5. /THREATS/HITS/{COMPANY ID}
5.1 GET /threats/hits/{company id}
Raw threat data seen within the last 24 hours. Returns the threat hits (raw threat data) for a company from Red Sky Alliance CTI collection that has been seen within the last 24 hours. Results are paginated with 1000 documents per page. The threat document schema depends on the CTI index it is sourced from. CTI index schemas can be found in the CTAC GUIDE.
REQUEST - PATH PARAMETERS
Name
Type
Description
*company id
string
ID of company to return threat hits for. Company IDs can be obtained using the / companies/ids endpoint.
REQUEST - QUERY PARAMETERS
Name
Type
Description
page
string
page number of results to retreive
RESPONSE MODEL - application/json
STATUS CODE - 200: : Returns a JSON object containing metadata (see ThreatHits schema) for this results page and a JSON array of CTI documents containing the threat hits. CTI document schemas can be found in the CTAC GUIDE (https://wapack-labs-llc.gitbook.io/ctac-guide/overview/elastic-stack/data-sets).
Name
Type
Description
hits
object
hits
array
max_per_page
integer
Maximum number of documents per page
time frame
string
The time frame used for this query
total
integer
Total number of threat documents in all pages
pages
object
The current page
total
integer
Totle number of pages
STATUS CODE - 401: Missing or invalid API token.
STATUS CODE - 403: Account disabled, or user role prevents access to this resource.
STATUS CODE - 500: Unexpected error.
5.2 GET /threats/hits/{company id}/{time frame}
Raw threat data seen within the time frame. Returns threat hits (raw threat data) for a company from the Red Sky Alliance CTI collection that has been seen within the time frame. Results are paginated with 1000 documents per page. The threat document schema depends on the CTI index it is sourced from. CTI index schemas can be found in the CTAC GUIDE.
REQUEST - PATH PARAMETERS
Name
Type
Description
*company id
string
ID of company to return threat hits for. Company IDs can be obtained using the / companies/ids endpoint.
*time frame
string
Valid options are: last_24h, last_7d, last_30d, last_90d, ALL. The reporting time frame used to calculate the threat counts. For example, if last_24h is used, Redxray will return the number of new threats that were seen within the last 24 hours for the company specifed by {company id}. If only a {company id} is supplied, the default {time frame} is last_24h
REQUEST - QUERY PARAMETERS
Name
Type
Description
page
string
page number of results to retreive
RESPONSE MODEL - application/json
STATUS CODE - 200: : Returns a JSON object containing threat categories and the number of new threat indicators seen by REDXRAY within the last 24 hours.
Name
Type
Description
hits
object
hits
array
max_per_page
integer
Maximum number of documents per page
time frame
string
The time frame used for this query
total
integer
Total number of threat documents in all pages
pages
object
The current page
total
integer
Totle number of pages
STATUS CODE - 401: Missing or invalid API token.
STATUS CODE - 403: Account disabled, or user role prevents access to this resource.
STATUS CODE - 500: Unexpected error.
Last updated
Was this helpful?