Jump to Content
Home
Documentation
Reference
Release Notes
Use Cases
Reference
Home
Documentation
Reference
Release Notes
Use Cases
Threat Actor
All
Pages
Start typing to search…
JUMP TO
API Introduction
Google Threat Intelligence API Overview
API responses
Key concepts
Objects
Errors
Relationships
Collections
OpenAPI Specifications
STIX responses
Threat Landscape
Threat Actors, Malware & Tools, Campaigns, IoC Collections
List threats
get
Create a new IoC collection
post
Get a Threat
get
Delete an IoC collection
del
Update an IoC collection
patch
Get Hunting rulesets associated with an IoC Collection
get
Delete Hunting rulesets association from IoC collection
del
Add Hunting rulesets association to an IoC Collection
post
Get object descriptors related to a threat
get
Delete items from an IoC collection
del
Add new items to an IoC collection
post
Get objects related to a threat
get
Get comments from a threat
get
Add a comment to a threat object
post
Get MITRE tactics and techniques associated with a threat
get
Search IoCs inside a threat
get
Get a Threat's observed actions list
get
Export IOCs from a threat
get
Export aggregations / commonalities from a threat
get
Export IOCs from a given threat's relationship
get
Subscribe to a threat object
post
Check subscription preferences from threat object
get
Delete subscription from a threat object
del
Threat Profiles
List Threat Profiles
get
Create a Threat Profile
post
Get a Threat Profile
get
Update a Threat Profiles
patch
Delete a Threat Profile
del
Get recommendations of a Threat Profile
get
Get a Threat Profile's recommendations descriptors
get
Delete objects from a Threat Profile
del
Add objects to a Threat Profile
post
Get objects related to a Threat Profile
get
Get object descriptors related to a Threat Profile
get
Delete items from a Threat Profile
del
Add or update relationships between a Threat Profile and other objects
post
Get a Threat Profile's timeline associations
get
IoC Investigation
IP addresses
Get an IP address report
get
Get comments on an IP address
get
Request an IP address (re)scan
post
Add a comment to an IP address
post
Get object descriptors related to an IP address
get
Get votes on an IP address
get
Add a vote to an IP address
post
Get objects related to an IP address
get
Domains & Resolutions
Get a domain report
get
Get comments on a domain
get
Request a domain (re)scan
post
Add a comment to a domain
post
Get object descriptors related to a domain
get
Get votes on a domain
get
Add a vote to a domain
post
Get objects related to a domain
get
Get a DNS resolution object
get
Files
Get a URL for uploading large files
get
Upload a file
post
Get a file report
get
Request a file rescan (re-analyse)
post
Get comments on a file
get
Add a comment to a file
post
Download a file
get
Get a file’s download URL
get
Get object descriptors related to a file
get
Get votes on a file
get
Add a vote on a file
post
Get objects related to a file
get
Get a crowdsourced Sigma rule object
get
Get a crowdsourced YARA ruleset
get
Files Behaviours
Get a file behavior report from a sandbox
get
Get the EVTX file generated during a file’s behavior analysis
get
Get a detailed HTML behaviour report
get
Get the memdump file generated during a file’s behavior analysis
get
Get the PCAP file generated during a file’s behavior analysis
get
Get object descriptors related to a behaviour report
get
Get objects related to a behaviour report
get
Get a summary of all MITRE ATT&CK techniques observed in a file
get
Get a summary of all behavior reports for a file
get
Get all behavior reports for a file
get
URLs
Scan URL
post
Get a URL report
get
Request a URL rescan (re-analyse)
post
Get comments on a URL
get
Add a comment on a URL
post
Get object descriptors related to a URL
get
Get votes on a URL
get
Add a vote on a URL
post
Get objects related to a URL
get
Comments
Get latest comments
get
Delete a comment
del
Get a comment object
get
Get object descriptors related to a comment
get
Add a vote to a comment
post
Get objects related to a comment
get
Analyses, Submissions & Operations
Get a URL / file analysis
get
Get object descriptors related to an analysis
get
Get objects related to an analysis
get
Get a submission object
get
Get an operation object
get
Attack Tactics
Get an attack tactic object
get
Get object descriptors related to an attack tactic
get
Get objects related to an attack tactic
get
Attack Techniques
Get an attack technique object
get
Get object descriptors related to an attack technique
get
Get objects related to an attack technique
get
Popular Threat Categories
Get a list of popular threat categories
get
Zipping files
Create a password-protected ZIP with Google Threat Intelligence files
post
Check a ZIP file’s status
get
Download a ZIP file
get
Get a ZIP file’s download URL
get
Search & Metadata
Advanced corpus search
get
Get file content search snippets
get
Get Google Threat Intel metadata
get
Search for files, URLs, domains, IPs and comments
get
Code Insights
Analyse code blocks with Code Insights
post
Saved Searches
List Saved Searches
get
Get a Saved Search
get
Create a Saved Search
post
Share a Saved Search
post
Update a Saved Search
patch
Delete a Saved Search
del
Revoke access to a Saved Search
del
Get object descriptors related to a Saved Search
get
Get objects related to a Saved Search
get
YARA Hunting
YARA Rules
List Crowdsourced YARA Rules
get
Get a Crowdsourced YARA rule
get
Get objects descriptors related to a Crowdsourced YARA rule
get
Get objects related to a Crowdsourced YARA rule
get
IoC Stream
Delete notifications from the IoC Stream
del
Get objects from the IoC Stream
get
Delete an IoC Stream notification
del
Get an IoC Stream notification
get
Livehunt
Remove all Livehunt rulesets
del
Get Livehunt rulesets
get
Create a new Livehunt ruleset
post
Delete a Livehunt ruleset
del
Get a Livehunt ruleset
get
Update a Livehunt ruleset
patch
Delete IoC Collections association from Hunting ruleset
del
Get IoC Collections associated with a Hunting ruleset
get
Add IoC Collectios association to a Hunting ruleset
post
Grant Livehunt ruleset edit permissions for a user or group
post
Revoke Livehunt ruleset edit permission from a user or group
del
Check if a user or group is a Livehunt ruleset editor
get
Transfer Livehunt ruleset to another user
post
Get object descriptors related to a Livehunt ruleset
get
Get objects related to a Livehunt ruleset
get
Retrohunt
Get a list of Retrohunt jobs
get
Create a new Retrohunt job
post
Delete a Retrohunt job
del
Get a Retrohunt job object
get
Abort a Retrohunt job
post
Retrieve matches for a Retrohunt job
get
Reports & Analysis
Reports
List reports
get
Get a report
get
Get object descriptors related to a report
get
Get objects related to a report
get
Get comments from a report
get
Add a comment to a report
post
Get MITRE tactics and techniques associated with a report
get
Search IoCs inside a report
get
Export IOCs from a report
get
Export aggregations / commonalities from a report
get
Export IOCs from a given report's relationship
get
Download a Report
get
Subscribe to a report
post
Check subscription preferences from a report
get
Delete subscription from a report
del
Private Scanning
Private Files
Upload a file
post
List private files
get
Get a URL for uploading large files
get
Delete a private file report
del
Get a private file report
get
Get object descriptors related to a file
get
Get objects related to a private file
get
Rescan a private file
post
Private Files Behaviours
Get the behaviour reports from a private file
get
Get a behaviour report from a private file
get
Get the EVTX file generated during a private file’s behavior analysis
get
Get a detailed HTML behaviour report
get
Get the memdump file generated during a private file’s behavior analysis
get
Get the PCAP file generated during a private file’s behavior analysis
get
Get object descriptors related to a private file's behaviour report
get
Get objects related to a private file's behaviour report
get
Get a summary of all MITRE ATT&CK techniques observed in a file
get
Get a summary of all behavior reports for a file
get
Private Analyses
List private analyses
get
Get a private analysis
get
Get object descriptors related to a private analysis
get
Get objects related to a private analysis
get
Private URLs
Private Scan URL
post
Get a URL analysis report
get
Get objects related to a private URL
get
Get object descriptors related to a private URL
get
Private Zipping files
Create a password-protected ZIP with Google Threat Intelligence files
post
Check a ZIP file’s status
get
Download a ZIP file
get
Get a ZIP file’s download URL
get
Vulnerability Intelligence
Vulnerabilities
List vulnerabilities
get
Get a vulnerability
get
Get object descriptors related to a vulnerability
get
Get objects related to a vulnerability
get
Get comments from a vulnerability
get
Add a comment to a vulnerability
post
Get MITRE tactics and techniques associated with a vulnerability
get
Search IoCs inside a vulnerability
get
Export IOCs from a vulnerability
get
Export aggregations / commonalities from a vulnerability
get
Export IOCs from a given vulnerability's relationship
get
Subscribe to a vulnerability
post
Check subscription preferences from a vulnerability
get
Delete subscription from a vulnerability
del
ASM (ATTACK SURFACE MANAGEMENT)
Projects
Index
get
Create
post
Delete
del
ASM Collections
Index
get
Create
post
Read
get
Delete
del
Archive
patch
Unarchive
patch
Collection Runs
Index
get
Create
post
Entities
Search Entities
get
Get Detail
get
Get Full Detail
get
Issues
Search Issues
get
Get Detail
get
Set Status
post
Time Series
Get Entity point in time
get
Get Entity points in time
get
Get Issue points in time
get
Get Issue point in time
get
Technologies
Search Technologies
get
Notes
Index
get
Create
post
Delete
del
Tags
Index
get
Create
post
Delete
del
Seeds
Index
get
Create
post
Delete
del
ASM Integrations
Create
post
Index
get
Jira projects
get
Destroy
del
Integration Collections
Index
get
Destroy
del
Create
post
Library
Entities List
get
Entities Stats
get
Issues List
get
Issues List - Specific Isssue
get
Issues Stats
get
Tasks List
get
Tasks Stats
get
Fingerprints List
get
Fingerprint Stats
get
Issues List - Export as CSV
get
Tasks List - Export as CSV
get
Catalog Stats
get
DTM (DIGITAL THREAT MONITORING)
DTM Pagination
DTM Alerts
List alerts
get
Get an existing alert by its ID
get
Update field(s) of an alert
patch
List child alerts for a given aggregated alert bucket
get
Synchronously bulk update alerts
post
Asynchronously bulk update alerts using query params to target the alerts
post
Alert Analysis
Update the analysis text on an alert
put
List the file attachments for the alert
get
Upload attachments to an alert's analysis
post
Delete a file attachment from an alert
del
Download a file attachment from an alert
get
Alert Audit
List audit records for a given alert
get
List alert audit records
get
Monitors
List monitors
get
Create a new monitor
post
Delete an existing monitor
del
Get a monitor by its ID
get
Partial update an existing monitor
patch
Update an existing monitor
put
Asynchronously backfill alerts for new domains
patch
Asynchronously backfill alerts for the monitor
post
Estimate how many alerts will be created for the backfill of an updated monitor
patch
Estimate how many alerts will be created for the backfill of a newly created monitor
post
List monitor templates for top DTM use cases
get
Email Settings
List email settings
get
Create email settings
post
Delete email settings
del
Fetch an email setting
get
Update email settings
patch
Reverify one or more email recipients
post
Verified Domains
List verified domains for the current organization
get
Add a new verified domain
post
Delete an existing verified domain.
del
Get a verified domain by ID
get
Perform a synchronous verification check for the domain's TXT record code.
post
Add new verified domains
post
Download all verified domains with their TXT verification code in CSV format
get
DTM Docs
Retrieve an indexed document by its type and ID
get
Fetch the labels for an existing document
get
Fetch the topics for an existing document
get
Search for documents
post
Threat Graph
Threat Graphs
Search graphs
get
Create a graph
post
Delete a graph
del
Get a graph object
get
Update a graph object
patch
Get comments on a graph
get
Add a comment to a graph
post
Get object descriptors related to a graph
get
Get objects related to a graph
get
Threat Graphs Permissions & ACL
Get users and groups that can edit a graph
get
Grant users and groups permission to edit a graph
post
Revoke edit graph permissions from a user or group
del
Check if a user or group can edit a graph
get
Revoke view permission from a user or group
del
Check if a user or group can view a graph
get
Get users and groups that can view a graph
get
Grant users and groups permission to see a graph
post
Users and group management
User Management
Delete a user
del
Get a user object
get
Update a user object
patch
Get object descriptors related to a user
get
Get objects related to a user
get
Group Management
Get a group object
get
Update a group object
patch
Get administrators for a group
get
Grant group admin permissions to a list of users
post
Revoke group admin permissions from a user
del
Check if a user is a group admin
get
Get group users
get
Add users to a group
post
Remove a user from a group
del
Check if a user is a group member
get
Get object descriptors related to a group
get
Get objects related to a group
get
Get SAML configuration details of a group.
get
Update SAML configuration of a group.
patch
Delete SAML configuration of a group.
del
Quota Management
Get a user’s API usage
get
Get a group’s API usage
get
Get a group's usage per feature
get
Service Account Management
Get Service Accounts of a group
get
Create a new Service Account
post
Get a Service Account object
get
Audit Logs
Get Activity Logs
get
IoC Feeds
File intelligence feed
Get a hourly file feed batch
get
Get a per-minute file feed batch
get
Download a file published in the file feed
get
Sandbox analyses feed
Get an hourly file behaviour feed batch
get
Get a per-minute file behaviour feed batch
get
Get the EVTX file generated during a file’s behavior analysis
get
Get a file behaviour's detailed HTML report
get
Get the memdump file generated during a file’s behavior analysis
get
Get the PCAP file generated during a file’s behavior analysis
get
Domain intelligence feed
Get an hourly domain feed batch
get
Get a minutely domain feed batch
get
IP intelligence feed
Get an hourly IP address feed batch
get
Get a minutely IP address feed batch
get
URL intelligence feed
Get an hourly URL feed batch
get
Get a minutely URL feed batch
get
Categorised Threat Lists
Threat Lists
Generate a personal Authorization Token
post
List provisioned Categorised Threat Lists
get
Get the latest Threat List
get
Get an hourly Threat List
get
Dashboards
Dashboards
Export Dashboard Data
post
API OBJECTS
Activity Log
Analyses
🔀 item
Attack Tactics
🔀 attack_techniques
Attack Techniques
🔀 attack_tactics
🔀 parent_technique
🔀 revoking_technique
🔀 subtechniques
🔀 threat_actors
Campaign
Comments
🔀 author
Domains
🔀 communicating_files
🔀 downloaded_files
🔀 referrer_files
🔀 graphs
🔀 resolutions
🔀 siblings
🔀 comments
🔀 related_comments
🔀 historical_ssl_certificates
🔀 historical_whois
🔀 immediate_parent
🔀 parent
🔀 subdomains
🔀 urls
🔀 caa_records
🔀 cname_records
🔀 mx_records
🔀 ns_records
🔀 soa_records
🔀 votes
🔀🧑💻 user_votes
🔀 collections
🔀 related_threat_actors
Files
exiftool
ssdeep
authentihash
trid
pe_info
signature_info
androguard
asf_info
rombios_info
class_info
bundle_info
deb_info
magic
dmg_info
elf_info
image_code_injections
ipa_info
jar_info
javascript_info
macho_info
office_info
openxml_info
pdf_info
packers
rtf_info
swf_info
isoimage_info
dot_net_assembly
dot_net_guids
password_info
nsrl_info
malware_config
🔀 analyses
🔀 comments
🔀 carbonblack_children
🔀 carbonblack_parents
🔀 contacted_domains
🔀 contacted_ips
🔀 bundled_files
🔀 bundled_files
🔀 dropped_files
🔀 email_parents
🔀 embedded_domains
🔀 embedded_ips
🔀 embedded_urls
🔀 embedded_urls
🔀 execution_parents
🔀 graphs
🔀 memory_pattern_domains
🔀 memory_pattern_ips
🔀 memory_pattern_urls
🔀 screenshots
🔀 itw_urls
🔀 itw_domains
🔀 overlay_parents
🔀 pcap_parents
🔀 pe_resource_parents
🔀 similar_files
🔀 sigma_analysis
🔀 submissions
snort
suricata
traffic_inspection
wireshark
vba_info
🔀 compressed_parents
🔀 contacted_urls
🔀 email_attachments
🔀 votes
monitor_info
html_info
🔀 itw_ips
🔀 overlay_children
🔀 pcap_children
🔀 pe_resource_children
telfhash
tlsh
🔀 urls_for_embedded_js
known_distributors
lnk_info
🔀🧑💻 user_votes
popular_threat_classification
🔀 collections
🔀 related_threat_actors
crowdsourced_yara_results
crowdsourced_ids_results
crowdsourced_ids_stats
sigma_analysis_stats
sigma_analysis_results
sandbox_verdicts
detectiteasy
powershell_info
Files Behaviour
verdicts
files_dropped
files_copied
permissions_checked
http_conversations
dns_lookups
ip_traffic
processes_tree
sms_sent
🔀 file
🔀 attack_techniques
tags
Graphs
🔀 comments
🔀 editors
🔀 group
🔀 items
🔀 owner
🔀 viewers
Groups
🔀🧑💻 administrators
🔀🧑💻 graphs
🔀🧑💻 users
Hunting Notifications
Hunting Rulesets
IoC Collection
IoC-Stream Notifications
IP addresses
🔀 comments
🔀 graphs
🔀 historical_ssl_certificates
🔀 historical_whois
🔀 communicating_files
🔀 downloaded_files
🔀 referrer_files
🔀 resolutions
🔀 urls
🔀 related_comments
🔀 votes
🔀🧑💻 user_votes
🔀 collections
🔀 related_threat_actors
Malware Family
Operations
Private Analyses
🔀 item
🔀 submitter
Private Files
🔀 behaviours
🔀 dropped_files
🔀 execution_parents
🔀 embedded_urls
🔀 embedded_domains
🔀 embedded_ips
Private Files Behaviours
🔀 file
🔀 attack_techniques
Private URLs
Private URLs Behaviours
Report
Retrohunt Jobs
🔀🧑💻 matching_files
🔀🧑💻 owner
Resolutions
Saved Searches
Screenshots
Service Accounts
🔀🧑💻 api_quota_group
🔀 comments
🔀🧑💻 groups
🔀🧑💻 intelligence_quota_group
🔀 mentions
Sigma Analyses
🔀 rules
Sigma Rules
Software and Toolkit
SSL Certificate
Submissions
Threat Actor
Threat Profile
URLs
🔀 analyses
🔀 comments
🔀 related_comments
🔀 contacted_domains
🔀 contacted_ips
🔀 downloaded_files
🔀 graphs
🔀 last_serving_ip_address
🔀 network_location
🔀 redirecting_urls
🔀 redirects_to
🔀 submissions
🔀 embedded_js_files
🔀 referrer_files
🔀 referrer_urls
🔀 urls_related_by_tracker_id
🔀 communicating_files
🔀 votes
🔀🧑💻 user_votes
🔀 collections
🔀 related_threat_actors
Users
🔀 comments
🔀🧑💻 groups
🔀🧑💻 hunting_rulesets
🔀🧑💻 hunting_notifications
🔀🧑💻 hunting_notification_files
🔀 mentions
🔀 graphs
🔀🧑💻 retrohunt_jobs
🔀🧑💻 api_quota_group
🔀🧑💻 intelligence_quota_group
🔀 collections
🔀 votes
Votes
Vulnerability
Whois
YARA Rules
YARA Rulesets
Widget
Google Threat Intelligence Widget Quick guide
Rendering URL
Get a widget rendering URL
get
Threat Actor
Information about threat actors
