Threat Intel API
Overview
Carbon Black Threat Intel API’s provides real time security context for any file hash, domain, or IP address. This information includes reputation, threat name, prevalence, age, industry, geography, and related indicators to enable analysts to make quick, informed decisions when investigating and responding to threats.
Key Features
- Data Related APIs that provide related file or network information like an array of related filenames or network indicators for a given file sha256 or network IOC.
- Insight APIs that provide file, domain and IP enrichments like first and last seen dates, reputation, prevalence band, top N (most popular, based on counts) countries and industries, as well as categorization and risk level history.
- Process Chain API that provides top K (most popular, based on counts) sha256 ordered and ranked lineages along with their process names by sha256 containing all the ancestors and descendants.
Requirements
- Any Carbon Black Cloud product
- API key with appropriate permissions from the Carbon Black Cloud console
Authentication
Take a look at Carbon Black Cloud API Access Guide for complete instructions on the generic API calls.
Carbon Black Cloud Managed Identity and Authentication
All Carbon Black Cloud APIs and Services authenticate via API Keys. To access the Carbon Black Threat Intel APIs, you must set up an API Key using the predefined "Threat Intelligence" Access Level which contains the correct Role-Based Access Control permissions.
Environment
Available on majority of environments. Use the Carbon Black Cloud Console URL as described here. Keep in mind that Threat Intel APIs does not contain org key as part of its URL structure.
API Key
When creating your API Key, use the Access Level Type of "Custom" and select "Threat Intelligence". Details on constructing and passing the API Key in your requests are available here. You can create either one key that will be shared, or one key per user.
All Carbon Black Cloud APIs and Services authenticate via API Keys. To access the Carbon Black Threat Intel APIs, you must set up an API Key using the predefined "Threat Intelligence" Access Level which contains the correct Role-Based Access Control permissions.
Environment
Available on majority of environments. Use the Carbon Black Cloud Console URL as described here. Keep in mind that Threat Intel APIs does not contain org key as part of its URL structure.
API Key
When creating your API Key, use the Access Level Type of "Custom" and select "Threat Intelligence". Details on constructing and passing the API Key in your requests are available here. You can create either one key that will be shared, or one key per user.
Threat Intel Data Related APIs
Provides related file or network information including an array of related network indicators or filenames for a given network IOC or file.
File Related API
This API provides related file or network information for given file sha256.
Request
GET {cbc-hostname}/api/threat-intel/v1/related/file/{file_sha256}Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | OK | application/json | Example response below |
| 400 | Bad Request | application/json | N/A |
| 403 | Forbidden | application/json | N/A |
| 429 | Too Many Requests | application/json | N/A |
| 500 | Internal Server Error | application/json | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/api/threat-intel/v1/related/file/2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"file": "2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852",
"related": [
{
"iocType": "Domain",
"iocValues": [
"stat.funshion.net"
],
"relation": "byNetworkingTrait"
},
{
"iocType": "IP",
"iocValues": [
"0.0.0.0"
],
"relation": "byNetworkingTrait"
},
{
"iocType": "File",
"iocValues": [
"65789b8879e980c500b82d33ec4549d6d11ac04567ac557f31efca5c7a3ed069",
"98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
"26b1a027ba0581ae6448c03a4c842f6d94b672f4c3024aabd8993c64bc181163",
"4331a3dee51b7983a7f79d132b5cc7c3c0284c5b6c16f1d04bce93615d6dc7b5",
"6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910",
"272406f3baa305268204e35b348502dc13db77e5b8a50cf83ea446b2ebfaaad9",
"82611e60a2c5de23a1b976bb3b9a32c4427cb60a002e4c27cadfa84031d87999",
"c6a748ebdca390a7c6ae563fcbaad22ebee5a42387df34bb9e167c8ea7376cc4",
"4b70ff47a284262547d722c6f267a9325bcc8ac82d8ce84bfa87485f1680993b",
"ce98598d9d53b3cd00dafb564978a1c1e5bd6266686f736a51d2070980d79f15",
"0b60128008ec332097494b7f4552c52537f789a4591a7667b31cd83b10f6f9fd",
"63e96bfac4385e6fe2dcac258d6cfe82bae3d1e7731d2186eef2511f420903d6",
"89e09326e7e1b318f86ff985188db40f5388ab41eba3e2e86044ffd2df995d1a",
"900af80e0079d534a47ff525c9dcd2a662a1bfb3415a55293f00b72234b137bc",
"bc3d4d3d6636dc3df1afcaf1b598d1cc11de6c45420f2145c2da3acb2a6e91c7",
"155a5bce6ac3b10ac6d4fe768f0520a029a0a3fd341b747ade8f77066f81b956",
"2984b4ad9f5ce7a8828934832fa7d7932fa53e432ed14d0b5636fbadaf536131",
"8e85143200661cf44256482afa9b9250460925188dcb06ab7b7f2a936200fe35",
"aa2de7169730da83de98cdf23a35d142a6b2a6379106474f1ce03ee557f3a9c5",
"b7095bd4eee9d1108c053ed2b29ed93930bef118284381160ac02891ce1c107a",
"fc552f65678aeafa9e92b4dc14bab20db788222d622ca5cf71c441ca236e5b82",
"f5845cbbf013867033b62aedb2a2bff59ed84505764ea5947bb1e2cf0e6f8311",
"f90ef4b0015ac0e93adde663eb303e8c7db66eea49a847cef2010959b8508465",
"178118b89a1b68a50f6e87548e2ae598dc1427e5a20705a438d41cb31fc25e37",
"c18b6927cdb612e92d01dead3b4a9f9a29124bb9b27b7df6f13086fdf02ba6cf"
],
"relation": "bySignature"
}
]
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/api/threat-intel/v1/related/file/2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852 \
-X GET \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456'{
"file": "2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852",
"related": [
{
"iocType": "Domain",
"iocValues": [
"stat.funshion.net"
],
"relation": "byNetworkingTrait"
},
{
"iocType": "IP",
"iocValues": [
"0.0.0.0"
],
"relation": "byNetworkingTrait"
},
{
"iocType": "File",
"iocValues": [
"65789b8879e980c500b82d33ec4549d6d11ac04567ac557f31efca5c7a3ed069",
"98d37eff504a7adb864131ea4a042aaf4d79c4356960a8ab2fa656cc59aec014",
"26b1a027ba0581ae6448c03a4c842f6d94b672f4c3024aabd8993c64bc181163",
"4331a3dee51b7983a7f79d132b5cc7c3c0284c5b6c16f1d04bce93615d6dc7b5",
"6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910",
"272406f3baa305268204e35b348502dc13db77e5b8a50cf83ea446b2ebfaaad9",
"82611e60a2c5de23a1b976bb3b9a32c4427cb60a002e4c27cadfa84031d87999",
"c6a748ebdca390a7c6ae563fcbaad22ebee5a42387df34bb9e167c8ea7376cc4",
"4b70ff47a284262547d722c6f267a9325bcc8ac82d8ce84bfa87485f1680993b",
"ce98598d9d53b3cd00dafb564978a1c1e5bd6266686f736a51d2070980d79f15",
"0b60128008ec332097494b7f4552c52537f789a4591a7667b31cd83b10f6f9fd",
"63e96bfac4385e6fe2dcac258d6cfe82bae3d1e7731d2186eef2511f420903d6",
"89e09326e7e1b318f86ff985188db40f5388ab41eba3e2e86044ffd2df995d1a",
"900af80e0079d534a47ff525c9dcd2a662a1bfb3415a55293f00b72234b137bc",
"bc3d4d3d6636dc3df1afcaf1b598d1cc11de6c45420f2145c2da3acb2a6e91c7",
"155a5bce6ac3b10ac6d4fe768f0520a029a0a3fd341b747ade8f77066f81b956",
"2984b4ad9f5ce7a8828934832fa7d7932fa53e432ed14d0b5636fbadaf536131",
"8e85143200661cf44256482afa9b9250460925188dcb06ab7b7f2a936200fe35",
"aa2de7169730da83de98cdf23a35d142a6b2a6379106474f1ce03ee557f3a9c5",
"b7095bd4eee9d1108c053ed2b29ed93930bef118284381160ac02891ce1c107a",
"fc552f65678aeafa9e92b4dc14bab20db788222d622ca5cf71c441ca236e5b82",
"f5845cbbf013867033b62aedb2a2bff59ed84505764ea5947bb1e2cf0e6f8311",
"f90ef4b0015ac0e93adde663eb303e8c7db66eea49a847cef2010959b8508465",
"178118b89a1b68a50f6e87548e2ae598dc1427e5a20705a438d41cb31fc25e37",
"c18b6927cdb612e92d01dead3b4a9f9a29124bb9b27b7df6f13086fdf02ba6cf"
],
"relation": "bySignature"
}
]
}Network Related API
This API provides related file or network information for given URL, network domain name or IP.
Request
GET {cbc-hostname}/api/threat-intel/v1/related/network/{network}Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | OK | application/json | Example response below |
| 400 | Bad Request | application/json | N/A |
| 403 | Forbidden | application/json | N/A |
| 429 | Too Many Requests | application/json | N/A |
| 500 | Internal Server Error | application/json | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/api/threat-intel/v1/related/network/elblogdeloscachanillas.com.mxX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"network": "elblogdeloscachanillas.com.mx",
"related": [
{
"iocType": "File",
"iocValues": [
"2e5efc1e38d9c7a659046a30452a38a9060cb346d5a23c42336676444b4f86d6",
"0057770f8097d77525b66eabba06d54c0c438ee62d0e7ed684def68630e2eb9e",
"c7d4e119149a7150b7101a4bd9fffbf659fba76d058f7bf6cc73c99fb36e8221",
"960ced5ad3788e2a18151ec47547fe5e572915b369af12b4a73431f4bac1d531",
"5fa260ebacc5cee5f6fce43866d88d4de1a7282d7e1d20c381aba2b5d7ca7633",
"529ee9d30eef7e331b24e66d68205ab4554b6eb3487193d53ed3a840ca7dde5d",
"9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f",
"2096109e7e05d0017b27b0796bb2b1c926b7c1d6e1bcc401ad056d01e21a59e6",
"d8dc13ef32470d422af28aaa8d12b584944372629dd3a06876055a2fd9379c54"
],
"relation": "bySignature"
},
{
"iocType": "File",
"iocValues": [
"fdac935044d2dc76476c77f81413d0993743d85a0dcd876d9f1ca99f1c4866dd"
],
"relation": "byNetworkingTrait"
}
]
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/api/threat-intel/v1/related/network/elblogdeloscachanillas.com.mx \
-X GET \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456'{
"network": "elblogdeloscachanillas.com.mx",
"related": [
{
"iocType": "File",
"iocValues": [
"2e5efc1e38d9c7a659046a30452a38a9060cb346d5a23c42336676444b4f86d6",
"0057770f8097d77525b66eabba06d54c0c438ee62d0e7ed684def68630e2eb9e",
"c7d4e119149a7150b7101a4bd9fffbf659fba76d058f7bf6cc73c99fb36e8221",
"960ced5ad3788e2a18151ec47547fe5e572915b369af12b4a73431f4bac1d531",
"5fa260ebacc5cee5f6fce43866d88d4de1a7282d7e1d20c381aba2b5d7ca7633",
"529ee9d30eef7e331b24e66d68205ab4554b6eb3487193d53ed3a840ca7dde5d",
"9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f",
"2096109e7e05d0017b27b0796bb2b1c926b7c1d6e1bcc401ad056d01e21a59e6",
"d8dc13ef32470d422af28aaa8d12b584944372629dd3a06876055a2fd9379c54"
],
"relation": "bySignature"
},
{
"iocType": "File",
"iocValues": [
"fdac935044d2dc76476c77f81413d0993743d85a0dcd876d9f1ca99f1c4866dd"
],
"relation": "byNetworkingTrait"
}
]
}Threat Intel Insight APIs
Getting file, domain and IP enrichments like first and last seen dates, reputation and prevalence band, top N (most popular, based on counts) countries and industries.
File Insight API
This API returns file insight enrichments for given file sha256.
Request
GET {cbc-hostname}/api/threat-intel/v1/insight/file/{file_sha256}Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | OK | application/json | Example response below |
| 400 | Bad Request | application/json | N/A |
| 403 | Forbidden | application/json | N/A |
| 429 | Too Many Requests | application/json | N/A |
| 500 | Internal Server Error | application/json | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/api/threat-intel/v1/insight/file/2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"file": "2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852",
"prevalence": "Millions",
"reputation": "GOOD",
"reputationConfidence": 100,
"firstSeen": "2017-03-20",
"lastSeen": "2025-06-16",
"targetOrgs": {
"topCountries": [
"tw",
"in",
"jp",
"cn",
"id",
"us",
"tr"
],
"topIndustries": [
"Construction",
"Education"
]
}
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/api/threat-intel/v1/insight/file/2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852 \
-X GET \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456'{
"file": "2be981b3686ee5e725583f5936f5f0a0992723cad784457f91d9d1d5a15a0852",
"prevalence": "Millions",
"reputation": "GOOD",
"reputationConfidence": 100,
"firstSeen": "2017-03-20",
"lastSeen": "2025-06-16",
"targetOrgs": {
"topCountries": [
"tw",
"in",
"jp",
"cn",
"id",
"us",
"tr"
],
"topIndustries": [
"Construction",
"Education"
]
}
}Network Insight API
This API returns network insight enrichments for given URL, network domain name or IP.
Request
GET {cbc-hostname}/api/threat-intel/v1/insight/network/{network}Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | OK | application/json | Example response below |
| 400 | Bad Request | application/json | N/A |
| 403 | Forbidden | application/json | N/A |
| 429 | Too Many Requests | application/json | N/A |
| 500 | Internal Server Error | application/json | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/api/threat-intel/v1/insight/network/elblogdeloscachanillas.com.mx/s3sy8rq10/ophn.pngX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"network": "elblogdeloscachanillas.com.mx/s3sy8rq10/ophn.png",
"threatRiskLevel": {
"level": 9
},
"categorization": {
"categories": [
{
"id": 43,
"name": "Malicious Sources/Malnets"
}
]
},
"reputation": "BAD",
"reputationConfidence": 80,
"targetOrgs": {
"topCountries": [
"il",
"tw",
"gb",
"ec",
"us"
],
"topIndustries": [
"Financial Services",
"Information Technology"
]
}
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/api/threat-intel/v1/insight/network/elblogdeloscachanillas.com.mx/s3sy8rq10/ophn.png \
-X GET \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456'{
"network": "elblogdeloscachanillas.com.mx/s3sy8rq10/ophn.png",
"threatRiskLevel": {
"level": 9
},
"categorization": {
"categories": [
{
"id": 43,
"name": "Malicious Sources/Malnets"
}
]
},
"reputation": "BAD",
"reputationConfidence": 80,
"targetOrgs": {
"topCountries": [
"il",
"tw",
"gb",
"ec",
"us"
],
"topIndustries": [
"Financial Services",
"Information Technology"
]
}
}Network Insight History API
This API returns categorization and risk level history for given URL, domain or IP.
Request
GET {cbc-hostname}/api/threat-intel/v1/insight/network/history/{network}Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | OK | application/json | Example response below |
| 400 | Bad Request | application/json | N/A |
| 403 | Forbidden | application/json | N/A |
| 429 | Too Many Requests | application/json | N/A |
| 500 | Internal Server Error | application/json | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/api/threat-intel/v1/insight/network/history/youtube.comX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"categorizationHistory": [
{
"categories": [
{
"id": 84,
"name": "Audio/Video Clips"
},
{
"id": 50,
"name": "Mixed Content/Potentially Adult"
}
],
"updated": "2022-11-18T20:51:26Z"
}
],
"threatRiskLevelHistory": [
{
"level": 1,
"updated": "2020-04-02T20:03:19Z"
}
],
"network": "youtube.com"
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/api/threat-intel/v1/insight/network/history/youtube.com \
-X GET \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456'{
"categorizationHistory": [
{
"categories": [
{
"id": 84,
"name": "Audio/Video Clips"
},
{
"id": 50,
"name": "Mixed Content/Potentially Adult"
}
],
"updated": "2022-11-18T20:51:26Z"
}
],
"threatRiskLevelHistory": [
{
"level": 1,
"updated": "2020-04-02T20:03:19Z"
}
],
"network": "youtube.com"
}Threat Intel Process Chain API
This API provides the top K (most popular, based on counts) sha256 lineages enrichment for provided file sha256. The lineage information is ordered, ranked and contains all the ancestors as well as descendants.
File Process Chain API
This API provides top K (most popular, based on counts) lineages along with their process names for provided file.
Request
GET {cbc-hostname}/api/threat-intel/v1/processchain/file/{file_sha256}
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | OK | application/json | Example response below |
| 400 | Bad Request | application/json | N/A |
| 403 | Forbidden | application/json | N/A |
| 429 | Too Many Requests | application/json | N/A |
| 500 | Internal Server Error | application/json | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/api/threat-intel/v1/processchain/file/eec3f761f7eabe9ed569f39e896be24c9bbb8861b15dbde1b3d539505cd9dd8dX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"file": "eec3f761f7eabe9ed569f39e896be24c9bbb8861b15dbde1b3d539505cd9dd8d",
"chain": [
{
"parent": {
"parent": {
"parent": {
"parent": {
"parent": {
"parent": {
"file": "26db419399e1df308fc195821858b322146867ca637bc717f3982f8b0dba6db4",
"processName": "winlogon.exe"
},
"file": "eda7ee39d4db8142a1e0788e205e80ae798035d60273e74981e09e98c8d0e740",
"processName": "userinit.exe"
},
"file": "3dc254ad131a691acb1f9e3a5bb5ca5b3ea891869e516f4b3580ea4fcfdf2e76",
"processName": "explorer.exe"
},
"file": "9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f",
"processName": "powershell.exe"
},
"file": "60aacb8e3f58a9d1cc4e4cbd24073325d0d4fdd2336cc3172afe304487bd19c8",
"processName": "lpl.exe"
},
"file": "18bba9ff311154415404e2fb16f3784e4c82b57ad110092ea5f9b76ed549e7cb",
"processName": "fe392ea0a9f14s4dfeda8d9u0233a6ioq6e47a5n3.exe"
}
}
]
}
Request
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
curl https://defense.conferdeploy.net/api/threat-intel/v1/processchain/file/eec3f761f7eabe9ed569f39e896be24c9bbb8861b15dbde1b3d539505cd9dd8d \
-X GET \
-H 'X-AUTH-TOKEN: ABCDEFGHIJKLMNO123456789/ABCD123456'{
"file": "eec3f761f7eabe9ed569f39e896be24c9bbb8861b15dbde1b3d539505cd9dd8d",
"chain": [
{
"parent": {
"parent": {
"parent": {
"parent": {
"parent": {
"parent": {
"file": "26db419399e1df308fc195821858b322146867ca637bc717f3982f8b0dba6db4",
"processName": "winlogon.exe"
},
"file": "eda7ee39d4db8142a1e0788e205e80ae798035d60273e74981e09e98c8d0e740",
"processName": "userinit.exe"
},
"file": "3dc254ad131a691acb1f9e3a5bb5ca5b3ea891869e516f4b3580ea4fcfdf2e76",
"processName": "explorer.exe"
},
"file": "9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f",
"processName": "powershell.exe"
},
"file": "60aacb8e3f58a9d1cc4e4cbd24073325d0d4fdd2336cc3172afe304487bd19c8",
"processName": "lpl.exe"
},
"file": "18bba9ff311154415404e2fb16f3784e4c82b57ad110092ea5f9b76ed549e7cb",
"processName": "fe392ea0a9f14s4dfeda8d9u0233a6ioq6e47a5n3.exe"
}
}
]
}Fields
File Related API
| Field | Definition | Data Type | Values |
|---|---|---|---|
file |
Input file sha256 hash. | String | N/A |
related |
Collection of related files. | Map | Supported properties: iocValue,
iocType: File, Domain, IP,
relation: byThreatActor, byProcessChain, bySignature, byNetworkingTrait |
Network Related API
| Field | Definition | Data Type | Values |
|---|---|---|---|
domain |
Input domain name, IP or URL. | String | N/A |
related |
Collection of related domains. | Map | Supported properties: iocValue,
iocType: File, Domain, IP,
relation: byThreatActor, byProcessChain, bySignature, byNetworkingTrait |
File Insight API
| Field | Definition | Data Type | Values |
|---|---|---|---|
file |
Input file sha256 hash. | String | N/A |
firstSeen |
First seen date. | String | N/A |
lastSeen |
Last seen date. | String | N/A |
reputation |
Reputation band. | String | BAD, GOOD, UNKNOWN |
prevalence |
Prevalence band. | String | LessThanFive, LessThanFifty, LessThanHundred, Hundreds, Thousands, TensOfThousands, HundredsOfThousands, Millions |
targetOrgs |
Collection containing the top 5 countries and industries affected by the input file. | Object | Supported properties: topCountries, topIndustries |
actors |
Threat actors names associated with input file. | Array | N/A |
associatedReferences |
Collection of blog references associated with the actors, published by Broadcom. | Array | Supported properties: url, description |
Network Insight API
| Field | Definition | Data Type | Values |
|---|---|---|---|
network |
Input network domain name, IP or URL. | String | N/A |
firstSeen |
First seen date. | String | N/A |
lastSeen |
Last seen date. | String | N/A |
reputation |
Reputation band. | String | BAD, GOOD, UNKNOWN |
prevalence |
Prevalence band. | String | LOW, MEDIUM, HIGH |
targetOrgs |
Collections containing the top 5 countries and industries affected by the input network. | Object | Supported properties: topCountries, topIndustries |
actors |
Threat actors names associated with the input network. | String | N/A |
threatRiskLevel |
Threat risk level, further details in the table below. | Object | Supported properties: level |
categorization |
Categorization of the input network. Further descriptions of the categories is available in here. | Object | Supported properties: url, description |
associatedReferences |
Collection of blog references associated with the actors, published by Broadcom. | Array | Supported properties: url, description |
Threat Risk Level Description
| Level | Definition |
|---|---|
0 (Customer Override) |
Customers can use this Threat Risk Level for policy overrides on specific sites. |
1 (Very Safe) |
Top visited sites with long history of good behavior. |
2 (Safe) |
Other top sites with consistent, good behavior. |
3 (Probably Safe) |
Reasonable history of normal behavior. |
4 (Leans Safe) |
Starting to establish a history of normal behavior. |
5 (May Not Be Safe) |
No established history of normal behavior. |
6 (Exercise Caution) |
Very new sites; Starting to establish a history of shady behavior. |
7 (Suspicious/Risky) |
Shady behavior (spam, scam, potentially unwanted software, potentially malicious). |
8 (Possibly Malicious) |
Stronger possibility of maliciousness. |
9 (Probably Malicious) |
Increased evidence of maliciousness. |
10 (Malicious) |
Proven evidence of maliciousness. |
Network Insight History API
| Field | Definition | Data Type | Values |
|---|---|---|---|
network |
Input network domain name, IP or URL. | String | N/A |
categorizationHistory |
List of all the categories the input network was categorized. | Array | Supported properties: categories, updated |
threatRiskLevelHistory |
List of all the threat levels the input network was assigned. | Array | Supported properties: level, updated |
File Process Chain API
| Field | Definition | Data Type | Values |
|---|---|---|---|
file |
Input file sha256 hash. | String | N/A |
chain |
List of the top 3 lineages containing the input file. The lineage information contains all the ancestors as well as descendants. | Map | Supported properties: parent, child |
Last modified on June 17, 2025