List collections

🚧

Special privileges required

This endpoint is only available to users with Google Threat Intelligence Enterprise or Enterprise plus license.

Returns a list of Collections objects.

Allowed filters:

  • Text without modifiers: Collection's name, description or tag.
  • capability: Collection's capability.
  • comment: Collection's comment.
  • comment_author: Author of the comment of the collection.
  • creation_date: Collection's creation date.
  • description: Collection's description. You can search for word or expressions (full-text search).
  • detection: Detection of the files inside the collection.
  • domains: Collection's domains.
  • files: Collections's files.
  • fs: First seen date of the elements of the collection.
  • have: Condition of collection's metadata.
  • ips: Collection's IPs
  • last_modification_date: Last modification date of t
  • ls: Last seen date of the elements of the collection.
  • malware_role: Collection's malware role.
  • merged_actor: Collection's merged actors.
  • motivation: Collection's motivation.
  • name: Collection's name.
  • operating_system: Collection's operating system.
  • origin: Collection's origin.
  • owner: Collection's owner.
  • references: Collection's references.
  • sigma_rules: Collection's sigma rules.
  • source_region: Collections's source region. You can use ISO 3166-1 alpha-2 country codes, the ISO or the full country name.
  • sponsor_region: Collection's sponsor region.
  • tag: Collection's tag.
  • targeted_industry: Collections's targeted industry.
  • targeted_industry_group: Collection's targeted industry group.
  • targeted_region: Collections's targeted region. Same use as source_region.
  • threat_actor: Collection's threat actor.
  • threat_actors: Number of threat actor in the collection.
  • threat_category: Collection's threat category.
  • urls: Collection's urls.
  • yara_rulesets: Collection's yara rulesets.

Allowed orders:

  • creation_date: Collection's creation date.
  • creation_day: Collection's creation day. Collections created within the same day are sorted by relevance.
  • domains: Number of domains in the collection.
  • files: Number of files in the collection.
  • ip_addresses: Number of IP addresses in the collection.
  • last_modification_date: Collection's last modification date.
  • last_modification_day: Collection's last modification day. Collections modified within the same day are sorted by relevance.
  • references: Number of references in the collection.
  • urls: Number of URLs in the collection.

Some examples:
GET /api/v3/collections?filter=source_region:US&order=files-
GET /api/v3/collections?filter=targeted_industry:government&order:creation_day-

Language
Click Try It! to start a request and see the response here!