JUMP TOAPI IntroductionAPI responsesObjectsRelationshipsThreat LandscapeThreat Actors, Malware & Tools, Campaigns, IoC CollectionsList threatsgetCreate a new IoC collectionpostGet a ThreatgetDelete an IoC collectiondeleteUpdate an IoC collectionpatchGet object descriptors related to a threatgetGet objects related to a threatgetDelete items from an IoC collectiondeleteAdd new items to an IoC collectionpostGet comments on a threatgetAdd a comment to a threat objectpostGet MITRE tactics and techniques associated with a threatgetSearch IoCs inside a threatgetExport IOCs from a threatgetExport aggregations / commonalities of a threatgetExport IOCs from a given threat's relationshipgetIoC InvestigationIP addressesGet an IP address reportgetGet comments on an IP addressgetAdd a comment to an IP addresspostGet object descriptors related to an IP addressgetGet votes on an IP addressgetAdd a vote to an IP addresspostGet objects related to an IP addressgetDomains & ResolutionsGet a domain reportgetGet comments on a domaingetAdd a comment to a domainpostGet object descriptors related to a domaingetGet votes on a domaingetAdd a vote to a domainpostGet objects related to a domaingetGet a DNS resolution objectgetFilesGet a URL for uploading large filesgetUpload a filepostGet a file reportgetRequest a file rescan (re-analyze)postGet comments on a filegetAdd a comment to a filepostDownload a filegetGet a file’s download URLgetGet object descriptors related to a filegetGet votes on a filegetAdd a vote on a filepostGet objects related to a filegetGet a crowdsourced Sigma rule objectgetGet a crowdsourced YARA rulesetgetFiles BehavioursGet a file behavior report from a sandboxgetGet the EVTX file generated during a file’s behavior analysisgetGet a detailed HTML behaviour reportgetGet the memdump file generated during a file’s behavior analysisgetGet the PCAP file generated during a file’s behavior analysisgetGet object descriptors related to a behaviour reportgetGet objects related to a behaviour reportgetGet a summary of all MITRE ATT&CK techniques observed in a filegetGet a summary of all behavior reports for a filegetGet all behavior reports for a filegetURLsScan URLpostGet a URL reportgetRequest a URL rescan (re-analyze)postGet comments on a URLgetAdd a comment on a URLpostGet object descriptors related to a URLgetGet votes on a URLgetAdd a vote on a URLpostGet objects related to a URLgetCommentsGet latest commentsgetDelete a commentdeleteGet a comment objectgetGet object descriptors related to a commentgetAdd a vote to a commentpostGet objects related to a commentgetAnalyses, Submissions & OperationsGet a URL / file analysisgetGet object descriptors related to an analysisgetGet objects related to an analysisgetGet a submission objectgetGet an operation objectgetAttack TacticsGet an attack tactic objectgetGet object descriptors related to an attack tacticgetGet objects related to an attack tacticgetAttack TechniquesGet an attack technique objectgetGet object descriptors related to an attack techniquegetGet objects related to an attack techniquegetPopular Threat CategoriesGet a list of popular threat categoriesgetZipping filesCreate a password-protected ZIP with Google Threat Intelligence filespostCheck a ZIP file’s statusgetDownload a ZIP filegetGet a ZIP file’s download URLgetSearch & MetadataAdvanced corpus searchgetGet file content search snippetsgetGet Google Threat Intel metadatagetSearch for files, URLs, domains, IPs and commentsgetYARA HuntingYARA RulesList Crowdsourced YARA RulesgetGet a Crowdsourced YARA rulegetGet objects descriptors related to a Crowdsourced YARA rulegetGet objects related to a Crowdsourced YARA rulegetRetrohuntGet a list of Retrohunt jobsgetCreate a new Retrohunt jobpostDelete a Retrohunt jobdeleteGet a Retrohunt job objectgetAbort a Retrohunt jobpostRetrieve matches for a Retrohunt jobgetIoC StreamDelete notifications from the IoC StreamdeleteGet objects from the IoC StreamgetDelete an IoC Stream notificationdeleteGet an IoC Stream notificationgetLivehuntRetrieve file objects for Livehunt notificationsgetDelete Livehunt notificationsdeleteGet Livehunt notificationsgetDelete a Livehunt notificationdeleteGet a Livehunt notification objectgetRemove all Livehunt rulesetsdeleteGet Livehunt rulesetsgetCreate a new Livehunt rulesetpostDelete a Livehunt rulesetdeleteGet a Livehunt rulesetgetUpdate a Livehunt rulesetpatchGrant Livehunt ruleset edit permissions for a user or grouppostRevoke Livehunt ruleset edit permission from a user or groupdeleteCheck if a user or group is a Livehunt ruleset editorgetTransfer Livehunt ruleset to another userpostGet object descriptors related to a Livehunt rulesetgetGet objects related to a Livehunt rulesetgetReports & AnalysisReportsList reportsgetGet a reportgetGet object descriptors related to a reportgetGet objects related to a reportgetGet comments on a reportgetAdd a comment to a reportpostGet MITRE tactics and techniques associated with a reportgetSearch IoCs inside a reportgetExport IOCs from a reportgetExport aggregations / commonalities of a reportgetExport IOCs from a given report's relationshipgetPrivate ScanningURLsPrivate Scan URLpostGet a URL analysis reportgetGet objects related to a private URLgetGet object descriptors related to a private URLgetZipping filesCreate a password-protected ZIP with Google Threat Intelligence filespostCheck a ZIP file’s statusgetDownload a ZIP filegetGet a ZIP file’s download URLgetFilesUpload a filepostList private filesgetGet a URL for uploading large filesgetDelete a private file reportdeleteGet a private file reportgetGet object descriptors related to a filegetGet objects related to a private filegetRescan a private filepostFiles BehavioursGet the behaviour reports from a private filegetGet a behaviour report from a private filegetGet the EVTX file generated during a private file’s behavior analysisgetGet a detailed HTML behaviour reportgetGet the memdump file generated during a private file’s behavior analysisgetGet the PCAP file generated during a private file’s behavior analysisgetGet object descriptors related to a private file's behaviour reportgetGet objects related to a private file's behaviour reportgetGet a summary of all MITRE ATT&CK techniques observed in a filegetGet a summary of all behavior reports for a filegetAnalysesList private analysesgetGet a private analysisgetGet object descriptors related to a private analysisgetGet objects related to a private analysisgetVulnerability IntelligenceVulnerabilitiesList vulnerabilitiesgetGet a vulnerabilitygetGet object descriptors related to a vulnerabilitygetGet objects related to a vulnerabilitygetGet comments from a vulnerabilitygetAdd a comment to a vulnerabilitypostGet MITRE tactics and techniques associated with a vulnerabilitygetSearch IoCs inside a vulnerabilitygetExport IOCs from a vulnerabilitygetExport aggregations / commonalities from a vulnerabilitygetExport IOCs from a given vulnerability's relationshipgetASM (ATTACK SURFACE MANAGEMENT)ProjectsIndexgetCreatepostDeletedeleteASM CollectionsIndexgetCreatepostReadgetDeletedeleteArchivepatchUnarchivepatchCollection RunsIndexgetCreatepostEntitiesSearch EntitiesgetGet DetailgetGet Full DetailgetIssuesSearch IssuesgetGet DetailgetSet StatuspostTime SeriesGet Entity point in timegetGet Entity points in timegetGet Issue points in timegetGet Issue point in timegetTechnologiesSearch TechnologtiesgetNotesIndexgetCreatepostDeletedeleteTagsIndexgetCreatepostDeletedeleteSeedsIndexgetCreatepostDeletedeleteASM IntegrationsCreatepostIndexgetJira projectsgetDestroydeleteIntegration CollectionsIndexgetDestroydeleteCreatepostLibraryEntities ListgetEntities StatsgetIssues ListgetIssues List - Specific IsssuegetIssues StatsgetTasks ListgetTasks StatsgetFingerprints ListgetFingerprint StatsgetIssues List - Export as CSVgetTasks List - Export as CSVgetCatalog StatsgetDTM (DIGITAL THREAT MONITORING)DTM AlertsList alertsgetGet an existing alert by its IDgetUpdate field(s) of an alertpatchList child alerts for a given aggregated alert bucketgetSynchronously bulk update alertspostAsynchronously bulk update alerts using query params to target the alertspostAlert AnalysisUpdate the analysis text on an alertputList the file attachments for the alertgetUpload attachments to an alert's analysispostDelete a file attachment from an alertdeleteDownload a file attachment from an alertgetAlert AuditList audit records for a given alertgetList alert audit recordsgetMonitorsList monitorsgetCreate a new monitorpostDelete an existing monitordeleteGet a monitor by its IDgetPartial update an existing monitorpatchUpdate an existing monitorputAsynchronously backfill alerts for new domainspatchAsynchronously backfill alerts for the monitorpostEstimate how many alerts will be created for the backfill of an updated monitorpatchEstimate how many alerts will be created for the backfill of a newly created monitorpostList monitor templates for top DTM use casesgetEmail SettingsList email settingsgetCreate email settingspostDelete email settingsdeleteFetch an email settinggetUpdate email settingspatchReverify one or more email recipientspostVerified DomainsList verified domains for the current organizationgetAdd a new verified domainpostDelete an existing verified domain.deleteGet a verified domain by IDgetPerform a synchronous verification check for the domain's TXT record code.postAdd new verified domainspostDownload all verified domains with their TXT verification code in CSV formatgetDTM DocsRetrieve an indexed document by its type and IDgetFetch the labels for an existing documentgetFetch the topics for an existing documentgetSearch for documentspostThreat GraphGTI GraphsSearch graphsgetCreate a graphpostDelete a graphdeleteGet a graph objectgetUpdate a graph objectpatchGet comments on a graphgetAdd a comment to a graphpostGet object descriptors related to a graphgetGet objects related to a graphgetGTI Graphs Permissions & ACLGet users and groups that can edit a graphgetGrant users and groups permission to edit a graphpostRevoke edit graph permissions from a user or groupdeleteCheck if a user or group can edit a graphgetRevoke view permission from a user or groupdeleteCheck if a user or group can view a graphgetGet users and groups that can view a graphgetGrant users and groups permission to see a graphpostUsers and group managementUser ManagementDelete a userdeleteGet a user objectgetUpdate a user objectpatchGet object descriptors related to a usergetGet objects related to a usergetQuota ManagementGet a user’s API usagegetGet a user’s quota summarygetGet a group’s API usagegetService Account ManagementGet Service Accounts of a groupgetCreate a new Service AccountpostGet a Service Account objectgetGroup ManagementGet a group objectgetUpdate a group objectpatchGet administrators for a groupgetGrant group admin permissions to a list of userspostRevoke group admin permissions from a userdeleteCheck if a user is a group admingetGet group usersgetAdd users to a grouppostRemove a user from a groupdeleteCheck if a user is a group membergetGet object descriptors related to a groupgetGet objects related to a groupgetIoC FeedsFile intelligence feedGet a hourly file feed batchgetGet a per-minute file feed batchgetDownload a file published in the file feedgetSandbox analyses feedGet an hourly file behaviour feed batchgetGet a per-minute file behaviour feed batchgetGet the EVTX file generated during a file’s behavior analysisgetGet a file behaviour's detailed HTML reportgetGet the memdump file generated during a file’s behavior analysisgetGet the PCAP file generated during a file’s behavior analysisgetDomain intelligence feedGet an hourly domain feed batchgetGet a minutely domain feed batchgetIP intelligence feedGet an hourly IP address feed batchgetGet a minutely IP address feed batchgetURL intelligence feedGet an hourly URL feed batchgetGet a minutely URL feed batchgetAPI OBJECTSAnalyses🔀 itemAttack Tactics🔀 attack_techniquesAttack Techniques🔀 attack_tactics🔀 parent_technique🔀 revoking_technique🔀 subtechniques🔀 threat_actorsCampaignComments🔀 authorDomains🔀 communicating_files🔀 downloaded_files🔀 referrer_files🔀 graphs🔀 resolutions🔀 siblings🔀 comments🔀 related_comments🔀 historical_ssl_certificates🔀 historical_whois🔀 immediate_parent🔀 parent🔀 subdomains🔀 urls🔀 caa_records🔀 cname_records🔀 mx_records🔀 ns_records🔀 soa_records🔀 votes🔀🧑💻 user_votes🔀 collections🔀 related_threat_actorsFilesexiftoolssdeepauthentihashtridpe_infosignature_infodot_net_guidsandroguardasf_inforombios_infoclass_infobundle_infodeb_infomagicdmg_infoelf_infoimage_code_injectionsipa_infojar_infomacho_infooffice_infoopenxml_infopdf_infopackersrtf_infoswf_infoisoimage_infodot_net_assemblypowershell_infonsrl_infomalware_config🔀 analyses🔀 comments🔀 carbonblack_children🔀 carbonblack_parents🔀 bundled_files🔀 email_parents🔀 embedded_domains🔀 embedded_ips🔀 embedded_urls🔀 execution_parents🔀 graphs🔀 screenshots🔀 itw_urls🔀 itw_domains🔀 overlay_parents🔀 pcap_parents🔀 pe_resource_parents🔀 similar_files🔀 sigma_analysis🔀 submissionssnortsuricatatraffic_inspectionwiresharkvba_info🔀 compressed_parents🔀 contacted_urls🔀 email_attachments🔀 votesmonitor_infohtml_info🔀 dropped_files🔀 itw_ips🔀 overlay_children🔀 pcap_children🔀 pe_resource_childrentelfhashtlsh🔀 contacted_domains🔀 contacted_ips🔀 urls_for_embedded_jsjavascript_infoknown_distributorslnk_info🔀🧑💻 user_votespopular_threat_classificationpassword_info🔀 collections🔀 related_threat_actorscrowdsourced_yara_resultscrowdsourced_ids_resultscrowdsourced_ids_statssigma_analysis_statssigma_analysis_resultssandbox_verdictsdetectiteasy🔀 memory_pattern_domains🔀 memory_pattern_ips🔀 memory_pattern_urlsFiles Behaviourverdictsfiles_droppedfiles_copiedpermissions_checkedhttp_conversationsdns_lookupsip_trafficprocesses_treesms_sent🔀 file🔀 attack_techniquestagsGraphs🔀 comments🔀 editors🔀 group🔀 items🔀 owner🔀 viewersGroups🔀🧑💻 administrators🔀🧑💻 graphs🔀🧑💻 usersHunting NotificationsHunting RulesetsIoC CollectionIoC-Stream NotificationsIP addresses🔀 comments🔀 graphs🔀 historical_ssl_certificates🔀 historical_whois🔀 communicating_files🔀 downloaded_files🔀 referrer_files🔀 resolutions🔀 urls🔀 related_comments🔀 votes🔀🧑💻 user_votes🔀 collections🔀 related_threat_actorsMalware FamilyOperationsPrivate Analyses🔀 item🔀 submitterPrivate Files🔀 behaviours🔀 dropped_files🔀 execution_parents🔀 embedded_urls🔀 embedded_domains🔀 embedded_ipsPrivate Files Behaviours🔀 file🔀 attack_techniquesPrivate URLsPrivate URLs BehavioursReportRetrohunt Jobs🔀🧑💻 matching_files🔀🧑💻 ownerResolutionsScreenshotsService Accounts🔀🧑💻 api_quota_group🔀 comments🔀🧑💻 groups🔀🧑💻 intelligence_quota_group🔀 mentionsSigma Analyses🔀 rulesSigma RulesSoftware and ToolkitSSL CertificateSubmissionsThreat ActorURLs🔀 analyses🔀 comments🔀 related_comments🔀 contacted_domains🔀 contacted_ips🔀 downloaded_files🔀 graphs🔀 last_serving_ip_address🔀 network_location🔀 redirecting_urls🔀 redirects_to🔀 submissions🔀 embedded_js_files🔀 referrer_files🔀 referrer_urls🔀 urls_related_by_tracker_id🔀 communicating_files🔀 votes🔀🧑💻 user_votes🔀 collections🔀 related_threat_actorsUsers🔀 comments🔀🧑💻 groups🔀🧑💻 groups_managed🔀🧑💻 hunting_rulesets🔀🧑💻 hunting_notifications🔀🧑💻 hunting_notification_files🔀 mentions🔀 graphs🔀🧑💻 retrohunt_jobs🔀🧑💻 api_quota_group🔀🧑💻 intelligence_quota_group🔀 collections🔀 votesVotesVulnerabilityWhoisYARA RulesYARA RulesetsDownload a ZIP fileget https://www.virustotal.com/api/v3/private/zip_files/{id}/download