API Reference
If you're looking to simply browse the API, you're in the right place, all supported endpoints can be found on this page.
Alternatively, if you have a specific use case in mind, please see the API Guides on the left hand side to see if one of the guides fits your needs.
This is an alphabetical listing of all supported endpoints.
List aliases with optional filtering and pagination.
Filter term to filter aliases
Number of items to skip
0Maximum number of items to return
100Successful Response
Validation Error
Retrieve vulnerabilities associated with a reference.
identifier: The unique hash of the URL or UUID to retrieve the reference for.
The unique hash of the URL or UUID to retrieve the reference for
Successful Response
Not found
Validation Error
Get export history
Type of export to retrieve. Allowed: vuln_intel
vuln_intelFilter by export strategy
Number of exports to return
10Successful Response
Not found
Validation Error
Get opinions grouped by observable (observable_type, observable_name). Opinions are paginated, then grouped by their observable.
Filter by observable type (e.g., ip.v4, domain)
Comma-separated list of verdicts to filter by (e.g., malicious,suspicious)
Comma-separated list of sources to filter by (exact match)
Filter opinions published after this date (ISO 8601)
Filter opinions published before this date (ISO 8601)
Field to sort by
observable_namePattern: ^(observable_name|observable_type)$Sort order - either asc or desc
ascPattern: ^(asc|desc)$Number of observables to skip
0Maximum number of observables to return
50Scope filter to optionally limit the results to global or tenant data. If no scope is provided, then both global and tenant data are returned.
^(global|tenant)$Successful Response
Not found
Validation Error
No content
Retrieve threat actors associated with a reference.
identifier: The unique hash of the URL or UUID to retrieve the reference for.
The unique hash of the URL or UUID to retrieve the reference for
Successful Response
Not found
Validation Error
Get specific observable by type and name.
Observable type (e.g., ip.v4, domain, hash.sha256)
Observable name
Scope filter to optionally limit the results to global or tenant data. The scope can be one of the following: - global: only global data
- tenant: only tenant-specific data If no scope is provided, then the first matching Observable from global and tenant data, with tenant data preferred first.
^(global|tenant)$Successful Response
Not found
Validation Error
Get a signed URL for a specific export by export UUID.
Signed URL expiration time in seconds (300-86400)
86400Successful Response
Not found
Validation Error
Get opinions for observable (via UUID lookup).
Observable UUID
Number of items to skip
0Maximum number of items to return
100Field to sort by
uuidPattern: ^(uuid|created_at|published_at|observable_type|source)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Scope filter to optionally limit the results to global or tenant data. The scope can be one of the following: - global: only global data
- tenant: only tenant-specific data If no scope is provided, then the first matching Observable from global and tenant data, with tenant data preferred first.
^(global|tenant)$Successful Response
Not found
Validation Error
Get a signed URL for the latest export.
Type of export to retrieve. Allowed: vuln_intel
vuln_intelExport strategy: full or incremental
incrementalSigned URL expiration time in seconds (300-86400)
86400Successful Response
Not found
Validation Error
The unique CVE ID or UUID of the vulnerability to retrieve
Successful Response
Not found
Validation Error
No content
The unique CVE ID or UUID of the vulnerability to retrieve
Number of items to skip
0Maximum number of items to return
100Field to sort by
published_atPattern: ^(created_at|updated_at|published_at|source)$Sort order
descPattern: ^(asc|desc)$Filter parameter (e.g., 'user_generated_content:true' or 'user_generated_content:false')
Successful Response
Not found
Validation Error
The unique CVE ID or UUID of the vulnerability to retrieve
Number of items to skip
0Maximum number of items to return
100Field to sort by
begins_atPattern: ^(created_at|updated_at|begins_at|ends_at|count)$Sort order
descPattern: ^(asc|desc)$Filter parameter (e.g., 'has_detection_signature:true', 'has_detection_signature:false')
Output model type
detailedPattern: ^(basic|detailed)$Successful Response
Not found
Validation Error
The unique CVE ID or UUID of the vulnerability to retrieve
Number of items to skip
0Maximum number of items to return
100Field to sort by
created_atPattern: ^(created_at|updated_at|disclosed_at)$Sort order
descPattern: ^(asc|desc)$Filter parameter (e.g., 'maturity:functional')
Output model type
basicPattern: ^(basic|detailed)$Successful Response
Not found
Validation Error
The unique CVE ID or UUID of the vulnerability to retrieve
Number of items to skip
0Maximum number of items to return
100Field to sort by - created_at, updated_at, vendor, product_name, or product_type
created_atPattern: ^(created_at|updated_at|vendor|product_name|product_type)$Sort order
descPattern: ^(asc|desc)$Filter parameter (e.g., 'vulnerable:true' or 'vulnerable:false')
Output model type
detailedPattern: ^(basic|detailed)$Successful Response
Not found
Validation Error
The unique UUID of the technology product advisory to retrieve
Successful Response
Not found
Validation Error
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either created_at, updated_at, source, or name
created_atPattern: ^(created_at|updated_at|source|name)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
The unique UUID of the technology product to retrieve
Successful Response
Not found
Validation Error
No content
Get vulnerabilities associated with a specific exploit with pagination and filtering.
The unique UUID of the exploit
A string used to filter vulnerabilities. It can start with specific prefixes to indicate the type of filter:
cve:: Filter by CVE ID.desc:: Filter by description.- If the filter string matches the pattern
CVE-, it will be treated as a CVE filter. - If no prefix is provided, it defaults to searching both CVE ID and description.
""The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by: cve_id, created_at, updated_at, cvss_base_score, or epss_score
cve_idPattern: ^(cve_id|created_at|updated_at|cvss_base_score|epss_score)$Sort order - either asc or desc
ascPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either created_at, updated_at, published_at, or collected_at
published_atPattern: ^(created_at|updated_at|published_at|collected_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
Get references associated with a specific story with pagination and sorting.
Returns a list of references that have been clustered into this story.
The unique UUID of the story
Field to sort by - either published_at, created_at, updated_at, title, or source_slug
published_atPattern: ^(published_at|created_at|updated_at|title|source_slug)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Successful Response
Not found
Validation Error
Retrieve a reference by its identifier.
identifier: The unique hash of the URL or UUID to retrieve the reference for.
This endpoint returns the reference object associated with the given URL hash. If no reference is found, a 404 error is returned.
The unique hash of the URL or UUID to retrieve the reference for
Successful Response
Not found
Validation Error
Get products for a specific vendor with pagination and filtering.
The unique UUID of the technology vendor
Filter products by name or description
""The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either name, created_at or updated_at
namePattern: ^(name|created_at|updated_at)$Sort order - either asc or desc
ascPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
Find stories similar to the specified story.
Uses the story's embedding vector to find other stories with similar content using inner product similarity. Results are ordered by similarity (most similar first).
Returns an empty list if the story doesn't have an embedding vector.
The unique UUID of the story
Similarity threshold (higher values are more similar, range: -1 to 1)
0.6Filter similar stories created after this date. Supports various formats including ISO 8601 (e.g., '2024-01-01T00:00:00Z'), date only (e.g., '2024-01-01'), and common formats (e.g., 'Jan 1, 2024', '1/1/2024')
Filter similar stories created before this date. Supports various formats including ISO 8601 (e.g., '2024-12-31T23:59:59Z'), date only (e.g., '2024-12-31'), and common formats (e.g., 'Dec 31, 2024', '12/31/2024')
Filter similar stories updated after this date. Supports various formats including ISO 8601 (e.g., '2024-01-01T00:00:00Z'), date only (e.g., '2024-01-01'), and common formats (e.g., 'Jan 1, 2024', '1/1/2024')
Filter similar stories updated before this date. Supports various formats including ISO 8601 (e.g., '2024-12-31T23:59:59Z'), date only (e.g., '2024-12-31'), and common formats (e.g., 'Dec 31, 2024', '12/31/2024')
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
10Successful Response
Not found
Validation Error
Get focus entities for a specific story with saliency scores.
Returns entities that are central to the story, grouped by entity type. Each entity includes its saliency score indicating how important it is to the story. Saliency score is calculated as the inner product similarity between entity mention contexts and story embedding.
Results are grouped by type (vulnerabilities, threat_actors, malware) and sorted by saliency score (highest first) within each group.
The unique UUID of the story
Minimum saliency score threshold (range: 0 to 1)
0.6Filter by entity type: vulnerability, threat_actor, or malware
^(vulnerability|threat_actor|malware)$Successful Response
Not found
Validation Error
The unique CVE ID or UUID of the vulnerability to retrieve
Number of items to skip
0Maximum number of items to return
100Field to sort by
created_atPattern: ^(created_at|updated_at|source|method|upstream_id)$Sort order
descPattern: ^(asc|desc)$Filter parameter (e.g., 'method:snort')
Output model type
basicPattern: ^(basic|detailed)$Successful Response
Not found
Validation Error
Get timeline events for a specific story with pagination and sorting.
Returns a chronological list of events that have occurred for this story, such as creation and reference assignments. Events are sorted by created_at.
The unique UUID of the story
Filter parameter (e.g., 'event_type:story_created', 'event_type:reference_assigned')
Sort order - either asc or desc
descPattern: ^(asc|desc)$The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Successful Response
Not found
Validation Error
Retrieve a reference by its identifier.
identifier: The unique hash of the URL or UUID to retrieve the reference for.
This endpoint returns the reference object associated with the given URL hash. If no reference is found, a 404 error is returned.
The unique hash of the URL or UUID to retrieve the reference for
Successful Response
Not found
Validation Error
Endpoint to lookup a weakness by its unique identifier. Can use either CWE-ID (e.g., CWE-79) or UUID.
The unique identifier of the weakness to retrieve (CWE-ID or UUID)
Successful Response
Not found
Validation Error
Endpoint to browse vulnerabilities, with filters on some criteria.
A string used to filter vulnerabilities. It can start with specific prefixes to indicate the type of filter:
cve:: Filter by CVE ID.uuid:: Filter by UUID.desc:: Filter by description.gen_description:: Filter by gen_description.gen_display_name:: Filter by gen_display_name.cisa_kev:: Filter by cisa_kev.state:: Filter by state.- If the filter string matches the pattern
CVE-or a UUID pattern, it will be treated as a specific filter. - If no prefix is provided, it defaults to a description filter.
Field to sort by - either cve_id, created_at, updated_at, enriched_at, cvss_base_score, cvss_version, epss_score, epss_percentile, trending_1d, trending_7d, or trending_30d
created_atPattern: ^(cve_id|created_at|updated_at|enriched_at|cvss_base_score|cvss_version|epss_score|epss_percentile|trending_1d|trending_7d|trending_30d)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Successful Response
Not found
Validation Error
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either created_at, updated_at, published_at, or collected_at
published_atPattern: ^(created_at|updated_at|published_at|collected_at)$Sort order - either asc or desc
descSuccessful Response
Not found
Validation Error
A string used to filter content chunks. The filter will be conducted within the content chunk embeddings.
Field to sort by - either created_at, updated_at or analyzed_at
created_atPattern: ^(created_at|updated_at|analyzed_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Successful Response
Not found
Validation Error
Endpoint to browse for threat actors, with filters on some criteria.
A string used to filter threat actors. It can start with specific prefixes to indicate the type of filter:
name:: Filter by Name, case-insensitive.uuid:: Filter by UUID, case-insensitive. If no prefix is provided, it defaults to filtering on the display_name or name fields. Examples:name:APTname:lazarus_grouplazarus_groupLazarus Group
The number of items to skip before starting to collect the result set.
0Field to sort by - either name, created_at, updated_at, enriched_at, trending_1d, trending_7d, or trending_30d
created_atPattern: ^(name|created_at|updated_at|enriched_at|trending_1d|trending_7d|trending_30d)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The maximum number of items to return.
100Successful Response
Not found
Validation Error
A string used to filter references. Allowed filter terms:
source:: filter by source. (exact match - lowercase)domain:: filter by domain. (case insensitive substring filter)url:: filter by url. (case insensitive substring filter)final_url:: filter by final_url. (case insensitive substring)title:: filter the title for a string. (case insensitive substring filter)topic:: filter the topic for a string. (case insensitive substring filter)embedding:: filter by content chunk embedding (semantic search)last_http_status:: filter by last_http_status (exact match)type:: filter by type. (exact match - converted to uppercase)- If no prefix is provided, the filter will be conducted on the url.
- All filters can be combined with date range parameters for more precise results.
Field to sort by - either created_at, updated_at, published_at, first_collected_at, or last_collected_at
published_atPattern: ^(published_at|first_collected_at|last_collected_at|created_at|updated_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The number of items to skip before starting to collect the result set.
0Whether to include user-generated content in the response.
falseThe maximum number of items to return.
100Filter references published after this date. Supports various formats including ISO 8601 (e.g., '2024-01-01T00:00:00Z'), date only (e.g., '2024-01-01'), and common formats (e.g., 'Jan 1, 2024', '1/1/2024')
Filter references published before this date. Supports various formats including ISO 8601 (e.g., '2024-12-31T23:59:59Z'), date only (e.g., '2024-12-31'), and common formats (e.g., 'Dec 31, 2024', '12/31/2024')
Filter references created after this date. Supports various formats including ISO 8601 (e.g., '2024-01-01T00:00:00Z'), date only (e.g., '2024-01-01'), and common formats (e.g., 'Jan 1, 2024', '1/1/2024')
Filter references created before this date. Supports various formats including ISO 8601 (e.g., '2024-12-31T23:59:59Z'), date only (e.g., '2024-12-31'), and common formats (e.g., 'Dec 31, 2024', '12/31/2024')
Successful Response
Not found
Validation Error
List all observables with pagination and filtering.
Filter using prefix syntax:
type:: filter by observable type prefix or exact match (e.g., type:ip or type:ip.v4)name:: filter by observable name (case insensitive)uuid:: filter by UUID (partial match)- If no prefix is provided, filters by name
Field to sort by
uuidPattern: ^(uuid|created_at|updated_at|type|name)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Number of items to skip
0Maximum number of items to return
100Scope filter to optionally limit the results to global or tenant data. If no scope is provided, then both global and tenant data are returned. The scope can be one of the following: - global: only global data
- tenant: only tenant-specific data
^(global|tenant)$Successful Response
Not found
Validation Error
Endpoint to browse for exploitations.
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either count, created_at or updated_at
created_atPattern: ^(count|created_at|updated_at|enriched_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
Retrieve a story by its UUID.
identifier: The unique UUID of the story to retrieve.
This endpoint returns the story object associated with the given UUID. If no story is found, a 404 error is returned.
The unique UUID of the story to retrieve
Successful Response
Not found
Validation Error
Endpoint to browse weaknesses based on various criteria.
Filter the weaknesses by name
""The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either name, created_at or updated_at
created_atPattern: ^(name|created_at|updated_at|enriched_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
Endpoint to browse exploits, with filters on some criteria.
A string used to filter exploits. It can start with specific prefixes to indicate the type of filter:
uuid:: Filter by UUID.url:: Filter by url.authors:: Filter by authors.maturity:: Filter by maturity.- If the filter string matches a UUID pattern, it will be treated as a specific filter.
- If no prefix is provided, it defaults to a url filter.
The number of items to skip before starting to collect the result set.
0Field to sort by - one of: url, authors, maturity, disclosed_at, created_at, or updated_at
created_atPattern: ^(url|authors|maturity|disclosed_at|created_at|updated_at|enriched_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The maximum number of items to return.
100Successful Response
Not found
Validation Error
List all opinions with filtering.
Filter using prefix syntax:
type:: filter by observable type prefix or exact match, case sensitive (e.g., type:ip or type:ip.v4)name:: filter by observable name prefix or exact match, case sensitivesource:: filter by source (case insensitive)uuid:: filter by UUID (prefix or exact match)- If no prefix is provided, filters by source
Field to sort by
uuidPattern: ^(uuid|created_at|published_at|observable_type|source)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Number of items to skip
0Maximum number of items to return
100Scope filter to optionally limit the results to global or tenant data. The scope can be one of the following: - global: only global data
- tenant: only tenant-specific data If no scope is provided, then both global and tenant data are returned.
^(global|tenant)$Successful Response
Not found
Validation Error
Endpoint to browse for products.
Filter the products by name
""The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either name, created_at or updated_at
created_atPattern: ^(name|created_at|updated_at|enriched_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
Get paginated list of stories.
Stories are collections of related references that have been clustered together based on content similarity and temporal proximity.
A string used to filter stories. Allowed filter terms:
title:: filter by title (case insensitive substring)description:: filter by description (case insensitive substring)min_refs:: filter by minimum reference count (e.g., min_refs:5)max_refs:: filter by maximum reference count (e.g., max_refs:10)- If no prefix is provided, the filter will search in the title.
Filter stories created after this date. Supports various formats including ISO 8601 (e.g., '2024-01-01T00:00:00Z'), date only (e.g., '2024-01-01'), and common formats (e.g., 'Jan 1, 2024', '1/1/2024')
Filter stories created before this date. Supports various formats including ISO 8601 (e.g., '2024-12-31T23:59:59Z'), date only (e.g., '2024-12-31'), and common formats (e.g., 'Dec 31, 2024', '12/31/2024')
Filter stories updated after this date. Supports various formats including ISO 8601 (e.g., '2024-01-01T00:00:00Z'), date only (e.g., '2024-01-01'), and common formats (e.g., 'Jan 1, 2024', '1/1/2024')
Filter stories updated before this date. Supports various formats including ISO 8601 (e.g., '2024-12-31T23:59:59Z'), date only (e.g., '2024-12-31'), and common formats (e.g., 'Dec 31, 2024', '12/31/2024')
Field to sort by - either created_at, updated_at, title, or reference_count
created_atPattern: ^(created_at|updated_at|title|reference_count)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Successful Response
Not found
Validation Error
Endpoint to browse for malware, with filters on some criteria.
A string used to filter malware. It can start with specific prefixes to indicate the type of filter:
name:: Filter by Name.uuid:: Filter by UUID.- If no prefix is provided, it defaults to a name filter.
The number of items to skip before starting to collect the result set.
0Field to sort by - either name, created_at, updated_at or enriched_at
created_atPattern: ^(name|created_at|updated_at|enriched_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$The maximum number of items to return.
100Successful Response
Not found
Validation Error
Base exports endpoint. Returns export history and mirrors /history.
Type of export to retrieve. Allowed: vuln_intel
vuln_intelFilter by export strategy
Number of exports to return
10Successful Response
Not found
Validation Error
Endpoint to browse vendors based on various criteria.
Filter the vendors by name
""The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either name, created_at or updated_at
created_atPattern: ^(name|created_at|updated_at|enriched_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
List recurring tasks with optional filtering.
Case-insensitive search on the prompt field
Filter by workspace UUID
Filter by status, one of: active, paused
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Successful Response
Not found
Validation Error
Endpoint to browse for detection signatures, with filters on some criteria.
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
100Field to sort by - either name, created_at or updated_at
created_atPattern: ^(name|created_at|updated_at|enriched_at)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Successful Response
Not found
Validation Error
Endpoint to retrieve a list of bulletins.
The number of items to skip before starting to collect the result set.
0The maximum number of items to return.
7Successful Response
Not found
Validation Error
Get opinions for observable (direct lookup by type and name).
Observable type (e.g., ip.v4, domain, hash.sha256)
Observable name
Number of items to skip
0Maximum number of items to return
100Field to sort by
uuidPattern: ^(uuid|created_at|published_at|observable_type|observable_name|source)$Sort order - either asc or desc
descPattern: ^(asc|desc)$Scope filter to optionally limit the results to global or tenant data. If no scope is provided, the default is to return both global and tenant data. The scope can be one of the following: - global: only global data
- tenant: only tenant-specific data
^(global|tenant)$Successful Response
Not found
Validation Error
Last updated