RedXray-Plus Guide
  • Introduction
  • Overview
    • Cyber Threat Analysis Center (CTAC)
  • RedXray
    • API
      • 1. /COMPANIES
      • 2. /COMPANIES/IDS
      • 3. /COMPANIES/{COMPANY ID}
      • 4. /THREATS/COUNTS/{COMPANY ID}
      • 5. /THREATS/HITS/{COMPANY ID}
    • Appendices
      • Data Sets - Unique Fields
      • Data Sets - Common Fields
    • Data Sets
      • Indices
      • botnet_tracker
      • breach_data
      • keylogger_data
      • malicious_emails
      • pastebin
      • sinkhole_traffic
      • threat_recon
    • How-To Section
      • Create a Company Profile
      • Create a Portfolio (E-mail Notifications)
      • Export/Import a Company Profile
      • Export/Import a Portfolio
      • Export RedXray Indicators
      • Search Indicators
Powered by GitBook
On this page
  • 4.1 GET /threats/counts/{company id}
  • 4.2 GET /threats/counts/{company id}/{time frame}

Was this helpful?

  1. RedXray
  2. API

4. /THREATS/COUNTS/{COMPANY ID}

4.1 GET /threats/counts/{company id}

Aggregate threat counts seen within the last 24 hours. Returns the aggregate number of new threat counts seen for a single company within the last 24 hours. The counts are reported using the following categories: breach data, malware hits, malicious email hits, phishing hits, osint.

Each category corresponds to a single elasticsearch index or a group of indices in the Red Sky Alliance CTI collection. breach data corresponds to the wl_breach_data index. malware hits groups the wl_botnet_tracker, wl_sinkhole_trafc, and wl_keylogger_data indices. Malicious email hits groups the wl_malicious_emails, wl_malicious_emails_context, and wl_malicious_email_detections indices. phishing hits corresponds to the wl_threat_recon index, and osint corresponds to the wl_pastebin index.

REQUEST - PATH PARAMETERS

Name

Type

Description

*company id

string

ID of company to return threat count data for. Company IDs can be obtained using the /companies/ids endpoint.

RESPONSE MODEL - application/json

STATUS CODE - 200: : Returns a JSON object containing threat categories and the number of new threat indicators seen in each category within the last 24 hours. If this company has not had any new threats for a category within the time frame, the value will read `"No hits within the last {time frame}."

Name

Type

Description

threat_counts

array

breach_data

integer

company_name

integer

malicious_email_hits

integer

malware_hits

integer

osint

integer

phishing_hits

integer

STATUS CODE - 401: Missing or invalid API token.

STATUS CODE - 403: Account disabled, or user role prevents access to this resource.

STATUS CODE - 500: Unexpected error.

4.2 GET /threats/counts/{company id}/{time frame}

Aggregate threat counts seen within the given time frame. Returns the aggregate number of new threat counts seen for a single company within the given time frame. The counts are reported using the following categories: breach data, malware hits, malicious email hits, phishing hits, osint.

Each category corresponds to a single elasticsearch index or a group of indices in the Red Sky Alliance CTI collection. breach data corresponds to the wl_breach_data index. malware hits groups the wl_botnet_tracker, wl_sinkhole_trafc, and wl_keylogger_data indices. Malicious email hits groups the wl_malicious_emails, wl_malicious_emails_context, and wl_malicious_email_detections indices. phishing hits corresponds to the wl_threat_recon index, and osint corresponds to the wl_pastebin index.

REQUEST - PATH PARAMETERS

Name

Type

Description

*company id

string

ID of company to update. Company IDs can be obtained using the /companies/ids endpoint.

*time frame

string

Valid options are: last_24h, last_7d, last_30d, last_90d, ALL. The reporting time frame used to calculate the threat counts. For example, if last_24h is used, Redxray will return the number of new threats that were seen within the last 24 hours for the company sepcifed by {company id}. If only a {company id} is supplied, the default {time frame} is last_24h.

RESPONSE - RESPONSE MODEL - application/json

STATUS CODE - 200: : Returns a JSON object containing threat categories and the number of new threat indicators seen in each category within the time frame. If this company has not had any new threats for a category within the time frame, the value will read "No hits within the last {time frame}."

Name

Type

Description

threat_counts

array

breach_data

integer

company_name

integer

malicious_email_hits

integer

malware_hits

integer

osint

integer

phishing_hits

integer

STATUS CODE - 401: Missing or invalid API token.

STATUS CODE - 403: Account disabled, or user role prevents access to this resource.

STATUS CODE - 500: Unexpected error.

Name

Type

Description

success

string

REDXRAY is now working in the background to enrich your company data. The new company will appear in your company list when enrichment is complete. Usually this only takes a few minutes but can take longer with companies with a large number of indicators.

Name

Type

Description

threat_counts

array

breach_data

integer

company_name

integer

malicious_email_hits

integer

malware_hits

integer

osint

integer

phishing_hits

integer

STATUS CODE - 401: Missing or invalid API token.

STATUS CODE - 403: Account disabled, or user role prevents access to this resource.

STATUS CODE - 500: Unexpected error.

Previous3. /COMPANIES/{COMPANY ID}Next5. /THREATS/HITS/{COMPANY ID}

Last updated 3 years ago

Was this helpful?