JUMP TOIntroductionAPI responsesRelationshipsIOC REPUTATION & ENRICHMENTIP addressesGet an IP address reportgetGet comments on an IP addressgetAdd a comment to an IP addresspostGet object descriptors related to an IP addressgetGet votes on an IP addressgetAdd a vote to an IP addresspostGet objects related to an IP addressgetDomains & ResolutionsGet a domain reportgetGet comments on a domaingetAdd a comment to a domainpostGet object descriptors related to a domaingetGet votes on a domaingetAdd a vote to a domainpostGet objects related to a domaingetGet a DNS resolution objectgetFilesGet a URL for uploading large filesgetUpload a filepostGet a file reportgetRequest a file rescan (re-analyze)postGet comments on a filegetAdd a comment to a filepostDownload a filegetGet a file’s download URLgetGet object descriptors related to a filegetGet votes on a filegetAdd a vote on a filepostGet objects related to a filegetGet a crowdsourced Sigma rule objectgetGet a crowdsourced YARA rulesetgetFiles BehavioursGet a file behavior report from a sandboxgetGet the EVTX file generated during a file’s behavior analysisgetGet a detailed HTML behaviour reportgetGet the memdump file generated during a file’s behavior analysisgetGet the PCAP file generated during a file’s behavior analysisgetGet object descriptors related to a behaviour reportgetGet objects related to a behaviour reportgetGet a summary of all MITRE ATT&CK techniques observed in a filegetGet a summary of all behavior reports for a filegetGet all behavior reports for a filegetURLsScan URLpostGet a URL analysis reportgetRequest a URL rescan (re-analyze)postGet comments on a URLgetAdd a comment on a URLpostGet object descriptors related to a URLgetGet votes on a URLgetAdd a vote on a URLpostGet objects related to a URLgetCommentsGet latest commentsgetDelete a commentdeleteGet a comment objectgetGet object descriptors related to a commentgetAdd a vote to a commentpostGet objects related to a commentgetAnalyses, Submissions & OperationsGet a URL / file analysisgetGet object descriptors related to an analysisgetGet objects related to an analysisgetGet a submission objectgetGet an operation objectgetAttack TacticsGet an attack tactic objectgetGet object descriptors related to an attack tacticgetGet objects related to an attack tacticgetAttack TechniquesGet an attack technique objectgetGet object descriptors related to an attack techniquegetGet objects related to an attack techniquegetPopular Threat CategoriesGet a list of popular threat categoriesgetGTI EnterpriseSearch & MetadataAdvanced corpus searchgetGet file content search snippetsgetGet Google Threat Intel metadatagetSearch for files, URLs, domains, IPs and commentsgetCollectionsList collectionsgetCreate a new collectionpostDelete a collectiondeleteGet a collectiongetUpdate a collectionpatchExport aggregations from a collectiongetGet comments on a collectiongetAdd a comment to a collectionpostExport IOCs from a collectiongetGet object descriptors related to a collectiongetSearch IoCs inside a collectiongetDelete items from a collectiondeleteGet objects related to a collectiongetAdd new items to a collectionpostExport IOCs from a given collection's relationshipgetThreat ActorsList threat actorsgetGet a threat actorgetRetrieve object descriptors related to a threat actorgetGet objects related to a threat actorgetReferencesCreate a new referencepostDelete a referencedeleteGet a referencegetGet object descriptors related to a referencegetGet objects related to a referencegetZipping filesCreate a password-protected ZIP with Google Threat Intelligence filespostCheck a ZIP file’s statusgetDownload a ZIP filegetGet a ZIP file’s download URLgetStatisticsGet daily stats grouped by vhashgetGTI Private ScanningFilesUpload a filepostList private filesgetGet a URL for uploading large filesgetDelete a private file reportdeleteGet a private file reportgetGet object descriptors related to a filegetGet objects related to a private filegetRescan a private filepostFiles BehavioursGet the behaviour reports from a private filegetGet a behaviour report from a private filegetGet the EVTX file generated during a private file’s behavior analysisgetGet a detailed HTML behaviour reportgetGet the memdump file generated during a private file’s behavior analysisgetGet the PCAP file generated during a private file’s behavior analysisgetGet object descriptors related to a private file's behaviour reportgetGet objects related to a private file's behaviour reportgetGet a summary of all MITRE ATT&CK techniques observed in a filegetGet a summary of all behavior reports for a filegetAnalysesList private analysesgetGet a private analysisgetGet object descriptors related to a private analysisgetGet objects related to a private analysisgetURLsPrivate Scan URLpostGet a URL analysis reportgetGet objects related to a private URLgetGet object descriptors related to a private URLgetURLs BehavioursGet a behaviour report from a private URLgetGet objects related to a private file's behaviour reportgetGet object descriptors related to a private URL's behaviour reportgetGet behaviour screenshot from a private URLgetGet behaviour screenshot download URL from a private URLgetGet behaviour DOM from a private URLgetGet behaviour DOM download URL from a private URLgetGTI HuntingYARA RulesList Crowdsourced YARA RulesgetGet a Crowdsourced YARA rulegetGet objects descriptors related to a Crowdsourced YARA rulegetGet objects related to a Crowdsourced YARA rulegetIoC StreamDelete notifications from the IoC StreamdeleteGet objects from the IoC StreamgetDelete an IoC Stream notificationdeleteGet an IoC Stream notificationgetLivehuntRetrieve file objects for Livehunt notificationsgetDelete Livehunt notificationsdeleteGet Livehunt notificationsgetDelete a Livehunt notificationdeleteGet a Livehunt notification objectgetRemove all Livehunt rulesetsdeleteGet Livehunt rulesetsgetCreate a new Livehunt rulesetpostDelete a Livehunt rulesetdeleteGet a Livehunt rulesetgetUpdate a Livehunt rulesetpatchGrant Livehunt ruleset edit permissions for a user or grouppostRevoke Livehunt ruleset edit permission from a user or groupdeleteCheck if a user or group is a Livehunt ruleset editorgetTransfer Livehunt ruleset to another userpostGet object descriptors related to a Livehunt rulesetgetGet objects related to a Livehunt rulesetgetRetrohuntGet a list of Retrohunt jobsgetCreate a new Retrohunt jobpostDelete a Retrohunt jobdeleteGet a Retrohunt job objectgetAbort a Retrohunt jobpostRetrieve matches for a Retrohunt jobgetASM (ATTACK SURFACE MANAGEMENT)ProjectsIndexgetCreatepostDeletedeleteCollectionsIndexgetCreatepostReadgetDeletedeleteArchivepatchUnarchivepatchCollection RunsIndexgetCreatepostEntitiesSearch EntitiesgetGet DetailgetGet Full DetailgetIssuesSearch IssuesgetGet DetailgetSet StatuspostTime SeriesGet Entity point in timegetGet Entity points in timegetGet Issue points in timegetGet Issue point in timegetTechnologiesSearch TechnologtiesgetNotesIndexgetCreatepostDeletedeleteTagsIndexgetCreatepostDeletedeleteSeedsIndexgetCreatepostDeletedeleteIntegrationsCreatepostIndexgetJira projectsgetDestroydeleteIntegration CollectionsIndexgetDestroydeleteCreatepostLibraryEntities ListgetEntities StatsgetIssues ListgetIssues List - Specific IsssuegetIssues StatsgetTasks ListgetTasks StatsgetFingerprints ListgetFingerprint StatsgetIssues List - Export as CSVgetTasks List - Export as CSVgetCatalog StatsgetDTM (DIGITAL THREAT MONITORING)AlertsList alertsgetGet an existing alert by its IDgetUpdate field(s) of an alertpatchList child alerts for a given aggregated alert bucketgetSynchronously bulk update alertspostAsynchronously bulk update alerts using query params to target the alertspostAlert AnalysisUpdate the analysis text on an alertputList the file attachments for the alertgetUpload attachments to an alert's analysispostDelete a file attachment from an alertdeleteDownload a file attachment from an alertgetAlert AuditList audit records for a given alertgetList alert audit recordsgetMonitorsList monitorsgetCreate a new monitorpostDelete an existing monitordeleteGet a monitor by its IDgetPartial update an existing monitorpatchUpdate an existing monitorputAsynchronously backfill alerts for new domainspatchAsynchronously backfill alerts for the monitorpostEstimate how many alerts will be created for the backfill of an updated monitorpatchEstimate how many alerts will be created for the backfill of a newly created monitorpostList monitor templates for top DTM use casesgetEmail SettingsList email settingsgetCreate email settingspostDelete email settingsdeleteFetch an email settinggetUpdate email settingspatchReverify one or more email recipientspostVerified DomainsList verified domains for the current organizationgetAdd a new verified domainpostDelete an existing verified domain.deleteGet a verified domain by IDgetPerform a synchronous verification check for the domain's TXT record code.postAdd new verified domainspostDownload all verified domains with their TXT verification code in CSV formatgetDocsRetrieve an indexed document by its type and IDgetFetch the labels for an existing documentgetFetch the topics for an existing documentgetSearch for documentspostGTI GraphsGTI GraphsSearch graphsgetCreate a graphpostDelete a graphdeleteGet a graph objectgetUpdate a graph objectpatchGet comments on a graphgetAdd a comment to a graphpostGet object descriptors related to a graphgetGet objects related to a graphgetGTI Graphs Permissions & ACLGet users and groups that can edit a graphgetGrant users and groups permission to edit a graphpostRevoke edit graph permissions from a user or groupdeleteCheck if a user or group can edit a graphgetRevoke view permission from a user or groupdeleteCheck if a user or group can view a graphgetGet users and groups that can view a graphgetGrant users and groups permission to see a graphpostGTI Enterprise AdministrationUser ManagementDelete a userdeleteGet a user objectgetUpdate a user objectpatchGet object descriptors related to a usergetGet objects related to a usergetGroup ManagementGet a group objectgetUpdate a group objectpatchGet administrators for a groupgetGrant group admin permissions to a list of userspostRevoke group admin permissions from a userdeleteCheck if a user is a group admingetGet group usersgetAdd users to a grouppostRemove a user from a groupdeleteCheck if a user is a group membergetGet object descriptors related to a groupgetGet objects related to a groupgetQuota ManagementGet a user’s API usagegetGet a user’s quota summarygetGet a group’s API usagegetService Account ManagementGet Service Accounts of a groupgetCreate a new Service AccountpostGet a Service Account objectgetGTI FeedsFile intelligence feedGet a hourly file feed batchgetGet a per-minute file feed batchgetDownload a file published in the file feedgetSandbox analyses feedGet an hourly file behaviour feed batchgetGet a per-minute file behaviour feed batchgetGet the EVTX file generated during a file’s behavior analysisgetGet a file behaviour's detailed HTML reportgetGet the memdump file generated during a file’s behavior analysisgetGet the PCAP file generated during a file’s behavior analysisgetDomain intelligence feedGet an hourly domain feed batchgetGet a minutely domain feed batchgetIP intelligence feedGet an hourly IP address feed batchgetGet a minutely IP address feed batchgetURL intelligence feedGet an hourly URL feed batchgetGet a minutely URL feed batchgetAPI OBJECTSAnalyses🔀 itemAttack Tactics🔀 attack_techniquesAttack Techniques🔀 attack_tactics🔀 parent_technique🔀 revoking_technique🔀 subtechniques🔀 threat_actorsCollections🔀 files🔀 urls🔀 domains🔀 ip_addresses🔀 threat_actors🔀 references🔀 comments🔀 owner🔀 related_collections🔀 autogenerated_graphs🔀 related_referencesComments🔀 authorClues🔀 filesDomains🔀 communicating_files🔀 downloaded_files🔀 referrer_files🔀 graphs🔀 resolutions🔀 siblings🔀 comments🔀 related_comments🔀 historical_ssl_certificates🔀 historical_whois🔀 immediate_parent🔀 parent🔀 subdomains🔀 urls🔀 caa_records🔀 cname_records🔀 mx_records🔀 ns_records🔀 soa_records🔀 votes🔀🧑💻 user_votes🔀 collections🔀 related_threat_actors🔀 related_referencesFilesexiftoolssdeepauthentihashtridpe_infosignature_infodot_net_guidsandroguardasf_inforombios_infoclass_infobundle_infodeb_infomagicdmg_infoelf_infoimage_code_injectionsipa_infojar_infomacho_infooffice_infoopenxml_infopdf_infopackersrtf_infoswf_infoisoimage_infodot_net_assemblypowershell_infonsrl_infomalware_config🔀 analyses🔀 clues🔀 comments🔀 carbonblack_children🔀 carbonblack_parents🔀 bundled_files🔀 email_parents🔀 embedded_domains🔀 embedded_ips🔀 embedded_urls🔀 execution_parents🔀 graphs🔀 screenshots🔀 itw_urls🔀 itw_domains🔀 overlay_parents🔀 pcap_parents🔀 pe_resource_parents🔀 similar_files🔀 sigma_analysis🔀 submissionssnortsuricatatraffic_inspectionwiresharkvba_info🔀 compressed_parents🔀 contacted_urls🔀 email_attachments🔀 votesmonitor_infohtml_info🔀 dropped_files🔀 itw_ips🔀 overlay_children🔀 pcap_children🔀 pe_resource_childrentelfhashtlsh🔀 contacted_domains🔀 contacted_ips🔀 urls_for_embedded_jsjavascript_infoknown_distributorslnk_info🔀🧑💻 user_votespopular_threat_classificationpassword_info🔀 collections🔀 related_threat_actors🔀 related_referencescrowdsourced_yara_resultscrowdsourced_ids_resultscrowdsourced_ids_statssigma_analysis_statssigma_analysis_resultssandbox_verdictsdetectiteasyFiles Behaviourverdictsfiles_droppedfiles_copiedpermissions_checkedhttp_conversationsdns_lookupsip_trafficprocesses_treesms_sent🔀 file🔀 attack_techniquestagsGraphs🔀 comments🔀 editors🔀 group🔀 items🔀 owner🔀 viewersGroups🔀🧑💻 administrators🔀🧑💻 graphs🔀🧑💻 usersHunting NotificationsHunting RulesetsIoC-Stream NotificationsIP addresses🔀 comments🔀 graphs🔀 historical_ssl_certificates🔀 historical_whois🔀 communicating_files🔀 downloaded_files🔀 referrer_files🔀 resolutions🔀 urls🔀 related_comments🔀 votes🔀🧑💻 user_votes🔀 collections🔀 related_threat_actors🔀 related_referencesOperationsPrivate Analyses🔀 item🔀 submitterPrivate Files🔀 behaviours🔀 dropped_files🔀 execution_parents🔀 embedded_urls🔀 embedded_domains🔀 embedded_ipsPrivate Files Behaviours🔀 file🔀 attack_techniquesPrivate URLsPrivate URLs BehavioursReferences🔀 collections🔀 threat_actorsRetrohunt Jobs🔀🧑💻 matching_files🔀🧑💻 ownerResolutionsScreenshotsService Accounts🔀🧑💻 api_quota_group🔀 comments🔀🧑💻 groups🔀🧑💻 intelligence_quota_group🔀 mentionsSigma Analyses🔀 rulesSigma RulesSSL CertificateSubmissionsThreat Actors🔀 collections🔀 references🔀 comments🔀 related_domains🔀 related_files🔀 related_ip_addresses🔀 related_references🔀 related_urlsURLs🔀 analyses🔀 comments🔀 related_comments🔀 contacted_domains🔀 contacted_ips🔀 downloaded_files🔀 graphs🔀 last_serving_ip_address🔀 network_location🔀 redirecting_urls🔀 redirects_to🔀 submissions🔀 embedded_js_files🔀 referrer_files🔀 referrer_urls🔀 urls_related_by_tracker_id🔀 communicating_files🔀 votes🔀🧑💻 user_votes🔀 collections🔀 related_threat_actors🔀 related_referencesUsers🔀 comments🔀🧑💻 groups🔀🧑💻 groups_managed🔀🧑💻 hunting_rulesets🔀🧑💻 hunting_notifications🔀🧑💻 hunting_notification_files🔀 mentions🔀 graphs🔀🧑💻 retrohunt_jobs🔀🧑💻 api_quota_group🔀🧑💻 intelligence_quota_group🔀 collections🔀 votesVotesWhoisYARA RulesetsYARA RulesGet a Retrohunt job objectget https://www.virustotal.com/api/v3/intelligence/retrohunt_jobs/{id}Returns a Retrohunt Job object.