threat_events
Creates, updates, deletes, gets or lists a threat_events resource.
Overview
| Name | threat_events |
| Type | Resource |
| Id | cloudflare.cloudforce_one.threat_events |
Fields
The following fields are returned by SELECT queries:
- get
- list
Returns an event.
| Name | Datatype | Description |
|---|---|---|
attacker | string | |
attackerCountry | string | |
category | string | |
datasetId | string | |
date | string | |
event | string | |
hasChildren | boolean | |
indicator | string | |
indicatorType | string | |
indicatorTypeId | number | |
insight | string | |
killChain | number | |
mitreAttack | array | |
mitreCapec | array | |
numReferenced | number | |
numReferences | number | |
rawId | string | |
referenced | array | |
referencedIds | array | |
references | array | |
referencesIds | array | |
releasabilityId | string | |
tags | array | |
targetCountry | string | |
targetIndustry | string | |
tlp | string | |
uuid | string |
Returns a list of events.
| Name | Datatype | Description |
|---|---|---|
attacker | string | |
attackerCountry | string | |
category | string | |
datasetId | string | |
date | string | |
event | string | |
hasChildren | boolean | |
indicator | string | |
indicatorType | string | |
indicatorTypeId | number | |
insight | string | |
killChain | number | |
mitreAttack | array | |
mitreCapec | array | |
numReferenced | number | |
numReferences | number | |
rawId | string | |
referenced | array | |
referencedIds | array | |
references | array | |
referencesIds | array | |
releasabilityId | string | |
tags | array | |
targetCountry | string | |
targetIndustry | string | |
tlp | string | |
uuid | string |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | account_id, event_id | This Method is deprecated. Please use /events/dataset/:dataset_id/events/:event_id instead. | |
list | select | account_id | cursor, search, page, pageSize, orderBy, order, datasetId, forceRefresh, format | Use datasetId=all or datasetId=* to query all event datasets for the account (limited to 10). When datasetId is unspecified, events are listed from the default Cloudforce One Threat Events dataset. To list existing datasets, use the List Datasets endpoint. |
bulk_create | insert | account_id, data, datasetId | The datasetId parameter must be defined. To list existing datasets (and their IDs) in your account, use the List Datasets endpoint. | |
edit | update | account_id, event_id, datasetId |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
event_id | string | The event ID. |
cursor | string | |
datasetId | array | |
forceRefresh | boolean | |
format | string | |
order | string | |
orderBy | string | |
page | number | |
pageSize | number | |
search | array |
SELECT examples
- get
- list
This Method is deprecated. Please use /events/dataset/:dataset_id/events/:event_id instead.
SELECT
attacker,
attackerCountry,
category,
datasetId,
date,
event,
hasChildren,
indicator,
indicatorType,
indicatorTypeId,
insight,
killChain,
mitreAttack,
mitreCapec,
numReferenced,
numReferences,
rawId,
referenced,
referencedIds,
references,
referencesIds,
releasabilityId,
tags,
targetCountry,
targetIndustry,
tlp,
uuid
FROM cloudflare.cloudforce_one.threat_events
WHERE account_id = '{{ account_id }}' -- required
AND event_id = '{{ event_id }}' -- required
;
Use datasetId=all or datasetId=* to query all event datasets for the account (limited to 10). When datasetId is unspecified, events are listed from the default Cloudforce One Threat Events dataset. To list existing datasets, use the List Datasets endpoint.
SELECT
attacker,
attackerCountry,
category,
datasetId,
date,
event,
hasChildren,
indicator,
indicatorType,
indicatorTypeId,
insight,
killChain,
mitreAttack,
mitreCapec,
numReferenced,
numReferences,
rawId,
referenced,
referencedIds,
references,
referencesIds,
releasabilityId,
tags,
targetCountry,
targetIndustry,
tlp,
uuid
FROM cloudflare.cloudforce_one.threat_events
WHERE account_id = '{{ account_id }}' -- required
AND cursor = '{{ cursor }}'
AND search = '{{ search }}'
AND page = '{{ page }}'
AND pageSize = '{{ pageSize }}'
AND orderBy = '{{ orderBy }}'
AND order = '{{ order }}'
AND datasetId = '{{ datasetId }}'
AND forceRefresh = '{{ forceRefresh }}'
AND format = '{{ format }}'
;
INSERT examples
- bulk_create
- Manifest
The datasetId parameter must be defined. To list existing datasets (and their IDs) in your account, use the List Datasets endpoint.
INSERT INTO cloudflare.cloudforce_one.threat_events (
data,
datasetId,
includeCreatedEvents,
account_id
)
SELECT
'{{ data }}' /* required */,
'{{ datasetId }}' /* required */,
{{ includeCreatedEvents }},
'{{ account_id }}'
RETURNING
createBulkEventsRequestId,
createdEvents,
createdEventsCount,
createdTagsCount,
errorCount,
errors,
queuedIndicatorsCount
;
# Description fields are for documentation purposes
- name: threat_events
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the threat_events resource.
- name: data
value:
- accountId: {{ accountId }}
attacker: "{{ attacker }}"
attackerCountry: "{{ attackerCountry }}"
category: "{{ category }}"
datasetId: "{{ datasetId }}"
date: "{{ date }}"
event: "{{ event }}"
indicator: "{{ indicator }}"
indicatorType: "{{ indicatorType }}"
indicators: "{{ indicators }}"
insight: "{{ insight }}"
raw:
data: "{{ data }}"
source: "{{ source }}"
tlp: "{{ tlp }}"
tags: "{{ tags }}"
targetCountry: "{{ targetCountry }}"
targetIndustry: "{{ targetIndustry }}"
tlp: "{{ tlp }}"
- name: datasetId
value: "{{ datasetId }}"
- name: includeCreatedEvents
value: {{ includeCreatedEvents }}
description: |
When true, response includes array of created event UUIDs and shard IDs. Useful for tracking which events were created and where.
UPDATE examples
- edit
No description available.
UPDATE cloudflare.cloudforce_one.threat_events
SET
attacker = '{{ attacker }}',
attackerCountry = '{{ attackerCountry }}',
category = '{{ category }}',
createdAt = '{{ createdAt }}',
datasetId = '{{ datasetId }}',
date = '{{ date }}',
event = '{{ event }}',
indicator = '{{ indicator }}',
indicatorType = '{{ indicatorType }}',
insight = '{{ insight }}',
raw = '{{ raw }}',
targetCountry = '{{ targetCountry }}',
targetIndustry = '{{ targetIndustry }}',
tlp = '{{ tlp }}'
WHERE
account_id = '{{ account_id }}' --required
AND event_id = '{{ event_id }}' --required
AND datasetId = '{{ datasetId }}' --required
RETURNING
attacker,
attackerCountry,
category,
datasetId,
date,
event,
hasChildren,
indicator,
indicatorType,
indicatorTypeId,
insight,
killChain,
mitreAttack,
mitreCapec,
numReferenced,
numReferences,
rawId,
referenced,
referencedIds,
references,
referencesIds,
releasabilityId,
tags,
targetCountry,
targetIndustry,
tlp,
uuid;