and enables you to download bad-host data, by service name, generated by the sensors you operate.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Service (is required) Provide the service name
Outputs Description
values(values) The results of the API call

HoneyDB/IP Address History method

IP (bad host) history is a summary of all interaction activity for a certain IP address recorded by the HoneyDB network.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
values(values) The results of the API call

HoneyDB/Sensor Event Data Count method

If you have sensors that log data to HoneyDB, you can use this API to get a count of sensor event data collected for a specified date.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Sensor Data Date (is required) The date on which to count events. Format: YYYY-MM-DD
Outputs Description
values(values) The results of the API call

HoneyDB/Sensor Event Data Date method

If you have sensors that log data to HoneyDB, you may use this endpoint to get all sensor event data collected for a specified date.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Sensor Data Date (is required) The date on which to count events. Format: YYYY-MM-DD
From ID The id used as a starting point to retrieve the next 1000 results
Outputs Description
values(values) The results of the API call

HoneyDB/Sensor Event Data Date Filtered method

If you have sensors that log data to HoneyDB, you may use this endpoint to get all your sensor event data collected for a specified date.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Sensor Data Date (is required) The date on which to count events. Format: YYYY-MM-DD
From ID The id used as a starting point to retrieve the next 1000 results
Outputs Description
values(values) The results of the API call

HoneyDB/Services method

Returns services which are the network protocols emulated by honeypot sensors.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Tor IP Address Information method

Returns true or false to indicate if the IP address provided is a Tor exit node.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
values(values) The results of the API call

HoneyDB/Stats method

Returns services which are the network protocols emulated by honeypot sensors.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Year The year published. Format: YYYY
Month The month published. Format: MM

HoneyDB/Stats ASN method

Return a list of Average Sample Number.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
raw(raw) The results of the API call

HoneyDB/Twitter Threat Feed method

The Twitter threat feed includes a list of problematic hosts that have connected or attempted to connect to other honeypots on the Internet (including honeypots that do not submit data directly to HoneyDB).

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Twitter Threat Feed by Host method

Twitter threat feed data filtered by host (IP address).

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
values(values) The results of the API call

HoneyDB/Agent Sensor Nodes method

Honeydb-agent sensors are deployed on nodes. This endpoint delivers all nodes viewed within the last three days.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Agent Sensor Nodes with user information method

Honeydb-agent sensors are deployed on nodes. This endpoint delivers all nodes viewed within the last three days. Informations provided by the user.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
values(values) The results of the API call

HoneyDB/Payload History on year/month method

IP (bad host) history (month with year) is a list of all interactions recorded by the HoneyDB network for a specific IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Year (is required) The year from which you want to receive results
Month (is required) The month from which you want to receive results
Outputs Description
values(values) The results of the API call

HoneyDB/Payload History Hash method

IP (bad host) history (hash) is a list of all interactions recorded by the HoneyDB network for a specific IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Hash (is required) Payload hash (unique identifier)
Outputs Description
values(values) The results of the API call

HoneyDB/Internet Scanner method

Returns true or false depending on if the provided IP address is part of a known Internet scanning service.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Internet Scanner(internet_scanner) True if the investigated IP is part of a known Internet scanning service, otherwise false

HoneyDB/Internet Scanner Information method

Returns true or false to indicate if the IP provided is part of a known Internet scanning service as well as additional information about the scanning entity.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Internet Scanner(internet_scanner) True if the investigated IP is part of a known Internet scanning service, otherwise false

HoneyDB/IP Address Information method

Returns true or false to show whether the provided IP address is on a known IP list.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is Bogon(is_bogon) True if the investigated IP is Bogon, otherwise false
Is TOR(is_tor) True if the investigated IP is TOR, otherwise false
Is Threat(is_threat) True if the investigated IP is a Threat, otherwise false
Is SANS IP(threat_lists.is_sansip) True if the investigated IP is from SANS, otherwise false
Is Ciarmy(threat_lists.is_ciarmy) True if the investigated IP is from Ciarmy, otherwise false
Is ET Compromised(threat_lists.is_et_compromised) True if the investigated IP is from ET Compromised, otherwise false
Is Project Honeypot(threat_lists.is_project_honeypot) True if the investigated IP is part of a Honeypot Project, otherwise false

HoneyDB/Bogon IP Address Information method

Returns true or false to indicate if the IP provided is bogon IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is Bogon(is_bogon) True if the investigated IP is Bogon, otherwise false

HoneyDB/SANS IP Address Information method

Returns true or false to indicate if the IP provided is on the SANS IP list.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is SANS IP(is_sansip) True if the investigated IP is from SANS, otherwise false
Attacks(attacks) The attack where the investigated IP was seen
Count(count) The number of attacks
First Seen(firstseen) The timestamp when the investigated IP was first time seen
Last Seen(lastseen) The timestamp when the investigated IP was last time seen
SANSI Intel(sansintel.is_sansintel) True if the investigated IP is part of SANSI Intel
Intel(sansintel.intel) The details about the investigated IP

HoneyDB/Ciarmy IP Address Information method

Returns true or false to indicate if the IP provided is on the The CINS Army List.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is Ciarmy(is_ciarmy) True if the investigated IP is from Ciarmy, otherwise false

HoneyDB/Emerging Threats Compromised IP Address Information method

Returns true or false to indicate if the IP provided is on the Emerging Threats Compromised IP list.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is ET Compromised(is_et_compromised) True if the investigated IP is from ET Compromised, otherwise false

HoneyDB/Project Honeypot IP Address Information method

Returns true or false to indicate if the IP provided is on the Project Honeypot list and additional threat data.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
Is project Honeypot(is_project_honeypot) True if the investigated IP is part of a Honeypot Project, otherwise false
Answer(answer) Additional Threat Data
Days(days) Additional Threat Data
Threat(threat) The category where is classified the investigated IP
Type(type) The type of threat

HoneyDB/Lookup Network Information method

Returns AS, network information and geolocation for an IP address.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
AS Name(as_name) The AS name where of the investigated IP
AS Num(as_num) The AS number where of the investigated IP
City(city) The city where is located the investigated IP
Country ISO(country_iso) The ISO country code where is located the investigated IP
Country Name(country_name) The country name where is located the investigated IP
IP(ip) The investigated IP
IP HEX(ip_hex) The investigated IP in hexadecimal format
IP Version(ip_version) The version fo the investigated IP
Network(network) The network of the investigated IP
Network Broadcast(network_broadcast) The broadcast network of the investigated IP
Network Hostmask(network_hostmask) The hostmask network of the investigated IP
Network Netmask(network_netmask) The netmask network of the investigated IP
Network Size(network_size) The size of network of the investigated IP
Region ISO(region_iso) The ISO Region name where is located the investigated IP
Region Name(region_name) The region name where is located the investigated IP

HoneyDB/Network Address Information method

Returns all IP addresses as part of a network range.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
CIDR (is required) The Classless Inter-Domain Routing (CIDR) that is being searched
Outputs Description
CIDR(cidr) The CIDR Value
Network Addresses(network_addresses) A list of network addresses

HoneyDB/Prefixes Network Information method

Returns all prefixes advertised for a specific Autonomous System (AS) network.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
ASN (is required) The ASN that is being searched
Outputs Description
AS Number(as_num) The investigated AS number
Count(count) The number of prefixes
Prefixes(prefixes) A list of prefixes that resulted from the API call

HoneyDB/AS Network Name Information method

Returns the name of the Autonomous System (AS) network.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
ASN (is required) The ASN that is being searched
Outputs Description
AS Name(as_name) The name of the AS
AS Number(as_num) The investigated AS number

HoneyDB/Geolocation Network Information method

Geolocation information for an IP address is returned.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
IP Address (is required) The IP Address that is being searched
Outputs Description
City(city) The city where is located the investigated IP
Country ISO(country_iso) The ISO country code where is located the investigated IP
Country Name(country_name) The country name where is located the investigated IP
Postal Code(postal_code) The postal code where is located the investigated IP
Region ISO(region_iso) The ISO Region name where is located the investigated IP
Region Name(region_name) The region name where is located the investigated IP

HoneyDB/AWS Datacenter method

Returns AWS IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Sync Token(syncToken) The synchronization token
Create Date(createDate) The timestamp when the Sync Token was created
Prefixes(prefixes) A list of prefixes that resulted from the API call

HoneyDB/Azure Datacenter method

Returns Azure IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Azure China Datacenter method

Returns Azure China IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Azure Germany Datacenter method

Returns Azure Germany IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Azure Gov Datacenter method

Returns Azure Gov IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Change Number(changeNumber) The value of the change number
Cloud(cloud) The Cloud name
Values(values) Details about the cloud

HoneyDB/Google Cloud Platform Datacenter method

Returns Google Cloud IP address ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Created(created) The timestamp when the datacenter was created
Prefixes(prefixes) A list of IPs from that datacenter

HoneyDB/Oracle Datacenter method

Returns Oracle Cloud IP ranges.

Inputs Description
Token (is required) The HoneyDB API ID is your identifier to use when querying HoneyDB APIs
Token2 (is required) The threat information API key is required to query information from HoneyDB APIs
Outputs Description
Lat Updated Timestamp(last_updated_timestamp) -> de modificat (LAST) The timestamp when was last time updated
Regions(regions) Details about dataceter

Host.io

Hostio/Web Domain method

Metadata scraped from a domain homepage.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
Domain(domain) The investigated domain
Rank(rank) Position in host.io 10M domains ranking, https://host.io/rankings
URL(url) URL scraped from the data
IP(ip) Actual IP scraped from the data
Date(date) Date when the data was scraped
Length(length) Length of the HTML content scraped
Encoding(encoding) Encoding of the scraped data
Title(title) HTML title
Description(description) HTML meta description
Links(links) Domains of links on the homepage

Hostio/DNS Domain method

Get all the DNS records stored for a domain.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
Domain(domain) The investigated domain
IPv4 Address(a) A list of IPv4 addresses
IPv6 Address(aaaa) A list of IPv6 addresses
Mail Server(mx) A list of mail servers
Name Server(ns) A list of name servers

Get a count of the number of related domains for all supported lookups offered by Host.io.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
IP(ip) A list of related IPs
ASN(asn) A list of ASN values
Name Server(ns) A list of name servers
Mail Server(mx) A list of mail servers
Email(email) A list of emails
Backlinks(backlinks) Domains that include a link to the domain on their homepage
Redirects(redirects) Domains that redirect to the domain from their homepage

Hostio/Full Domain method

A single endpoint that includes the data from Web Domain, DNS Domain, Related Domain.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Domain (is required) The Domain that is being searched
Outputs Description
Domain(domain) The Domain that is being searched
DNS(dns) DNS Details
IP Info(ipinfo) IP info details
Web(web) Web details
Related(related) Related Details

Hostio/Domains Field Value method

Get all domains associated with field, and a count of the total. The value should be according to the field and not necessarily a domain.

Inputs Description
Token (is required) To use the Host_io API, you must have an API key
Field (is required) Domains associated with a field
Value (is required) The value should be according to the field and not necessarily a domain
Outputs Description
Google Analystics(googleanalytics) Domains that include a googleanalytics ID on their homepage
Total(total) The number of domains
Domains(domains) A list of domains

HybridAnalysis

HybridAnalysis/Search Hash method

Summary for given hash.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Hash (is required) MD5, SHA1 or SHA256
Outputs Description
values(values) The results of the API call

HybridAnalysis/Search Terms method

Search the database using the search terms.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
File Name Filename e.g. invoice.exe
File Type Filetype e.g. docx Available options: 64bits, android, assembly, bat, cmd, com, csv, data, doc, docker, docx, elf, empty, executable, flash, html, hwp, hwpx, img, iqy, java, javascript, library, lnk, macho, mshelp, msi, native, neexe, office, outlook, pdf, pedll, peexe, perl, ppt, pptx, ps, pub, python, rtf, script, sct, sh, svg, text, url, vbe, vbs, wsf, xls, xlsx
File Type Description Filetype description e.g. PE32 executable
Environment ID Environment Id
Country Country (3 digit ISO) e.g. swe
Verdict Verdict e.g. 1 Available options: 1 whitelisted, 2 no verdict, 3 no specific threat, 4 suspicious, 5 malicious
Vx Family AV Family Substring e.g. nemucod
Tag Hashtag e.g. ransomware
Date From Date from in format: Y-m-d H:i e.g. 2018-09-28 15:30
Date To Date to in format: Y-m-d H:i e.g. 2018-09-28 15:30
Port Port e.g. 8080
Host Host e.g. 192.168.0.1
Domain Domain e.g. checkip.dyndns.org
URL HTTP Request Substring e.g. google
Similar to
Context
Important Hash Unique value for a file based on the libraries and functions that it imports. It is useful for identifying and categorizing malware samples
SSDEEP Technique for comparing files based on their similarity, not their exact content. It uses a special hash function that divides the file into segments and calculates a value for each segment
Authentication Hash Authentication hash is a feature of hybrid analysis that allows users to search for malware samples based on their cryptographic hash values
Uses Tactic Uses MITRE ATT&CK® Tactic. Please check they website to get current Tactics
Uses Technique Uses MITRE ATT&CK® Technique. Please check they website to get current Techniques
Outputs Description
values(values) The results of the API call

HybridAnalysis/Quick Scan State method

Return list of available scanners.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results the API call

HybridAnalysis/Quick Scan URL method

Submit a websites url or url with file for analysis.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Scan Type (is required) Type of scan, please see /quick-scan/state to see available scanners
URL (is required) Websites url or url with file to submit
No Share Third Party When set to true, the sample is never shared with any third party. Default: true
Allow Community Access When set to true, the sample will be available for the community. Default: true (Note: when no_share_third_party is set to false, it wont be possible to set different value than true)
Comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
Submit Name Optional submission name field that will be used for file type detection and analysis
Outputs Description
SHA256(sha256) The investigated SHA
Scanners(scanners) The scanners used in analysis
Scanners V2(scanners_v2) The scanners used in analysis

HybridAnalysis/Quick Scan ID method

Some scanners need time to process file, if in response finished is set to false, then you need use this endpoint to get final results.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
ID ID of scan
Outputs Description
SHA256(sha256) The investigated SHA
Scanners(scanners) The scanners used in analysis
Scanners V2(scanners_v2) The scanners used in analysis

HybridAnalysis/Convert Quick Scan to Full Scan method

Convert quick scan to sandbox report.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
ID (is required) ID of quick scan to convert
Environment ID (is required) Environment ID. Available environments ID: 400: Mac Catalina 64 bit (x86), 310: Linux (Ubuntu 20.04, 64 bit), 300: Linux (Ubuntu 16.04, 64 bit), 200: Android Static Analysis, 160: Windows 10 64 bit, 120: Windows 7 64 bit, 110: Windows 7 32 bit (HWP Support), 100: Windows 7 32 bit
No Hash Lookup Default: false
Action Script Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie
Hybrid Analysis When set to false, no memory dumps or memory dump analysis will take place. Default: true
Experimental Anti Evasion When set to true, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
Script Logging When set to true, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
Input Sample Tampering When set to true, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
Network Settings Network settings, by the default, fully operating network is set. Available options: default: Fully operating network, tor: Route network traffic via TOR, simulated: Simulate network traffic
Email Optional E-Mail address that may be associated with the submission for notification
Comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
Custom CMD Line Optional commandline that should be passed to the analysis file
Custom Run Time Optional runtime duration (in seconds)
Submit Name Optional submission name field that will be used for file type detection and analysis
Priority Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority
Document Password Optional document password that will be used to fill-in Adobe/Office password prompts
Outputs Description
Job ID(job_id) The job ID
Submission ID(submission_id) The submission ID of the request
Environment ID(environment_id) The environment ID
SHA256(sha256) The SHA generated for this scan

HybridAnalysis/Overview SHA256 method

Return overview for hash.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
SHA 256 (is required) SHA256 for lookup
Outputs Description
Last File Name(last_file_name) The last known name
SHA256(sha256) The investigated SHA
Other File Name(other_file_name) Possible other name of the file
Threat Score(threat_score) The threat score calculated by HybridAnalysis
Verdict(verdict) Verdict e.g. 1 Available options: 1 whitelisted, 2 no verdict, 3 no specific threat, 4 suspicious, 5 malicious
Scanners(scanners) The scanners used in analysis
Scanners V2(scanners_v2) The scanners used in analysis
Submit Context(submit_context) Details about submission of investigation
Related Parent Hashes(related_parent_hashes) A list of parent related hashes
Related Children hashes(related_children_hashes) A list of children related hashes
Reports(reports) A list of reports for the investigated hash
Whitelisted(whitelisted) True if the SHA is whitelisted
Related Reports(related_reports) A list of reports related

HybridAnalysis/Overview Refresh method

Refresh overview and download fresh data from external services.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
SHA 256 (is required) SHA256 for lookup
Outputs Description
values(values) The results of the API call

HybridAnalysis/Overview Summary method

Return overview for hash.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
SHA 256 (is required) SHA256 for lookup
Outputs Description
Threat Score(threat_score) The threat score calculated by HybridAnalysis
Verdict(verdict) Verdict e.g. 1 Available options: 1 whitelisted, 2 no verdict, 3 no specific threat, 4 suspicious, 5 malicious
Analysis Start Time(analysis_start_time) The timestamp when the analysis start
Last Multi Scan(last_multi_scan) The timestamp of tha last multi scan
Multiscan Result(multiscan_result) The number of results from multi scan

HybridAnalysis/Create File Collection method

Create file collection.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Collection Name Optional collection name
Comment Optional comment text that may be associated with the file collection (Note: you can use #tags here)
No Share Third Party When set to true, samples within collection will never be shared with any third party. Default: true
Allow Community Access When set to true, samples within collection will be available for the community. Default: true
Outputs Description
ID(id) The ID of the new Collection Created

HybridAnalysis/File Collection Search method

Search the database using the search terms.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Collection Name Collection Name
Tag Hashtag e.g. ransomware
Outputs Description
Result(result) The results of the API call

HybridAnalysis/File Collection ID method

Return a summary of file collection.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
ID (is required) File collection id
Outputs Description
ID(id) File collection id
Name(name) The name of collection
Comment(comment) Details about collection
Files(files) A list of files from this collection
Created At(created_at) The timestamp when the collection was created
Tags(tags) A list of possible tags assigned to the collection

HybridAnalysis/Submit URL method

Submit a websites url or url with file for analysis.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
URL (is required) URL for analyze or url of file to submit
Environment ID (is required) Environment ID. Available environments ID: 400: Mac Catalina 64 bit (x86), 310: Linux (Ubuntu 20.04, 64 bit), 300: Linux (Ubuntu 16.04, 64 bit), 200: Android Static Analysis, 160: Windows 10 64 bit, 120: Windows 7 64 bit, 110: Windows 7 32 bit (HWP Support), 100: Windows 7 32 bit
No Share Third Party When set to true, the sample is never shared with any third party. Default: true
Allow Community Access When set to true, the sample will be available for the community. Ignored unless url contains a file, in other case, there will be a true value. Default: true
No Hash Lookup Default: false
Action Script Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie
Hybrid Analysis When set to false, no memory dumps or memory dump analysis will take place. Default: true
Experimental Anti Evasion When set to true, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
Script Logging When set to true, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
Input Sample Tempering When set to true, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
Network Settings Network settings, by the default, fully operating network is set. Available options: default: Fully operating network, tor: Route network traffic via TOR, simulated: Simulate network traffic
Email Optional E-Mail address that may be associated with the submission for notification
Comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
Custom Date Time Optional custom date/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm
Cstom CMD Line Optional commandline that should be passed to the analysis file
Custom Run Time Optional runtime duration (in seconds)
Submit Name Optional submission name field that will be used for file type detection and analysis. Ignored unless url contains a file
Priority Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority
Document Password Optional document password that will be used to fill-in Adobe/Office password prompts. Ignored unless url contains a file
Environment Variable Optional system environment value. The value is provided in the format: name: value
Outputs Description
Job ID(job_id) The job ID
Submission ID(submission_id) The submission ID of the request
Environment ID(environment_id) The environment ID
SHA256(sha256) The SHA generated for this scan

HybridAnalysis/Submit Hash For URL method

Determine a SHA256 that an online file or URL submission will have when being processed by the system. Note: this is useful when looking up URL analysis.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
URL (is required) Url to check
Outputs Description
SHA256(sha256) The SHA generated for URL checked

HybridAnalysis/System Version method

Return system elements versions.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results of the API call

HybridAnalysis/System Environments method

Return information about available execution environments.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results of the API call

HybridAnalysis/System Action Scripts method

Return information about available action scripts.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
values(values) The results of the API call

HybridAnalysis/Key Current method

Return information about the used API key and it limits.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
API Key(api_key) The API key used for this API call
Authority Level(auth_level) Authority level of the API key
Authority Level Name(auth_level_name) Authority name level of the API key
User ID(user_id) The user ID which has the API key associated
User Email(user_email) The user email which has the API key associated
User Name(user_name) The user name which has the API key associated

HybridAnalysis/Submission Quota method

Return information about quota and current usage.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
Detonation(detonation) Details about usage of API Key
Quick Scan(quick_scan) DEmails about Quick Scans

HybridAnalysis/Feed method

Access a JSON feed (summary information) of last 250 reports from 24h.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Outputs Description
Data(data) The results of the aPI call

HybridAnalysis/Abuse Reports Feed method

Returns hashes of samples that were qualified for removal due to abuse or were containing private data and dates when it happened.

Inputs Description
User Agent (is required) Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name Falcon
API Key (is required) To use this API you must provide an API Key
Page Page if there more results than we can display in one request
Outputs Description
Results(results) The results of the API call
Number of results(number_of_results) The total number of results
Number of pages(number_of_pages) The total number of pages
Link to previous page(link_to_previous_page) URL to the previous page
Link to next page(link_to_next_page) URL to the next page

IP-API

IPAPI/IP Geolocation method

Return Geolocation informations.

Inputs Description
Format (is required) The format in which you want to receive the result
Query The query can be a single IPv4/IPv6 address or a domain name. If you dont supply a query the current IP address will be used
Fields If you do not require all the returned fields, use the GET parameter fields to specify which data should be returned
Outputs Description
Query(query) The investigated IP
Status(status) The status of the API call
Country(country) The country of origin of IP
Country Code(countryCode) The country code of origin of IP
Region(region) The region of origin of IP
Region Name(regionName) The region name of origin of IP
City(city) The city of origin of IP
ZIP(zip) The zip of origin of IP
Timezone(timezone) The timezone of origin of IP
ISP(isp) The ISP who provided the IP

IPinfo.io

IPinfoio/Geolocation Data method

It includes country, region, city, and postal code of the target IP.

Inputs Description
Token (is required) To use the IPinfo.io API, you must have an API key
IP Address (is required) The IP Address that is being searched
Outputs Description
IP(ip) The investigated IP
Hostname(hostname) Hostname of the investigated IP
Anycast(anycast) True if the investigated IP is anycast
City(city) The city of origin of IP
Region(region) The region of origin of IP
Country(country) The country of origin of IP
Loc(loc) The latitude and longitude
ORG(org) The organisation that issued the IP
Postal(postal) The postal code of origin of IP
Timezone(timezone) The timezone of origin of IP

IPQualityScore

IP Quality Score/Proxy and VPN Detection method

List the syslog servers for a network.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Strictness
User Language You can optionally provide us with the users language header. This allows us to evaluate the risk of the user as judged in the fraud_score
User Agent You can optionally provide us with the user agent string (browser). This allows us to run additional checks to see if the user is a bot or running an invalid browser. This allows us to evaluate the risk of the user as judged in the fraud_score
Allow Public Access Points
Fast When this parameter is enabled our API will not perform certain forensic checks that take longer to process. Enabling this feature greatly increases the API speed without much impact on accuracy. This option is intended for services that require decision making in a time sensitive manner and can be used for any strictness level
Lighter Penalties Is your scoring too strict? Enable this setting to lower detection rates and Fraud Scores for mixed quality IP addresses. If you experience any false-positives with your traffic then enabling this feature will provide better results
Mobile You can optionally specify that this lookup should be treated as a mobile device. Recommended for mobile lookups that do not have a user agent attached to the request. NOTE: This can cause unexpected and abnormal results if the device is not a mobile device
Transaction Strictness Adjusts the weights for penalties applied due to irregularities and fraudulent patterns detected on order and transaction details that can be optionally provided on each API request. This feature is only beneficial if you are passing order and transaction details
Outputs Description
Success(success) Was the request successful?
Message(message) A generic status message, either success or some form of an error notice
Fraud Score(fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold
Country Code(country_code) Two character country code of IP address or N/A if unknown
Region(region) Region (state) of IP address if available or N/A if unknown
City(city) City of IP address if available or N/Aif unknown
ISP(ISP) ISP if one is known. Otherwise N/A
ASN(ASN) Autonomous System Number if one is known. Null if nonexistent
Organization(organization) Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise N/A
Is Crawler(is_crawler) Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification
Timezone(timezone) Timezone of IP address if available or N/A if unknown
Mobile(mobile) Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)
Host(host) Hostname of the IP address if one is available
Proxy(proxy) Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)
VPN(vpn) Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The proxy status will always be true when this value is true
Tor(tor) Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The proxy status will always be true when this value is true
Active VPN(active_vpn) Identifies active VPN connections used by popular VPN services and private VPN servers
Active Tor(active_tor) Identifies active TOR exits on the TOR network
Recent Abuse(recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days
Bot Status(bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious
Connection Type(connection_type) Classification of the IP address connection type as Residential, Corporate, Education, Mobile, or Data Center
Abuse Velocity(abuse_velocity) How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be high, medium, low, or none. Can be used in combination with the Fraud Score to identify bad behavior
ZIP code(zip_code) Postal code of IP address if available or N/A if unknown. IP addresses can relate to multiple postal codes in a city, so we recommend performing analysis of similar postal codes nearby

IP Quality Score/User Payment Transaction History method

User Payment Transaction History.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Strictness Uses the lowest strictness (0-3) for Fraud Scoring. Increasing this value will expand the tests we perform. Levels 2+ have a higher risk of false-positives. We recommend using level 0 or 1 for the best results
Billing First Name The customers billing first name
Billing Last Name The customers billing last name
Billing Company The customers billing company
Billing Country The customers billing country name or billing country ISO-Alpha2. (EG: United States or US)
Billing Address 1 The customers billing street address part 1
Billing Address 2 The customers billing street address part 2
Billing City The customers billing city
Billing Region The customers billing region or state
Billing Postcode The customers billing postcode or zipcode
Billing Email The customers billing email address
Billing Phone The customers billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by IP Quality Score AI.)
Shipping First Name The customers shipping first name
Shipping Last Name The customers shipping last name
Shipping Company The customers shipping company
Shipping Country The customers shipping country name or shipping country ISO-Alpha2. (EG: United States or US)
Shipping Address 1 The customers shipping street address part 1
Shipping Address 2 The customers shipping street address part 2
Shipping City The customers shipping city
Shipping Region The customers shipping region or state
Shipping Postcode The customers shipping postcode or zipcode
Shipping Email The customers shipping email address
Shipping Phone The customers shipping phone number
Username The customers username
Password Hash For security reasons and following industry best practices, a SHA256 hash of the users password for better user analysis
Credit Card Bin First six digits of the credit or debit card, referred to ask the Bank Identification Number
Credit Card Hash For security reasons and following industry best practices, a SHA256 hash of the credit card number is accepted to check against blacklisted cards
Credit Card Expiration Month Two letter format of the credit cards expiration month. For example, May would be 05
Credit Card Expiration Year Two letter format of the credit cards expiration year. For example, 2023 would be 23
AVS Code One letter Address Verification Service (AVS) response code provided by the credit card processor or bank
CVV Code One letter Card Verification Value (CVV2) response code provided by the credit card processor or bank
Order Amount Total balance of the entire order without currency symbols
Quantity of items for this order Quantity of items for this order
Recurring Is this a recurring order that automatically rebills?
Recurring Times If this is a recurring order, then how many times has this recurring order rebilled? For example, if this is the third time the user is being billed, please enter this value as 3. If this is the initial recurring order, please leave the value as blank or enter 1
Outputs Description
Success(success) Was the request successful?
Message(message) A generic status message, either success or some form of an error notice
Fraud Score(fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold
Country Code(country_code) Two character country code of IP address or N/A if unknown
Region(region) Region (state) of IP address if available or N/A if unknown
City(city) City of IP address if available or N/A if unknown
ISP(ISP) ISP if one is known. Otherwise N/A
Organization(organization) Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise N/A
Is Crawler(is_crawler) Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification.
Mobile(mobile) Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)
Host(host) Hostname of the IP address if one is available
Proxy(proxy) Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)
VPN(vpn) Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The proxy status will always be true when this value is true
Tor(tor) Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The proxy status will always be true when this value is true
Active VPN(active_vpn) Identifies active VPN connections used by popular VPN services and private VPN servers
Active Tor(active_tor) Identifies active TOR exits on the TOR network
Recent Abuse(recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days
Bot Status(bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious
Connection Type(connection_type) Classification of the IP address connection type as Residential, Corporate, Education, Mobile, or Data Center
Abuse Velocity(abuse_velocity) How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be high, medium, low, or none. Can be used in combination with the Fraud Score to identify bad behavior
Transaction Details(transaction_details) Physical address validation and reputation analysis

IP Quality Score/Phone Reputation method

Generate a phone number reputation score to verify users, payments, & sign ups to prevent fraudulent behavior.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Billing Country The customers billing country name or billing country ISO-Alpha2. (EG: United States or US)
Billing Phone The customers billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by IP Quality Score AI.)
Billing Phone Country Code Country dialing code associated with the billing phone. Typically 1-3 digits
Shipping Country The customers shipping country name or shipping country ISO-Alpha2. (EG: United States or US)
Shipping Phone Country Code Country dialing code associated with the shipping phone. Typically 1-3 digits
Shipping Phone The customers shipping phone number
Outputs Description
Success(success) Was the request successful?
Message(message) A generic status message, either success or some form of an error notice
Fraud Score(fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold
Country Code(country_code) Two character country code of IP address or N/A if unknown
Region(region) Region (state) of IP address if available or N/A if unknown
City(city) City of IP address if available or N/A if unknown
ISP(ISP) ISP if one is known. Otherwise N/A
Organization(organization) Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise N/A
Is Crawler(is_crawler) Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification
Mobile(mobile) Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)
Host(host) Hostname of the IP address if one is available
Proxy(proxy) Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)
VPN(vpn) Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The proxy status will always be true when this value is true
Tor(tor) Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The proxy status will always be true when this value is true
Active VPN(active_vpn) Identifies active VPN connections used by popular VPN services and private VPN servers
Active Tor(active_tor) Identifies active TOR exits on the TOR network
Recent Abuse(recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days
Bot Status(bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious
Connection Type(connection_type) Classification of the IP address connection type as Residential, Corporate, Education, Mobile, or Data Center
Abuse Velocity(abuse_velocity) How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be high, medium, low, or none. Can be used in combination with the Fraud Score to identify bad behavior
Transaction Details(transaction_details) A generic status message, either success or some form of an error notice

IP Quality Score /Proxy Detection method

Instantly detect invalid addresses, misformatted user data and typos, and physical addresses that have recently been reported for fraudulent behavior.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP (is required) The investigated IP
Billing Address 1 Users billing or primary street address part 1.
Billing Address 2 Users billing or primary street address part 2.
Billing City Users billing or primary city.
Billing Region Users billing or primary region or state.
Billing Postcode Users billing or primary postcode or zipcode.
Billing Country Users billing or primary country name or billing country ISO-Alpha2. (EG: United States or US)
Shipping Address 1 Users billing or primary street address part 1.
Shipping Address 2 Users billing or primary street address part 2.
Shipping City Users billing or primary city.
Shipping Region Users billing or primary region or state.
Shipping Postcode Users billing or primary postcode or zipcode.
Shipping Country Users billing or primary country name or shipping country ISO-Alpha2. (EG: United States or US)
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Fraud Score (fraud_score) The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 88, but you may find it beneficial to use a higher or lower threshold.
Recent Abuse (recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days.
Bot Status (bot_status) Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious.
Transaction Details (transaction_details) Physical address validation and reputation analysis.

IP Quality Score /Validate Email method

IPQualityScores Email Validation API boosts deliverability by detecting invalid, fraudulent emails, spam traps, and more. It offers real-time verification to prevent fake accounts, errors, and misuse on your platform.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
Email to check (is required) The email which is verified
Fast When this parameter is enabled our API will not perform an SMTP check with the mail service provider, which greatly increases the API speed. Syntax and DNS checks are still performed on the email address as well as our disposable email detection service. This option is intended for services that require decision making in a time sensitive manner.
Timeout Maximum number of seconds to wait for a reply from a mail service provider. If your implementation requirements do not need an immediate response, we recommend bumping this value to 20. Any results which experience a connection timeout will return the timed_out variable as true. Default value is 7 seconds.
Suggest Domain Force analyze if the email addresss domain has a typo and should be corrected to a popular mail service. By default, this test is currently only performed when the email is invalid or if the recent abuse status is true.
Strictness Sets how strictly spam traps and honeypots are detected by our system, depending on how comfortable you are with identifying emails suspected of being a spam trap. 0 is the lowest level which will only return spam traps with high confidence. Strictness levels above 0 will return increasingly more strict results, with level 2 providing the greatest detection rates.
Abuse Strictness Set the strictness level for machine learning pattern recognition of abusive email addresses with the recent_abuse data point. Default level of 0 provides good coverage, however if you are filtering account applications and facing advanced fraudsters then we recommend increasing this value to level 1 or 2.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Valid (valid) Does this email address appear valid?
Disposable (disposable) Is this email suspected of belonging to a temporary or disposable mail service? Usually associated with fraudsters and scammers.
SMTP Score (smtp_score) Validity score of email servers SMTP setup. Range: -1 - 3. Scores above -1 can be associated with a valid email.-1 = invalid email address0 = mail server exists, but is rejecting all mail1 = mail server exists, but is showing a temporary error2 = mail server exists, but accepts all email3 = mail server exists and has verified the email address
Overall Score (overall_score) Overall email validity score. Range: 0 - 4. Scores above 1 can be associated with a valid email.0 = invalid email address1 = dns valid, unreachable mail server2 = dns valid, temporary mail rejection error3 = dns valid, accepts all mail4 = dns valid, verified email exists
First Name (first_name) Suspected first name based on email. Returns CORPORATE if the email is suspected of being a generic company email. Returns UNKNOWN if the first name was not determinable.
DNS Valid (dns_valid) Does the emails hostname have valid DNS entries? Partial indication of a valid email.
Honeypot (honeypot) Is this email believed to be a honeypot or SPAM trap? Bulk mail sent to these emails increases your risk of being blacklisted by large ISPs & ending up in the spam folder.
Frequent Complainer (frequent_complainer) Indicates if this email frequently unsubscribes from marketing lists or reports email as SPAM.
Fraud Score (fraud_score) The overall Fraud Score of the user based on the emails reputation and recent behavior across the IPQS threat network. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent.
Recent Abuse (recent_abuse) This value will indicate if there has been any recently verified abuse across our network for this email address. Abuse could be a confirmed chargeback, fake signup, compromised device, fake app install, or similar malicious behavior within the past few days.
Domain Age in human readable format (domain_age_human) A human description of when this domain was registered. (Ex: 3 months ago)
Domain Age Timestamp (domain_age_timestamp) The unix time since epoch when this domain was first registered. (Ex: 1568061634)
First seen in human readable format (first_seen_human) A human description of the email address age, using an estimation of the email creation date when IPQS first discovered this email address. (Ex: 3 months ago)
First Seen Timestamp (first_seen_timestamp) The unix time since epoch when this email was first analyzed by IPQS. (Ex: 1568061634)
Sanitized Email (sanitized_email) Sanitized email address with all aliases and masking removed, such as multiple periods for Gmail.com.
Domain Velocity (domain_velocity) Indicates the level of legitimate users interacting with the email address domain. Values can be high, medium, low, or none. Domains like IBM.com, Microsoft.com, Gmail.com, etc. will have high scores as this value represents popular domains. New domains or domains that are not frequently visited by legitimate users will have a value as none.
User Activity (user_activity) Frequency at which this email address makes legitimate purchases, account registrations, and engages in legitimate user behavior online. Values can be high, medium, low, or none. Values of high or medium are strong signals of healthy usage. New email addresses without a history of legitimate behavior will have a value as none. This field is restricted to higher plan tiers.
Status Associated Phone Numbers (associated_phone_numbers_status) Status of phone numbers associated with investigated email address
List Associated Phone Numbers (associated_phone_numbers_phone_numbers) A list with associated phone numbers with investigated email address
Associated names (associated_names) Displays first and last names linked to the email address, if available in our data sources. Match rates vary by country. This field is restricted to upgraded plans. Object value contains, status, and names as an array.
Spam Trap Score (spam_trap_score) Intelligent confidence level of the email address being an active SPAM trap. Values can be high, medium, low, or none. We recommend scrubbing emails with a high status, typically for any promotional mailings. This data is meant to provide a more accurate result for the frequent_complainer and honeypot data points, which collect data from spam complaints, spam traps, and similar techniques.

IP Quality Score /Phone Number Validation

Perform carrier lookups by API in any region to detect disconnected phone numbers and retrieve important carrier info including line types to determine if a number is a VOIP, landline, mobile.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
Number to check (is required) To use IP Quality Score you need to have an API Key
Country You can optionally provide us with the default country or countries this phone number is suspected to be associated with. Our system will prefer to use a country on this list for verification or will require a country to be specified in the event the phone number is less than 10 digits.
Strictness How in depth (strict) do you want this reputation check to be? Stricter checks may provide a higher false-positive rate. We recommend starting at 0, the lowest strictness setting, and increasing to 1 or 2 depending on your levels of fraud.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Active (active) Is this phone number a live usable phone number that is currently active?
Formatted (formatted) The phone number formatted in the international dialing code. N/A if not formattable.
Local Format (local_format) The phone number formatted in the countrys local routing rules with area code. N/A if not formattable.
Valid (valid) Is the phone number properly formatted and considered valid based on assigned phone numbers available to carriers in that country?
Fraud Score (fraud_score) The IPQS risk score which estimates how likely a phone number is to be fraudulent. Scores 85+ are risky while Fraud Scores 90+ are high risk.
Recent Abuse (recent_abuse) Has this phone number been associated with recent or ongoing fraud?
VOIP (VOIP) Is this phone number a Voice Over Internet Protocol (VOIP) or digital phone number?
Prepaid (prepaid) Is this phone number associated with a prepaid service plan?
Risky (risky) Is this phone number associated with fraudulent activity, scams, robo calls, fake accounts, or other unfriendly behavior?
Carrier (carrier) The carrier (service provider) this phone number has been assigned to or N/Aif unknown.
Line Type (line_type) The type of line this phone number is associated with (Toll Free, Mobile, Landline, Satellite, VOIP, Premium Rate, Pager, etc...) or N/Aif unknown.
Country (country) The two character country code for this phone number.
City (city) City of the phone number if available or N/A if unknown.
Zip Code (zip_code) Zip or Postal code of the phone number if available or N/A if unknown.
Region (region) Region (state) of the phone number if available or N/A if unknown.
Dialing code (dialing_code) The 1 to 4 digit dialing code for this phone number or null if unknown.
Active Status (active_status) Additional details on the status of the subscriber connection when enhanced active line checks are enabled. Contact your account manager to enable this add-on feature. These values can be Active Line, Disconnected Line, Phone Turned Off, Inconclusive Status, or N/A if unknown.
Status of associated email address (associated_email_addresses.status) The status of associated emails
Associated Emails (associated_email_addresses.emails) A list with associated emails
User Activity (user_activity) Frequency at which this phone number makes legitimate purchases, account registrations, and engages in legitimate user behavior online. Values can be high, medium, low, or none. Values of high or medium are strong signals of healthy usage. New phone numbers without a history of legitimate behavior will have a value as none
Mobile Network Code (mnc) The Mobile Network Code(MNC) is a concise identifier that represents a specific mobile carrier or network within a given country. It helps quickly identify the mobile service provider associated with a mobile device, enabling efficient routing of communication and services
Mobile Country Code (mcc) The Mobile Country Code is a numerical identifier that succinctly represents the specific country associated with a mobile phones network. This code helps in identifying the nation where the mobile device is registered or operational, facilitating accurate routing of mobile communications and services
Leaked (leaked) Has this phone number recently been exposed in an online database breach or act of compromise
Spammer (spammer) Indicates if the phone number has recently been reported for spam or harassing calls/texts
Do not call (do_not_call) Indicates if the phone number is listed on any Do Not Call (DNC) lists. Only supported in US and CA. This data may not be 100% up to date with the latest DNC blacklists. Contact your account manager to enable better DNC data and TCPA litigator removal

IP Quality Score /Malicious URL Scanner method

Scans links in real-time to detect suspicious URL.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
URL (is required) The URL which will be investigated
Fast When this parameter is enabled our API will not perform an SMTP check with the mail service provider, which greatly increases the API speed. Syntax and DNS checks are still performed on the email address as well as our disposable email detection service. This option is intended for services that require decision making in a time sensitive manner.
Timeout Maximum number of seconds to perform live page scanning and follow redirects. If your implementation requirements do not need an immediate response, we recommend bumping this value to 5. Default value is 2 seconds.
Strictness How strict should we scan this URL? Stricter checks may provide a higher false-positive rate. We recommend defaulting to level 0, the lowest strictness setting, and increasing to 1 or 2 depending on your levels of abuse.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Unsafe (unsafe) Is this domain suspected of being unsafe due to phishing, malware, spamming, or abusive behavior? View the confidence level by analyzing the Risk Score.
Domain (domain) Domain name of the final destination URL of the scanned link, after following all redirects.
IP Address (ip_address) The IP address corresponding to the server of the domain name.
Server (server) The server banner of the domains IP address. For example: nginx/1.16.0. Value will be N/A if unavailable.
Content Type (content_type) MIME type of URLs content. For example text/html; charset=UTF-8. Value will be N/A if unavailable.
Domain Rank (domain_rank) Estimated popularity rank of website globally. Value is 0 if the domain is unranked or has low traffic.
DNS Valid (dns_valid) The domain of the URL has valid DNS records.
Parking (parking) Is the domain of this URL currently parked with a for sale notice?
Spamming (spamming) Is the domain of this URL associated with email SPAM or abusive email addresses?
Malware (malware) Is this URL associated with malware or viruses?
Phishing (phishing) Is this URL associated with malicious phishing behavior?
Suspicious (suspicious) Is this URL suspected of being malicious or used for phishing or abuse? Use in conjunction with the risk_score as a confidence level.
Adult (adult) Is this URL or domain hosting dating or adult content?
Risk Score (risk_score) The IPQS risk score which estimates the confidence level for malicious URL detection. Risk Scores 85+ are high risk, while Risk Scores = 100 are confirmed as accurate.
Country Code (country_code) The country corresponding to the servers IP address.
Category (category) Website classification and category related to the content and industry of the site. Over 70 categories are available including Video Streaming, Trackers, Gaming, Privacy, Advertising, Hacking, Malicious, Phishing, etc. The value will be N/A if unknown.
Domain Age in human readable format (domain_age_human) A human description of when this domain was registered. (Ex: 3 months ago)
Domain Age Timestamp (domain_age_timestamp) The unix time since epoch when this domain was first registered. (Ex: 1568061634)
Redirected (redirected) Does the URL redirect to another domain when loaded in a browser?

IP Quality Score /Fraud Reporting method

List the syslog servers for a network.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API Key
IP The IPv4 or IPv6 address you wish to report. (optional, one required)
Email The email address you wish to report. (optional, one required)
Request ID The Request ID you wish to report. (optional, one required)
Phone The 9 to 20 digit phone number you wish to report. Must include country field below.(optional, one required, required with country below)
Country The 2 letter country code (preferred method) or full properly formatted name (capitalization and spacing required) of the phone number you wish to report. Must include phone field above.(optional, one required, required with phone above)
Billing First Name The customers billing first name.
Billing Last Name The customers billing last name.
Billing Company The customers billing company.
Billing Country The customers billing country name or billing country ISO-Alpha2. (EG: United States or US)
Billing Address 1 The customers billing street address part 1.
Billing Address 2 The customers billing street address part 2.
Billing City The customers billing city.
Billing Region The customers billing region or state.
Billing Postcode The customers billing postcode or zipcode.
Billing Email The customers billing email address.
Billing Phone The customers billing 11 to 14 digit phone number. (If less than 10 digits provided, the country code will be guessed by IP Quality Score AI.)
Shipping First Name The customers shipping first name.
Shipping Last Name The customers shipping last name.
Shipping Company The customers shipping company.
Shipping Country The customers shipping country name or shipping country ISO-Alpha2. (EG: United States or US)
Shipping Address 1 The customers shipping street address part 1.
Shipping Address 2 The customers shipping street address part 2.
Shipping City The customers shipping city.
Shipping Region The customers shipping region or state.
Shipping Postcode The customers shipping postcode or zipcode.
Shipping Email The customers shipping email address.
Shipping Phone The customers shipping phone number
Username The customers username.
Password Hash For security reasons and following industry best practices, a SHA256 hash of the users password for better user analysis.
Credit Card Bin First six digits of the credit or debit card, referred to ask the Bank Identification Number.
Credit Card Hash For security reasons and following industry best practices, a SHA256 hash of the credit card number is accepted to check against blacklisted cards.
Credit Card Expiration Month Two letter format of the credit cards expiration month. For example, May would be 05.
Credit Card Expiration Year Two letter format of the credit cards expiration year. For example, 2023 would be 23.
AVS Code One letter Address Verification Service (AVS) response code provided by the credit card processor or bank.
CVV Code One letter Card Verification Value (CVV2) response code provided by the credit card processor or bank.
Order Amount Total balance of the entire order without currency symbols.
Order Quantity Quantity of items for this order.
Recurring Is this a recurring order that automatically rebills?
Recurring Times If this is a recurring order, then how many times has this recurring order rebilled? For example, if this is the third time the user is being billed, please enter this value as 3. If this is the initial recurring order, please leave the value as blank or enter 1.
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Request ID (request_id) A unique identifier for this request that can be used to lookup the request details or send a postback conversion notice.

IP Quality Score /Credit Usage method

Access your accounts total number of available credits and current usage for this billing period.

Inputs Description
Token (is required) To use IP Quality Score you need to have an API KeyTo use IP Quality Score you need to have an API Key
Outputs Description
Success (success) Was the request successful?
Message (message) A generic status message, either success or some form of an error notice.
Credits (credits) The remaining credits on the API Key
Usage (usage) How many times were used the APIs calls
Proxy Usage (proxy_usage) How many times was used proxy api
Email Usage (email_usage) How many times was used email usage
Fingerprint Usage (fingerprint_usage) How many times was used fingerprint usage

IPStack

IPStack/Standard IP Address Lookup method

Standard Lookup is used to look up single IPv4 or IPv6 addresses.

Inputs Description
Token (is required) To use the IPStack API, you must have an API key.
IP Address (is required) Any IPv4 or IPv6 address; you can also enter a domain URL to have ipstack resolve the domain to the underlying IP address.
Fields Set to your preferred output field(s) according to the Specify Output Fields section.
Hostname Set to 1 to enable Hostname Lookup.
Security Set to 1 to enable the Security module.
Language Set to a 2-letter language code according to the Specify Output Language section to change output language.
Callback Specify a JSONP callback function name according to the JSONP Callbacks section.
Outputs Description
IP (ip) Returns the requested IP address
Type (type) Returns the IP address type IPv4 or IPv6
Continent Code (continent_code) Returns the 2-letter country code associated with the IP
Continent Name (continent_name) Returns the name of the country associated with the IP
Country Code (country_code) Returns the 2-letter country code associated with the IP
Country Name (country_name) Returns the name of the country associated with the IP
Region Name (region_code) Returns the region code of the region associated with the IP (e.g. CA for California)
City (city) Returns the name of the city associated with the IP
ZIP (zip) Returns the ZIP code associated with the IP
Location (location) Returns multiple location-related objects

IPStack/Requester IP Address Lookup method

Look up for the IP from which the request comes.

Inputs Description
Token (is required) To use the IPStack API, you must have an API key.
Fields Set to your preferred output field(s) according to the Specify Output Fields section.
Hostname Set to 1 to enable Hostname Lookup.
Security Set to 1 to enable the Security module.
Language Set to a 2-letter language code according to the Specify Output Language section to change output language.
Callback Specify a JSONP callback function name according to the JSONP Callbacks section.
Outputs Description
IP (ip) Returns the requested IP address
Type (type) Returns the IP address type IPv4 or IPv6
Continent Code (continent_code) Returns the 2-letter country code associated with the IP
Continent Name (continent_name) Returns the name of the country associated with the IP
Country Code (country_code) Returns the 2-letter country code associated with the IP
Country Name (country_name) Returns the name of the country associated with the IP
Region Code (region_code) Returns the region code of the region associated with the IP (e.g. CA for California)
Region Name (region_name) Returns the name of the region associated with the IP
City (city) Returns the name of the city associated with the IP
ZIP (zip) Returns the ZIP code associated with the IP
Location (location) Returns multiple location-related objects

Kuudos

Kuudos/APKs List of Applications method

List of applications (APKs).

Inputs Description
Token (is required) To use the Kuudos API, you must have an API key.
Search Allow advanced search.
Outputs Description
Next (next) URL to the next page
Previous (previous) URL to the previous page
Results (results) The results of the API call

Kuudos/Detailed Information about an APK method

An APKs detailed information.

Inputs Description
Token (is required) To use the Kuudos API, you must have an API key.
SHA256 (is required) Identify APK based on sha256
Outputs Description
ID (id) The ID of the investigated APK SHA
URL (url) The URL of the investigated APK
SHA256 (sha256) The SHA256 of the investigated APK
MD5 (md5) The MD5 of the investigated APK
SHA1 (sha1) The SHA1 of the investigated APK
APP (app) The name of the investigated APK
Package Name (package_name) The package name of the investigated APK
Company (company) The OS where the APK can be installed
Is trusted (is_trusted) True if the app is not a malware, otherwise false
Is Installed (is_installed) True if the app is installed, otherwise false
Rating (rating) The value assigned by Koodous
Is Detected (is_detected) True if the APK is detected, otherwise false
Is Corrupted (is_corrupted) True if the APK is detected, otherwise false
Is Static Analyzed (is_static_analyzed) True if the APK is static analyzed, otherwise false
Is Dynamic Analyzed (is_dynamic_analyzed) True if the APK is static analyzed, otherwise false
Last Yara Analysis at (last_yara_analysis_at) The results of the last Yara Analysis
Created at (created_at) The timestamp when report was created
Last Scan (last_scan) The results of the last scan

Kuudos/Static and Dynamic Analysis Reports method

Get a copy of the static and dynamic analysis reports.

Inputs Description
Token To use the Kuudos API, you must have an API key.
SHA256 (is required) Identify APK based on sha256
Outputs Description
Cuckoo (cuckoo) The results from Cuckoo
Androguard (androguard) The results from Androguard
Droidbox (droidbox) The results from Droidbox

MacVendors

MACVendors /MAC Address Lookup method

This API performs a quick and easy vendor lookup for mac addresses.

Inputs Description
Token (is required) To use the MacVendors API, you must have an API key.
MAC address (is required) The MAC address that is being searched.
Outputs Description
Data (data) The results of the API call

Mailboxlayer

MailBoxLayer/Email Check method

Validates and verifies an email address in order to determine deliverability and quality.

Inputs Description
Token (is required) To use the Mailboxlayer API, you must have an API key.
Email (is required) Email to check
Outputs Description
catch_all (catch_all) Returns true or false depending on whether or not the requested email address is found to be part of a catch-all mailbox
did_you_mean (did_you_mean) Contains a did-you-mean suggestion in case a potential typo has been detected
disposable (disposable) Returns true or false depending on whether or not the requested email address is a disposable email address. (e.g. user123@mailinator.com)
Returns true or false depending on whether or not the requested email address is a disposable email address. (e.g. user123@mailinator.com)
domain (domain) Returns the domain of the requested email address. (e.g. company.com in paul@company.com)
email (email) Contains the exact email address requested
format_valid (format_valid) Returns true or false depending on whether or not the general syntax of the requested email address is valid
free (free) Returns true or false depending on whether or not the requested email address is a free email address. (e.g. user123@gmail.com, user123@yahoo.com)
mx_found (mx_found) Returns true or false depending on whether or not MX-Records for the requested domain could be found
role (role) Returns true or false depending on whether or not the requested email address is a role email address. (e.g. support@company.com, postmaster@company.com)
score (score) Returns a numeric score between 0 and 1 reflecting the quality and deliverability of the requested email address.
smtp_check (smtp_check) Returns true or false depending on whether or not the SMTP check of the requested email address succeeded
user (user) Returns the local part of the request email address. (e.g. paul in paul@company.com)

MailBoxLayer/Email method

Validates and verifies an email address in order to determine deliverability and quality.

Inputs Description
Token (is required) To use the Mailboxlayer API, you must have an API key.
Email (is required) Email to check
Outputs Description
can_connect_smtp (can_connect_smtp) True if it is possible to connect to SMTP
did_you_mean (did_you_mean) Contains a did-you-mean suggestion in case a potential typo has been detected
domain (domain) Returns the domain of the requested email address. (e.g. company.com in paul@company.com)
email (email) Contains the exact email address requested
free (free) Returns true or false depending on whether or not the requested email address is a free email address. (e.g. user123@gmail.com, user123@yahoo.com)
is_catch_all (is_catch_all) Returns true or false depending on whether or not the requested email address is found to be part of a catch-all mailbox
is_deliverable (is_deliverable) True if the email is deliverable, otherwise false
is_disabled (is_disabled) True if the email is disabled, otherwise false
is_disposable (is_disposable) True if the email is disposable, otherwise false
is_inbox_full (is_inbox_full) True if the inbox is full, otherwise false
is_role_account (is_role_account) True if it is role account, otherwise false
mx_records (mx_records) True if it has MX Records
score (score) Returns a numeric score between 0 and 1 reflecting the quality and deliverability of the requested email address
syntax_valid (syntax_valid) True if the syntax of mail correct, otherwise false
user (user) Returns the local part of the request email address. (e.g. paul in paul@company.com)

Malshare

Malshare/Get List method

List hashes from the past 24 hours in JSON Format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
values (values) The results of the API call

Malshare/List Hashes for a Specific Format method

List MD5/SHA1/SHA256 hashes of a specific type from the past 24 hours, in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Type (is required) Type of file
Outputs Description
values (values) The results of the API call

Malshare/File Types and Count method

Get list of file types & count from the past 24 hours, in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
Android (Android) The number of Android files detected in the last 24 hours
ASCII (ASCII) The number of ASCII files detected in the last 24 hours
Bourne (Bourne) The number of Bourne files detected in the last 24 hours
Composite (Composite) The number of Composite files detected in the last 24 hours
Dalvik (Dalvik) The number of Dalvik files detected in the last 24 hours
data (data) The number of data files detected in the last 24 hours
DOS (DOS) The number of DOS files detected in the last 24 hours
ELF (ELF) The number of ELF files detected in the last 24 hours
Hitachi (Hitachi) The number of Hitachi files detected in the last 24 hours
HTML (HTML) The number of HTML files detected in the last 24 hours
Java (Java) The number of Java files detected in the last 24 hours
JPEG (JPEG) The number of JPEG files detected in the last 24 hours
Little (Little) The number of Little files detected in the last 24 hours
MS-DOS (MS-DOS) The number of MS-DOS files detected in the last 24 hours
PDF (PDF) The number of PDF files detected in the last 24 hours
PE32+ (PE32_plus) The number of PE32+ files detected in the last 24 hours
PE32 (PE32) The number of PE32 files detected in the last 24 hours
PNG (PNG) The number of PNG files detected in the last 24 hours
RAR (RAR) The number of RAR files detected in the last 24 hours
Rich (Rich) The number of RIFF files detected in the last 24 hours
RIFF (RIFF) The number of RIFF files detected in the last 24 hours
TrueType (TrueType) The number of TrueType files detected in the last 24 hours
UTF (UTF) The number of UTF files detected in the last 24 hours
XML (XML) The number of XML files detected in the last 24 hours
Zip (Zip) The number of ZIP files detected in the last 24 hours

Malshare/Stored File Details method

Get stored file details in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Hash (is required) Identify file based on hash
Outputs Description
MD5 (MD5) MD5 of the file
SHA1 (SHA1) SHA1 of the file
SHA256 (SHA256) SHA256 of the file
SSDEEP (SSDEEP) SSDEEP of the file
File Type (F_TYPE) File Type of the file
FILENAMES (FILENAMES) A list of filenames

Malshare/Get Sources method

List of sample sources from the past 24 hours, in JSON format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
values (values) The results of the API call

Malshare/Get Search and Query method

Search sample hashes, sources and file names in Raw data format.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Query (is required) Search query
Outputs Description
values (values) The results of the API call

Malshare/Get File Names List method

Returns a list of file names from recent uploads.

Inputs Description
Token (is required) To use the Malshare API, you must have an API key.
Outputs Description
values (values) The results of the API call

MetaDefender Cloud

MetaDefender Cloud/API Key Info method

Retrieve information about your apikey such as (but not limited to): max file size, API limits, created date, expiration date, and account nickname.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Maximum Upload File Size (max_upload_file_size) The maximum upload size for files (expressed in MB)
Maximum Archive File size (max_archive_file_size) The maximum upload size for archives (expressed in MB)
Maximum Archive File Number (max_archive_file_number) The maximum number of files contained in an archive
Limit Prevention (limit_prevention) The daily limit of Prevention API calls. The daily limit is reset 24 hours after the first call on a given day.
Limit Reputation (limit_reputation) The daily limit of Reputation API calls. The daily limit is reset 24 hours after the first call on a given day.
Limit Sandbox (limit_sandbox) The daily limit of Sandbox API calls. The daily limit is reset 24 hours after the first call on a given day.
Limit feed (limit_feed) The daily limit of Feed API calls. The daily limit is reset 24 hours after the first call on a given day.
QoS Scan (qos_scan) The selected scan queue, based on the apikey type
Updated at (updated_at) The last date when the apikey information was updated
Created at (created_at) The date when the apikey was created
Portal API Key (portal_api_key) The apikey that has been queried
Source (source) Provides information about the remaining usage limits for an API key. It indicates how many more API requests can be made using the specific API key, helping users manage their resource allocation effectively.
Workflow Rule (workflow_rule) Signifies the defined set of rules or conditions that determine the workflow or sequence of actions that the API key is allowed to perform. This parameter helps manage and control the usage of the API key by specifying the specific actions, restrictions, or processes that can be executed within the given limits.
Votes (votes) Refers to the count or allowance of votes that a user or API key has for certain actions or decisions within the platform.
Vulnerability Submissions (vulnerability_submissions) Number of vulnerability submissions done by the user correlated to the queried apikey
Expiration Date (expiration_date) The expiration date of the apikey. For paid apikeys this date is in the future.
Time interval (time_interval) The duration of time your apikey limit lasts for (daily for most)
Nickname (nickname) The nickname of the user correlated to the queried apikey
Paid User (paid_user) This parameter helps distinguish between paid and free users, potentially affecting usage limits, features, or privileges within the API based on the subscription level.
License Change Note (license_change_note) Informations about the licenses changes
MDC Licence Type (mdc_license_type) Informations about the Modification Detection Code license
SSO User ID (sso_user_id) The SSO user id corresponding to the apikey
User ID (userid) The userid corresponding to the apikey

MetaDefender Cloud/API Key Limits method

Retrieve information about the consumed limits for an apikey.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Reputation API (reputation_api) The consumed Reputation API limits for the apikey
Prevention API (prevention_api) The consumed Prevention API limits for the apikey
Feed API (feed_api) The consumed Feed API limits for the apikey
Download File (download_file) The consumed limits for file downloads for the apikey
Sandbox API (sandbox_api) The consumed Dynamic Analysis API limits for the apikey

MetaDefender Cloud/API Key Scan History method

Retrieve a paginated list of files uploaded by the user in reverse chronological order (newest to oldest).

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
limit How many entries you want to return per request (default is 10000)
offset How many files you want to skip from the latest request (default is 0)
Outputs Description
API Key History (data) The History of API Key

MetaDefender Cloud/API Key Remaining Limits method

Retrieve information about the remaining limits for an apikey.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Reputation API (reputation_api) The remaining Reputation API limits for the apikey
Threat Intel Search API (threat_intel_search_api) The remaining Threat Intel Search API limits for the apikey
Prevention API (prevention_api) The remaining Prevention API limits for the apikey
Download File (download_file) The remaining limits for file downloads for the apikey
Sandbox API (sandbox_api) The remaining Dynamic Analysis API limits for the apikey
Feed API (feed_api) The remaining Feed API limits for the apikey
Throttling Limit (throttling_limit) The remaining Throttling limits for the apikey

MetaDefender Cloud/API Version method

This endpoint shows the current version of the API.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
Version (version) The version of the current API

MetaDefender Cloud/Engine Definitions method

Returns a list of active anti-malware engines available, as well as the day and time of the engine definition.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Outputs Description
AegisLab (AegisLab) Engine used for analysis
AhnLab (AhnLab) Engine used for analysis
Antiy (Antiy) Engine used for analysis
Avira (Avira) Engine used for analysis
Bitdefender (Bitdefender) Engine used for analysis
ClamAV (ClamAV) Engine used for analysis
Comodo (Comodo) Engine used for analysis
CrowdStrike Falcon ML (CrowdStrike_Falcon_ML) Engine used for analysis
Cyren (Cyren) Engine used for analysis
Emsisoft (Emsisoft) Engine used for analysis
ESET (ESET) Engine used for analysis
Filseclab (Filseclab) Engine used for analysis
Huorong (Huorong) Engine used for analysis
IKARUS (IKARUS) Engine used for analysis
K7 (K7) Engine used for analysis
Kaspersky (Kaspersky) Engine used for analysis
McAfee (McAfee) Engine used for analysis
Microsoft Defender (Microsoft_Defender) Engine used for analysis
NANOAV (NANOAV) Engine used for analysis
Quick Heal (Quick_Heal) Engine used for analysis
RocketCyber (RocketCyber) Engine used for analysis
Scrutiny (Scrutiny) Engine used for analysis
Sophos (Sophos) Engine used for analysis
TACHYON (TACHYON) Engine used for analysis
Trend Micro (Trend_Micro) Engine used for analysis
Trend Micro HouseCall (Trend_Micro_HouseCall) Engine used for analysis
Varist (Varist) Engine used for analysis
Vir.IT eXplorer (Vir_IT_eXplorer) Engine used for analysis
Vir.IT ML (Vir_IT_ML) Engine used for analysis
VirusBlokAda (VirusBlokAda) Engine used for analysis
Webroot SMD (Webroot SMD) Engine used for analysis
Xvirus Anti-Malware (Xvirus_Anti_Malware) Engine used for analysis
Zillya! (Zillya) Engine used for analysis

MetaDefender Cloud/Latest Clean Hashes method

Sorted chronologically, this feed exposes the latests clean hashes up to 30 days old and is updated continuously. This feed is designed to be used as a live allowlist of hashes to be quarantined.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Page This denotes the page number that the data is on (each page has 1000 entries)
Date Date when the hash was last scanned
Category File type category. When used, only return hashes of this file type
Outputs Description
From (from) Timestamp of the starting point of the data retrieved from the API call.
To (to) Timestamp of the finishing point of the data retrieved from the API call.
Hashes (hashes) The list of hashes of the cleaned files

MetaDefender Cloud/Latest Infected Hashes method

This feed exposes the latest infected hashes up to 30 days old and is updated continuously. This feed is designed to be used as a live blocklist of hashes to be quarantined.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Page This denotes the page number that the data is on (each page has 1000 entries)
Date Date when the hash was last scanned
Category File type category. When used, only return hashes of this file type
Outputs Description
From (from) Timestamp of the starting point of the data retrieved from the API call.
To (to) Timestamp of the finishing point of the data retrieved from the API call.
Hashes (hashes) The list of hashes of the infected files

MetaDefender Cloud/Download Sanitized Files method

Download Sanitized File. The sanitized version of the file is deleted after 24 hours.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Data ID (is required) The dataId assigned to the file that underwent data sanitization
Outputs Description
Sanitized File Path (sanitizedFilePath) The sanitized file
File Expired (file_expired) The sanitized file

MetaDefender Cloud/EXIF Lookup method

Look up the EXIF of a hash by md5, sha1 or sha256. EXIF is an open standard for storing metadata in images, information like date and time when the image was taken, geolocation of device hardware ID.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
EXIF Hash (is required) The MD5, SHA1 or SHA256 hash that you need exif info for
Outputs Description
Megapixels (Megapixels) Provides the resolution information of an image by calculating the total number of pixels in the image.
Image Size (ImageSize) This parameter provides quick insight into the physical size of the image
Chroma Sampling (YCbCrSubSampling) This output parameter that indicates the chroma subsampling scheme used in an images color representation. It determines how color information is sampled and compressed, influencing the images quality and file size.
Color Components (ColorComponents) Provides information about the number and type of color components present in image files metadata. This parameter helps understand the color composition of images and can assist in identifying any anomalies or inconsistencies in color representation within the analyzed images.
Bits Per Sample (BitsPerSample) This output parameter refers to the information about the number of bits used to represent color or grayscale values in an images pixel data. This parameter helps determine the color depth and quality of the image, aiding in image analysis and understanding its visual characteristics
Encoding Process (EncodingProcess) It provides insights into the techniques and algorithms employed during the images creation or modification. This parameter can offer valuable metadata for understanding the images origin and processing history.
Image Height (ImageHeight) Refers to the vertical dimension or height, in pixels, of an image files resolution. This parameter provides essential information about the images size and aspect ratio, aiding in understanding and processing visual content effectively.
Image Width (ImageWidth) This output parameter that provides the width dimension of an image file in pixels. This parameter offers quick access to the images horizontal size, aiding in understanding its visual characteristics and assisting in further analysis or processing.
Y Resolution (YResolution) This output parameter represents the vertical resolution of an image. It indicates the number of pixels per unit of measurement (usually inches or centimeters) along the vertical axis. This parameter helps to determine the images clarity and quality in terms of its vertical detail.
X Resolution (XResolution) This output parameter refers to the horizontal resolution information stored in the Exchangeable Image File Format (EXIF) metadata of an image. This parameter provides details about the number of pixels per unit along the horizontal axis, offering insights into the images quality and dimensions.
Resolution Unit (ResolutionUnit) This output parameter that indicates the unit of measurement used for image resolution information stored in the Exchangeable Image File Format (EXIF) metadata of an image. This parameter helps determine how the resolution values (width and height) of the image should be interpreted and displayed, whether in pixels per inch (PPI) or pixels per centimeter (PPCM).
JFIF Version (JFIFVersion) Refers to the version information associated with the JPEG File Interchange Format (JFIF) used in an image files metadata. This parameter indicates the specific version of the JFIF standard that the image follows, providing insights into the images format and compatibility.
MIME Type (MIMEType) The MIME type provides information about the nature and format of the file, helping to determine how it should be handled or interpreted. This parameter assists in identifying the files content type and guiding appropriate processing or security measures based on the detected MIME type.
File Type Extension (FileTypeExtension) This output parameter refers to the specific file extension associated with the analyzed image or file
File Type (FileType) This output parameter provides information about the specific type or format of the image file being analyzed.
File Size (FileSize) Provides information about the size of the file being analyzed
File Name (FileName) This output parameter represents the name of the file being analyzed.
ExifToolVersion (ExifToolVersion) Version information of the ExifTool software used to extract and process metadata from files

MetaDefender Cloud/PE Info Lookup method

Look up the PE (portable executable file format) info of a hash by MD5, SHA1 or SHA256. With PE info specifications for executable files information like executable headers, section headers, import and export tables, application resources and others can be viewed and analyzed.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
PE Info Hash (is required) The MD5, SHA1 or SHA256 hash that you need PE info for
Outputs Description
Section Headers (section_headers) Metadata and characteristics of the sections within the PE file
Number of relocations (number_of_relocations) This parameter helps analyze potential code modifications or tampering in the file, aiding in identifying suspicious or altered software components
Characteristics (characteristics) Provides key attributes and properties of a Portable Executable (PE) file. These characteristics include information about the files structure, behavior, and capabilities, aiding in the analysis and understanding of the files potential impact on a system
Virtual address (virtual_address) This output parameter represents the memory address where a specific element within a Portable Executable (PE) file is loaded when the file is executed. This parameter provides crucial information about the files internal structure and layout, aiding in understanding how the file functions within a computers memory during runtime
MD5 (md5) Provide the MD5 hash of the PE file being analyzed
Imported Dlls (imported_dlls) Refers to a list of Dynamic Link Libraries (DLLs) that a Portable Executable (PE) file, often an executable or a binary, depends on. These DLLs are external components that the PE file needs to execute properly
Original Filename (original_filename) This information offers insights into the initial name of the file before any potential renaming or modification occurred
Infomartion Comments (comments) Parameter provides supplementary textual notes or comments associated with the version information of a PE file, offering insights into the purpose, updates, or other relevant details about the executable
Product Version (product_version) This data reveals the version of the software or application that created the file, aiding in software identification and compatibility assessment
Company Name (company_name) This parameter provides insight into the company or organization associated with the creation or distribution of the analyzed file, aiding in identifying its source and potential legitimacy.
Product Name (product_name) The name of the product from the version information embedded within a PE file
File Description (file_description) Description of file
OS Version (os_version) This parameter offers insights into the specific version of the operating system for which the PE file was designed, aiding in compatibility and security assessments
Characteristics (characteristics) This parameter offers valuable insights into the structural and operational aspects of the PE file
Machine Type (machine_type) This helps identify the target architecture for which the file is intended, aiding in compatibility and analysis

MetaDefender Cloud/APK Manifest Lookup method

Look up the APK manifest analysis of a hash by MD5, SHA1 or SHA256.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
APK Hash (is required) The MD5, SHA1 or SHA256 hash containing the Android Manifest information
Outputs Description
Version Code (versionCode) This value helps uniquely identify and track different versions of the app, assisting in app management, updates, and compatibility checks.
Version Name (versionName) Refers to a field that specifies the human-readable version of an Android application. It helps users identify and understand the version of the app being analyzed.
Package (package) Refers to the unique identifier assigned to an Android application. This identifier is crucial for distinguishing and managing different apps, aiding in their proper installation, updates, and security assessment.
User Permissions (usesPermissions) A list of permissions requested by an Android app (APK). These permissions indicate what actions or resources the app can access on a users device, helping to assess potential security and privacy risks associated with the apps behavior.
Permissions (permissions) A list of permissions requested by an Android apps APK file. These permissions indicate the actions and resources the app can access on a users device, helping to assess potential security and privacy implications.
Permission Trees (permissionTrees) Refers to a specific output parameter that provides information about hierarchical permission relationships within an Android application (APK). It outlines the permissions requested by the app and their interconnections, helping to understand how different permissions relate to one another in the apps structure.
Permission Groups (permissionGroups) The Sets of permissions within Android apps that share related functionalities.
Minimum SDK Version (minSdkVersion) Indicates the minimum Android operating system version required for the analyzed Android app (APK file) to function correctly.
Target SDK Version (targetSdkVersion) This parameter refers to the designated version of the Android software development kit (SDK) that the Android app is specifically designed to target.
Use features (usesFeatures) This parameter indicates the hardware and software features that an Android application (APK) utilizes or requires to function properly on a device.
Application (application)

MetaDefender Cloud/Scan Reports via Multiple Hashes method

Look up the scan results based on MD5, SHA1, or SHA256 for multiple data hashes.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) A list of hashes what is used to identify files (MD5, SHA1 or SHA256)
Outputs Description
Data (data) The results of the reports

MetaDefender Cloud/Scan Report via Hash method

Retrieve scan reports by looking up a hash using MD5, SHA1 or SHA256.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) The MD5, SHA1 or SHA256 hash you want to look up information for
Outputs Description
Scan History Length (scan_result_history_length) How many historical scan results for a particular file or resource are stored and accessible.
Votes Down (votes_down) The number of the votes from community
Votes Up (votes_up) The number of the votes from community
Threat Name (threat_name) The name of the threat detected
Malware Type (malware_type) Provides essential information gained from analyzing malicious software.
Malware Family (malware_family) This output parameter categorizes specific types of malicious software based on shared characteristics and behaviors
Blocked Reason (blocked_reason) The reason of the block
Progress Percentage (progress_percentage) The progress of the analyses
Informations Result (process_info_result) The action what was taken after the scan of the file
File Size (file_info_file_size) The size of file
File Upload Timestamp (file_info_upload_timestamp) The exact date and time when the file was uploaded to platform
File Type Description (file_info_file_type_description) Descriptive representation of the format of a file
Display Name (file_info_display_name) User-friendly label associated with a particular entity

MetaDefender Cloud/Scan History method

Look up the scan history of a hash by MD5, SHA1, or SHA256 (some scan histories can have hundreds of entries).

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) The MD5, SHA1 or SHA256 hash for the file that you want the scan history for
Limit Pagination - how many entries you want to return
Offset Pagination - how many entries to skip (sorted chronologically)
Outputs Description
Result History (scan_result_history) Scan history of the hash

MetaDefender Cloud/IP Lookup method

Retrieve information about given IP (IPv4 + IPv6) from a CIF server.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
IP (is required) MD5 or SHA256 hash of a submitted file
Outputs Description
IP (address) The IP which is investigated
Start time (lookup_results_start_time) The start time of the investigations
Detected By (lookup_results_detected_by) The number of antiviruses used in scan
Sources (lookup_results_sources) The result of antiviruses used in analysis
Country Name (country_name) The country where the IP originates
City Name (city_name) The city where the IP originates
Subdivisions (city_subdivisions) More details about geolocations

MetaDefender Cloud/IP Bulk Lookup method

Retrieve information about a list of IPs (Pv4/IPv6).

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
IPs (is required) An array of IPs for investigations
Outputs Description
Results (data) The result of the lookup

MetaDefender Cloud/URL Lookup method

Retrieve information about given observable (URL) from a CIF server.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
URL (is required) The URL which is investigated
Outputs Description
URL (address) The URL investigated
Start time (lookup_results_start_time) The start time of the investigation
Detected By (lookup_results_detected_by) The number of antiviruses used in scan
Sources (lookup_results_sources) The result from antiviruses used in analysis

MetaDefender Cloud/URL Bulk Lookup method

Retrieve information about a list of given observables (URLs) from a CIF server.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
URLs (is required) An array of URLs which will be investigated
Outputs Description
Results (data) The results of the lookup

MetaDefender Cloud/Domain Lookup method

Retrieve information about a given fully qualified domain name (FQDN) from a CIF server including but not limited to: provider of the FQDN, a security assessment about the FQDN, and time of detection.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Domain (is required) The investigated domain
Outputs Description
Domain (address) The investigated result
Start time (lookup_results_start_time) The start time of the investigation
Detected By (lookup_results_detected_by) The number of antiviruses used in scan
Sources (lookup_results_sources) The result of antiviruses used in analysis

MetaDefender Cloud/Domain Bulk Lookup method

Retrieve information about a list of fully qualified domain names (FQDNs) from a CIF server including but not limited to: provider of the FQDNs, a security assessment about the FQDNs, and time of detection.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
FQDNs (is required) An array with investigated domain
Outputs Description
Results (data) The result of the lookup

MetaDefender Cloud/File Analysis Data method

Provides file analysis data on hashes (MD5, SHA1, or SHA256). Metadata can include relevant portions of static and dynamic analysis, AV scan information, file sources.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) A hash is used to identify a file (MD5, SHA1 or SHA256)
Outputs Description
MD5 (md5) MD5 of analyzed file
SHA1 (sha1) SHA1 of analyzed file
SHA256 (sha256) SHA256 of analyzed file
First Seen (first_seen) The timestamp when the file was first time seen
Last Seen (last_seen) The timestamp when the file was first last time seen
Update Timestamp (update_timestamp) The timestamp when the previous timestamp was updated
File Info (file_info) Information about the file
File Sources (file_sources) Informations about the file sources
Last Antivirus Scan (last_av_scan) Informations about last antivirus scan
Trust Factor (trust_factor) The value of trust calculated by MetaDegfender
Dynamic Analysis Data (dynamic_analysis_data) The value of Dynamic Analysis Data
Static Analysis Data (static_analysis_data) The value of Static Analysis Data
Network Access Data (network_access_data) The value of Network Access Data
Mutex Data (mutex_data) Informations about mutex
Certificate Data (certificate_data) The timestamp of certificate

MetaDefender Cloud/File Analysis Data Bulk Lookup method

Bulk lookup of file analysis data on hashes (MD5, SHA1, or SHA256). Metadata can include relevant portions of static and dynamic analysis, AV scan information, file sources.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Hash (is required) A hash is used to identify a file (MD5, SHA1 or SHA256)
Outputs Description
Results from analysis (data) The results from analysis

MetaDefender Cloud/Search for Hashes method

Search for hashes using multi-part search criteria.

Inputs Description
Token (is required) To use the MetaDefenderCloud API, you must have an API key.
Greater than (>) (is required) Comparison Operator
Less than (<) (is required) Comparison Operator
File Extension Type (is required) The extension of the file
Standard Threat Name (is required) This parameter refers to the recognized and standardized name given to a specific type of threat or malware
Limit (is required) Maximum Responses Received
Outputs Description
The Hashes resulted from API call (data) The result of the request

MyIp.ms

MyIP.ms/IP Address Information method

Get information about IP addresses.

Inputs Description
IP or Website Name (is required) The IP or Website Name which is investigated
Outputs Description
Query (query) The investigated IP or Domain
Website (website) Full site name
Status (status) The status of the API call
Popularity(popularity) Details about popularity of the investigated IP or Domain
IPv4 Address(ip_address) IPv4 address
IPv6 Address(ipv6_address) IPv6 address
Location(location) The location of the investigated IP or Domain
Reverse DNS(reverse_dns) Details about Reverse DNS
Owners(owners) Details about the owners of the IP or Domain investigated
DNS(dns) A list of multiple DNS servers
IP Change History(ip_change_history) Details about IP changes

Neutrino API

NeutrinoAPI/Domain Lookup method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Host (is required) A domain name, hostname, FQDN, URL, HTML link or email address to lookup
Live For domains that we have never seen before then perform various live checks and realtime reconnaissance.NOTE: this option may add additional non-deterministic delay to the request, if you require consistently fast API response times or just want to check our domain blocklists then you can disable this option
Outputs Description
FQDN (fqdn) The fully qualified domain name (FQDN)
DNS Provider (dns_provider) The primary domain of the DNS provider for this domain
Blocklists (blocklists) An array of strings indicating which blocklist categories this domain is listed on. Current categories are: phishing, malware, spam, anonymizer, nefarious
TLD (tld) The top-level domain (TLD)
Is Adult (is_adult) This domain is hosting adult content such as porn, webcams, escorts, etc
Valid (valid) True if a valid domain was found. For a domain to be considered valid it must be registered and have valid DNS NS records
Is Malicious (is_malicious) Consider this domain malicious as it is currently listed on at least 1 blocklist
Is Governmental (is_gov) Is this domain under a government or military TLD
Is Open Network Information Center (is_opennic) Is this domain under an OpenNIC TLD
Is Subdomain (is_subdomain) Is the FQDN a subdomain of the primary domain
Registar Name (registrar_name) The name of the domain registrar owning this domain

NeutrinoAPI/Email Verify method

SMTP based email address verification. Verify real users and filter out low-quality email addresses.Email verify does everything the Email Validate API does but takes validation one step further and performs a realtime SMTP based lookup. This process is similar to how a real email is delivered, so it can verify if an email would actually make it to the recipient address. Our SMTP process will identify if the username exists at the email service provider and can also check if the domain is setup as a catch-all (will accept mail for any address).

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Email (is required) An email address
Fix Typos Automatically attempt to fix typos in the address
Outputs Description
SMTP Status (smtp_status) The SMTP username verification status for this address:ok - verification was successful, this is a real username that can receive mailabsent - this username or domain is not registered with the email service providerinvalid - not a valid email address, check the domain-status field for specific detailsunresponsive - the mail servers for this domain have repeatedly timed-out or refused multiple connection attemptsunknown - sorry, we could not reliably determine the status of this username
Typos Fixed (typos_fixed) True if any typos have been fixed. The fix-typos option must be enabled for this to work
Domain Error (domain_error) True if this address has any domain name or DNS related errors. Check the domain-status field for the detailed error reason
Verified (verified) True if this email address has passed SMTP username verification. Check the smtp-status and domain-status fields for specific verification details
Is Free Email (is_freemail) True if this address is from a free email provider
Is Disposable (is_disposable) True if this address is a disposable, temporary or darknet related email address
Valid (valid) Is this a valid email address. To be valid an email must have: correct syntax, a registered and active domain name, correct DNS records and operational MX servers
Is Catch All (is_catch_all) True if this email domain has a catch-all policy. A catch-all domain will accept mail for any username so therefor the smtp-status will always be ok
Is deferred (is_deferred) True if the mail server responded with a temporary failure (either a 4xx response code or unresponsive server). You can retry this address later, we recommend waiting at least 15 minutes before retrying
Provider (provider) The domain name of the email hosting provider
Domain (domain) The domain name of this email address
SMTP Response (smtp_response) The raw SMTP response message received during verification
Syntax Error (syntax_error) True if this address has any syntax errors or is not in RFC compliant formatting
Is Personal (is_personal) True if this address likely belongs to a person. False if this is a role based address, e.g. admin@, help@, office@, etc.
Email (email) The complete email address. If you enabled the fix-typos option then this will be the corrected address
MX IP (mx_ip) The first resolved IP address of the primary MX server, may be empty if there are domain errors present

NeutrinoAPI/IP Probe method

Execute a realtime network probe against an IPv4 or IPv6 address.This API will run a series of live network scans and service probes to extract useful details about the host provider.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
IP (is required) IPv4 or IPv6 address
Outputs Description
Region Code (region_code) ISO 3166-2 region code (if detectable)
Country (country) Full country name
Country Code (country_code) ISO 2-letter country code
Provider Domain (provider_domain) The domain name of the provider
City (city) Full city name (if detectable)
VPN Domain (vpn_domain) The domain of the VPN provider (may be empty if the VPN domain is not detectable)
Is VPN (is_vpn) True if this IP ia a VPN
Is Classless Inter-Domain Routing (CIDR) (as_cidr) The autonomous system (AS) CIDR range
Valid (valid) True if this is a valid IPv4 or IPv6 address
Provider Type (provider_type) The detected provider type, possible values are:isp - IP belongs to an internet service provider. This includes both mobile, home and business internet providershosting - IP belongs to a hosting company. This includes website hosting, cloud computing platforms and colocation facilitiesvpn - IP belongs to a VPN providerproxy - IP belongs to a proxy service. This includes HTTP/SOCKS proxies and browser based proxiesuniversity - IP belongs to a university/college/campusgovernment - IP belongs to a government department. This includes military facilitiescommercial - IP belongs to a commercial entity such as a corporate headquarters or company officeunknown - could not identify the provider type
Hostname (hostname) The IPs full hostname (PTR)
Is Bogon (is_bogon) True if this is a bogon IP address such as a private network, local network or reserved address
Provider Description (provider_description) A description of the provider (usually extracted from the providers website)
AS Country Code 3 (as_country_code3) The autonomous system (AS) ISO 3-letter country code
Is V4 Mapped (is_v4_mapped) True if this is a IPv4 mapped IPv6 address
Is ISP (is_isp) True if this IP belongs to an internet service provider. Note that this can still be true even if the provider type is VPN/proxy, this occurs in the case that the IP is detected as both types
AS Description (as_description) The autonomous system (AS) description / company name
As Domains (as_domains) Array of all the domains associated with the autonomous system (AS)
Host Domain (host_domain) The IPs host domain
Is Proxy (is_proxy) True if this IP ia a proxy
ASN (asn) The autonomous system (AS) number
Is V6 (is_v6) True if this is a IPv6 address. False if IPv4

NeutrinoAPI/IP Block List method

The IP Blocklist API will detect potentially malicious or dangerous IP addresses.Use this API for identifying malicious hosts, anonymous proxies, tor, botnets, spammers and more.Block, filter or flag traffic to help reduce attacks on your networks and software stacks. IP addresses are automatically removed from the blocklist after 7 days provided no other malicious activity is detected.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
IP (is required)
VPN Lookup Include public VPN provider IP addresses.NOTE: For more advanced VPN detection including the ability to identify private and stealth VPNs use the IP Probe API
Outputs Description
Is Hijacked (is_hijacked) IP is part of a hijacked netblock or a netblock controlled by a criminal organization
Is Spider (is_spider) IP is running a hostile web spider / web crawler
Is TOR (is_tor) IP is a Tor node or running a Tor related service
Is Dshield (is_dshield) IP has been flagged as a significant attack source by DShield (dshield.org)
Is VPN (is_vpn) IP belongs to a public VPN provider (only set if the vpn-lookup option is enabled)
Is Spyware (is_spyware) IP is involved in distributing or is running spyware
Is VPN (is_vpn) IP belongs to a public VPN provider (only set if the vpn-lookup option is enabled)
Is Spam Bot (is_spam_bot) IP address is hosting a spam bot, comment spamming or any other spamming type software
Blocklists (blocklists) An array of strings indicating which blocklist categories this IP is listed on
Is Bot (is_bot) IP is hosting a malicious bot or is part of a botnet. This is a broad category which includes brute-force crackers
Sensors (sensors) An array of objects containing details on which specific sensors detected the IP
CIDR (cidr) The CIDR address for this listing (only set if the IP is listed)
Is Malware (is_malware) IP is involved in distributing or is running malware
Is Exploit Bot (is_exploit_bot) IP is hosting an exploit finding bot or is running exploit scanning software
Is Proxy (is_proxy) IP has been detected as an anonymous web proxy or anonymous HTTP proxy
Is Listed (is_listed) Is this IP on a blocklist

NeutrinoAPI/Host Reputation method

Check the reputation of an IP address, domain name or URL against a comprehensive list of blacklists and blocklists.The majority of the lists we check are geared towards filtering hosts involved in the sending or operation of spam however some of the lists are more specialized and will list hosts involved in other forms of cybercrime too. These lists are most commonly known as DNSBLs (Domain Name System Blackhole Lists) or RBLs (Real-time Blackhole Lists) and work using DNS based lookups. All DNSBLs have different listing and removal criteria, if you are trying to delist a host youll need to do this directly with the DNSBL operator. You can usually find more details about an active listing in the txt-record response field. If you want to only check some specific DNSBLs you can supply those using the zones option or you can use the list-rating option to check a range of different lists using our built-in rating system.This API currently checks more than 150 different DNSBLs.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Host (is required) An IP address, domain name, FQDN or URL.If you supply a domain/URL it will be checked against the URI DNSBL lists
List Ranting Only check lists with this rating or better
Zones Only check these DNSBL zones/hosts. Multiple zones can be supplied as comma-separated values
Outputs Description
Lists (lists) Array of objects for each DNSBL (Domain Name System Blacklist)

NeutrinoAPI/IP Info method

Get location information about an IP address and do reverse DNS (PTR) lookups.Identify the geolocation of an IP address down to the city level, including the geographic coordinates (latitude, longitude) and detailed locale information. Our geolocation database is continuously updated in realtime as Internet address allocation changes and as new IP ranges come online. The API supports both IPv4 and IPv6.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
IP (is required) IPv4 or IPv6 address
Reverse Lookup Do a reverse DNS (PTR) lookup. This option can add extra delay to the request so only use it if you need it
Outputs Description
Region Code (region_code) ISO 3166-2 region code (if detectable)
Country (country) Full country name
Country Code (country_code) ISO 2-letter country code
City (city) Name of the city (if detectable)
IP (ip) The IP address
Valid (valid) True if this is a valid IPv4 or IPv6 address
Is V4 Mapped (is_v4_mapped) True if this is a IPv4 mapped IPv6 address
Hostname (hostname) The IPs full hostname (only set if reverse-lookup has been used)
Host Domain (host_domain) The IPs host domain (only set if reverse-lookup has been used)
Is Bogon (is_bogon) True if this is a bogon IP address such as a private network, local network or reserved address
Is V6 (is_v6) True if this is a IPv6 address. False if IPv4
Timezone (timezone) Map containing timezone details for the location

NeutrinoAPI/Geocode Address method

Geocode an address, partial address or just the name of a place.Address geocoding is the process of taking a string and attempting to match this with possible real world locations. This is the opposite process of reverse geocoding. Once a location is found you can then retrieve the geographic coordinates as latitude and longitude. If more than one location is found for a given string then results are ordered by most relevant to the original search address and with the highest geographic accuracy.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Address The full address, partial address or name of a place to try and locate. Comma separated address components are preferred.
House Number The house/building number to locate
Street The street/road name to locate
City The city/town name to locate
Country The county/region name to locate
State The state name to locate
Postal Code The postal code to locate
Country Code Limit result to this country (the default is no country bias)
Language Code The language to display results in, available languages are:de, en, es, fr, it, pt, ru, zh
Fuzzy Search If no matches are found for the given address, start performing a recursive fuzzy search until a geolocation is found. This option is recommended for processing user input or implementing auto-complete. We use a combination of approximate string matching and data cleansing to find possible location matches
Outputs Description
Locations (locations) A list of locations that meet the search criteria

NeutrinoAPI/Geocode Reverse method

Convert a geographic coordinate (latitude and longitude) into a real world address.This API is ideal for applications which process raw location data like coordinates obtained from mobile GPS devices. Reverse geocoding is the opposite process of address geocoding, you can get detailed location data right down to a specific building or zoomed out to the street, city or country level.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Latitude (is required) The location latitude in decimal degrees format
Longitude (is required) The location longitude in decimal degrees format
Language code The language to display results in, available languages are:de, en, es, fr, it, pt, ru
Zoom The zoom level to respond with:address - the most precise address availablestreet - the street levelcity - the city levelstate - the state levelcountry - the country level
Outputs Description
Region Code (region_code) The ISO 3166-2 region code for the location
Country (country) The country of the location
Country Code (country_code) The ISO 2-letter country code of the location
Address (address) The complete address using comma-separated values
City (city) The city of the location
Address Components (address_components) The components which make up the address such as road, city, state, etc
Timezone (timezone) Map containing timezone details for the location:
Address Road (address_road) Component which make up the address: road
Address City (address_city) Component which make up the address: city
Address Country (address_county) Component which make up the address: country
Address Suburban (address_suburb) Component which make up the address: suburb
House Number (address_house_number) Component which make up the address: house number
Postal Code (postal_code) The postal code for the location
Found (found) True if these coordinates map to a real location

NeutrinoAPI/Phone Verify method

Make an automated call to any valid phone number and playback a unique security code.Use this API to verify personal details, help reduce fraud and in authentication systems for implementing multi-factor (MFA and 2FA) authentication. Supply your own security code for use in TOTP systems (the most common standard for 2FA implementations) or let us auto generate a secure random code. To then verify a delivered code you can either implement this on your side or use use the verify security code endpoint.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Number (is required) The phone number to send the verification code to
Code Length The number of digits to use in the security code (between 4 and 12)
Security Cod Pass in your own security code. This is useful if you have implemented TOTP or similar 2FA methods. If not set then we will generate a secure random code
Playback Delay The delay in milliseconds between the playback of each security code
Country Code ISO 2-letter country code, assume numbers are based in this country.If not set numbers are assumed to be in international format (with or without the leading + sign)
Language Code The language to playback the verification code in, available languages are:de - Germanen - Englishes - Spanishfr - Frenchit - Italianpt - Portugueseru - Russian
Limit Limit the total number of calls allowed to the supplied phone number, if the limit is reached within the TTL then error code 14 will be returned
Limit TTL Set the TTL in number of days that the limit option will remember a phone number (the default is 1 day and the maximum is 365 days)
Outputs Description
Security Code (security_code) The security code generated, you can save this code to perform your own verification or you can use the Verify Security Code API
Calling (calling) True if the call is being made now
Number Valid (number_valid) The security code generated, you can save this code to perform your own verification or you can use the Verify Security Code API

NeutrinoAPI/SMS Verify method

Send a unique security code to any mobile device via SMS.Use this API to verify personal details, help reduce fraud and in authentication systems for implementing multi-factor (MFA and 2FA) authentication. Supply your own security code for use in TOTP (the most common standard for 2FA implementations) or let us auto generate a secure random code. To then verify a delivered code you can either implement this on your side or use use the verify security code endpoint.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Number (is required) The phone number to send a verification code to
Code Length The number of digits to use in the security code (must be between 4 and 12)
Security Cod Pass in your own security code. This is useful if you have implemented TOTP or similar 2FA methods. If not set then we will generate a secure random code
Country Code ISO 2-letter country code, assume numbers are based in this country.If not set numbers are assumed to be in international format (with or without the leading + sign)
Language Code The language to send the verification code in, available languages are:de - Germanen - Englishes - Spanishfr - Frenchit - Italianpt - Portugueseru - Russian
Limit Limit the total number of SMS allowed to the supplied phone number, if the limit is reached within the TTL then error code 14 will be returned
Limit TTL Set the TTL in number of days that the limit option will remember a phone number (the default is 1 day and the maximum is 365 days)
Outputs Description
Security Code (security_code) The security code generated, you can save this code to perform your own verification or you can use the Verify Security Code API
Sent (sent) True if the SMS has been sen
Number Valid (number_valid) True if this a valid phone number

NeutrinoAPI/HLR Lookup method

Connect to the global mobile cellular network and retrieve the status of a mobile device.The home location register (HLR) is a central database that contains details of each mobile phone subscriber connected to the global mobile network. You can use this API to validate that a mobile number is live and registered on a mobile network in real-time. Find out the carrier name, ported number status and fetch up-to-date device status.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Number (is required) A phone number
Country Code ISO 2-letter country code, assume numbers are based in this country.If not set numbers are assumed to be in international format (with or without the leading + sign)
Outputs Description
Country (country) The phone number country
Is Ported (is_ported) Has this number been ported to another network
Country Code (country_code) ISO 4217 currency code associated with the country
Mobile Network Code (mnc) The mobile MNC number (Mobile Network Code)
Mobile Country Code (mcc) The mobile MCC number (Mobile Country Code)
Number Type (number_type) The number type, possible values are:mobilefixed-linepremium-ratetoll-freevoipunknown
International Number (international_number) The number represented in full international format
Origin Network (origin_network) The origin network/carrier name
Roaming Country Code (roaming_country_code) If the number is currently roaming, the ISO 2-letter country code of the roaming in country
International Mobile Subscriber Identity (imsi) The mobile IMSI number (International Mobile Subscriber Identity)
Local Number (local_number) The number represented in local dialing format
HLR Status (hlr_status) The HLR lookup status, possible values are:ok - the HLR lookup was successful and the device is connectedabsent - the number was once registered but the device has been switched off or out of network range for some timeunknown - the number is not known by the mobile networkinvalid - the number is not a valid mobile MSISDN numberfixed-line - the number is a registered fixed-line not mobilevoip - the number has been detected as a VOIP linefailed - the HLR lookup has failed, we could not determine the real status of this number
HLR Valid (hlr_valid) Was the HLR lookup successful. If true then this is a working and registered cell-phone or mobile device (SMS and phone calls will be delivered)
Current Network (current_network) The currently used network/carrier name
Location (location) The number location. Could be a city, region or country depending on the type of number
International Calling Code (international_calling_code) The international calling code
Ported Network (ported_network) The ported to network/carrier name (only set if the number has been ported)
Is mobile (is_mobile) True if this is a mobile number (only true with 100% certainty, if the number type is unknown this value will be false)

NeutrinoAPI/BIN Lookup method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Bin Number The BIN or IIN number. This is the first 6, 8 or 10 digits of a card number, use 8 (or more) digits for the highest level of accuracy
Customer IP Pass in the customers IP address and we will return some extra information about them
Outputs Description
Country (country) The full country name of the issuer
Country Abbreviation 2 (country_code) The ISO 2-letter country code of the issuer
Card Brand (card_brand) The card brand (e.g. Visa or Mastercard)
IP City (ip_city) The city of the customers IP (if detectable)
IP Blacklists (ip_blocklists) An array of strings indicating which blocklists this IP is listed on
IP Country Code 3 (ip_country_code3) The ISO 3-letter country code of the customers IP
Is Commercial (is_commercial) Is this a commercial/business use card
IP Country (ip_country) The country of the customers IP
Bin Number (bin_number) The BIN or IIN number
Issuer (issuer) The card issuer
Valid (valid) Is this a valid BIN or IIN number
Card Type (card_type) The card type, will always be one of: DEBIT, CREDIT, CHARGE CARD
Is Prepaid (is_prepaid) Is this a prepaid or prepaid reloadable card
IP Blacklisted (ip_blocklisted) True if the customers IP is listed on one of our blocklists
Card Category (card_category) The card category. There are many different card categories the most common card categories are: CLASSIC, BUSINESS, CORPORATE, PLATINUM, PREPAID
Issuer Phone (issuer_phone) The card issuers phone number
IP Matches BIN (ip_matches_bin) True if the customers IP country matches the BIN country
Country Abbreviations 3 (country_code3) The ISO 3-letter country code of the issuer

NeutrinoAPI/Currency Convert method

A currency and unit conversion tool.Convert between currency, cryptocurrency and various other units using an up-to-date data feed.All major currencies are updated every 15 minutes with exchange rates aggregated from multiple international exchanges and averaged out.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Value to convert (is required) The value to convert from (e.g. 10.95)
Convert From The type of the value to convert from (e.g. USD)
Convert To The type to convert to (e.g. EUR)
Outputs Description
Result (result) The result of the conversion in string format
Convert To (to_type)
Value to convert (from_value)
Convert From (from_type)
Result Float (result_float) The result of the conversion as a floating-point number

NeutrinoAPI/Browser Bot method

Parse, validate and get detailed user-agent information from a user agent string or from client hints.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
URL (is required) The URL to load
Timeout Timeout in seconds. Give up if still trying to load the page after this number of seconds
Delay Delay in seconds to wait before capturing any page data, executing selectors or JavaScript
Selector Extract content from the page DOM using this selector. Commonly known as a CSS selector
Exec Execute JavaScript on the website. This parameter accepts JavaScript as either a string containing JavaScript or for sending multiple separate statements a JSON array or POST array can also be used. If a statement returns any value it will be returned in the exec-results response. You can also use the following specially defined user interaction functions:sleep(seconds); Just wait/sleep for the specified number of seconds.click(selector); Click on the first element matching the given selector.focus(selector); Focus on the first element matching the given selector.keys(characters); Send the specified keyboard characters. Use click() or focus() first to send keys to a specific element.enter(); Send the Enter key.tab(); Send the Tab key.
User Agent Override the browsers default user-agent string with this one
Ignore Certificate Errors Ignore any TLS/SSL certificate errors and load the page anyway
Outputs Description
Security Details (security_details) Map containing details of the TLS/SSL setup
Exec Results (exec_results) If you executed any JavaScript this array holds the results as objects
Server IP (server_ip) The HTTP servers IP address
Elements (elements) Array containing all the elements matching the supplied selector.Each element object will contain the text content, HTML content and all current element attributes
Is HTTP Ok (is_http_ok) True if the HTTP status is OK (200)
Is HTTP Redirect (is_http_redirect) True if the URL responded with an HTTP redirect

NeutrinoAPI/URL Info method

Parse, analyze and retrieve content from the supplied URL.Determine if a URL is well-formed and actually hosting real content. Determine many of the URLs properties such as its current HTTP status, content size, type, encoding and load time. You can also use this API to fetch the actual URL response data for further processing or storage.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
URL (is required) The URL to probe
Fetch Content If this URL responds with html, text, json or xml then return the response. This option is useful if you want to perform further processing on the URL content (e.g. with the HTML Extract or HTML Clean APIs)
Ignore Certificate Errors Ignore any TLS/SSL certificate errors and load the URL anyway
Timeout Timeout in seconds. Give up if still trying to load the URL after this number of seconds
Retry If the request fails for any reason try again this many times
Outputs Description
HTTP Redirect (http_redirect) True if this URL responded with an HTTP redirect
Server IP (server_ip) True if this URL responded with an HTTP redirect
Title (title) The document title
Server Name (server_name) The name of the server software hosting this URL
Valid (valid) Is this a valid well-formed URL
Server Country Cod (server_country_cod) The servers IP geo-location: ISO 2-letter country code
Server Region (server_region) The servers IP geo-location: full region name (if detectable)
Server Hostname (server_hostname) The servers hostname (PTR record)
URL Protocol (url_protocol) The URL protocol, usually http or https
URL Port (url_port) The URL port

NeutrinoAPI/Email Validate method

Parse, validate and clean an email address.

Inputs Description
API Key (is required) To use this API you must have an API Key from Neutrino Website
Username (is required) The username used to Login on Neutrino Website
Email (is required) An email address
Fix Typos Automatically attempt to fix typos in the address
Outputs Description
Valid (valid) Is this a valid email address. To be valid an email must have: correct syntax, a registered and active domain name, correct DNS records and operational MX servers
Provider (provider) The domain name of the email hosting provider
Typos Fixed (typos_fixed) The complete email address. If you enabled the fix-typos option then this will be the corrected address
Domain Error (domain_error) True if this address has any domain name or DNS related errors. Check the domain-status field for the detailed error reason