RedXray-Plus Guide
  • Introduction
  • Overview
    • Cyber Threat Analysis Center (CTAC)
  • RedXray
    • API
      • 1. /COMPANIES
      • 2. /COMPANIES/IDS
      • 3. /COMPANIES/{COMPANY ID}
      • 4. /THREATS/COUNTS/{COMPANY ID}
      • 5. /THREATS/HITS/{COMPANY ID}
    • Appendices
      • Data Sets - Unique Fields
      • Data Sets - Common Fields
    • Data Sets
      • Indices
      • botnet_tracker
      • breach_data
      • keylogger_data
      • malicious_emails
      • pastebin
      • sinkhole_traffic
      • threat_recon
    • How-To Section
      • Create a Company Profile
      • Create a Portfolio (E-mail Notifications)
      • Export/Import a Company Profile
      • Export/Import a Portfolio
      • Export RedXray Indicators
      • Search Indicators
Powered by GitBook
On this page
  • 5.1 GET /threats/hits/{company id}
  • 5.2 GET /threats/hits/{company id}/{time frame}

Was this helpful?

  1. RedXray
  2. API

5. /THREATS/HITS/{COMPANY ID}

5.1 GET /threats/hits/{company id}

Raw threat data seen within the last 24 hours. Returns the threat hits (raw threat data) for a company from Red Sky Alliance CTI collection that has been seen within the last 24 hours. Results are paginated with 1000 documents per page. The threat document schema depends on the CTI index it is sourced from. CTI index schemas can be found in the CTAC GUIDE.

REQUEST - PATH PARAMETERS

Name

Type

Description

*company id

string

ID of company to return threat hits for. Company IDs can be obtained using the / companies/ids endpoint.

REQUEST - QUERY PARAMETERS

Name

Type

Description

page

string

page number of results to retreive

RESPONSE MODEL - application/json

STATUS CODE - 200: : Returns a JSON object containing metadata (see ThreatHits schema) for this results page and a JSON array of CTI documents containing the threat hits. CTI document schemas can be found in the CTAC GUIDE (https://wapack-labs-llc.gitbook.io/ctac-guide/overview/elastic-stack/data-sets).

Name

Type

Description

hits

object

hits

array

max_per_page

integer

Maximum number of documents per page

time frame

string

The time frame used for this query

total

integer

Total number of threat documents in all pages

pages

object

The current page

total

integer

Totle number of pages

STATUS CODE - 401: Missing or invalid API token.

STATUS CODE - 403: Account disabled, or user role prevents access to this resource.

STATUS CODE - 500: Unexpected error.

5.2 GET /threats/hits/{company id}/{time frame}

Raw threat data seen within the time frame. Returns threat hits (raw threat data) for a company from the Red Sky Alliance CTI collection that has been seen within the time frame. Results are paginated with 1000 documents per page. The threat document schema depends on the CTI index it is sourced from. CTI index schemas can be found in the CTAC GUIDE.

REQUEST - PATH PARAMETERS

Name

Type

Description

*company id

string

ID of company to return threat hits for. Company IDs can be obtained using the / companies/ids endpoint.

*time frame

string

Valid options are: last_24h, last_7d, last_30d, last_90d, ALL. The reporting time frame used to calculate the threat counts. For example, if last_24h is used, Redxray will return the number of new threats that were seen within the last 24 hours for the company specifed by {company id}. If only a {company id} is supplied, the default {time frame} is last_24h

REQUEST - QUERY PARAMETERS

Name

Type

Description

page

string

page number of results to retreive

RESPONSE MODEL - application/json

STATUS CODE - 200: : Returns a JSON object containing threat categories and the number of new threat indicators seen by REDXRAY within the last 24 hours.

Name

Type

Description

hits

object

hits

array

max_per_page

integer

Maximum number of documents per page

time frame

string

The time frame used for this query

total

integer

Total number of threat documents in all pages

pages

object

The current page

total

integer

Totle number of pages

STATUS CODE - 401: Missing or invalid API token.

STATUS CODE - 403: Account disabled, or user role prevents access to this resource.

STATUS CODE - 500: Unexpected error.

Previous4. /THREATS/COUNTS/{COMPANY ID}NextAppendices

Last updated 3 years ago

Was this helpful?