The purpose of this Postman collection is to provide examples of API queries/requests to get ASM digital assets data using RiskIQ's Digital Footprint platform and External Threats Events, Perform comprehensive threat intel & Research from the internet scale of data using our Illuminate Platform and Passive Total environment
\n\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"7592599","collectionId":"2b5c85a9-36fd-46e5-9aaa-53b0af4c2c5b","publishedId":"TVssj8i4","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"publishDate":"2020-12-18T20:17:17.000Z"},"item":[{"name":"Digital Footprint","item":[{"name":"Search Solarwinds Orion digital Assets","id":"4f3fdc61-7638-4aba-96b2-d44c55058f16","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"filters\": {\n \"condition\": \"AND\",\n \"value\": [\n {\n \"name\": \"webComponentName\",\n \"operator\": \"IN\",\n \"value\": [\n \"SolarWinds Orion\"\n ]\n }\n ]\n }\n}","options":{"raw":{"language":"json"}}},"url":"https://api.riskiq.net/v1/globalinventory/search?recent=true&size=100","description":"The purpose of this API Query is to provide ASM data using RiskIQ API to search for digital assets with observed Solarwinds Orion webcomponents within a RiskIQ Digital Footprint workspace.
\nMore details published and updated below.
\nSupply Chain Attack Against SolarWinds Orion Compromises Numerous Organizations
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","search"],"host":["api","riskiq","net"],"query":[{"key":"recent","value":"true"},{"key":"size","value":"100"}],"variable":[]}},"response":[],"_postman_id":"4f3fdc61-7638-4aba-96b2-d44c55058f16"},{"name":"Search Updated SSL Certs in your Digital Footprint","id":"900d4939-0be3-45d2-9644-7b3ffac2ad17","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[{"key":"X-RiskIQ-ISO","value":"true","type":"text"},{"key":"X-RiskIQ-Timezone","value":"UTC","type":"text"}],"body":{"mode":"raw","raw":"{\n \"filters\": {\n \"condition\": \"AND\",\n \"value\": [\n {\n \"name\": \"type\",\n \"operator\": \"IN\",\n \"value\": [\n \"SSL_CERT\"\n ]\n },\n {\n \"name\": \"updatedAt\",\n \"operator\": \"GTE\",\n \"value\": \"2 days ago\"\n }\n ]\n }\n}","options":{"raw":{"language":"json"}}},"url":"https://api.riskiq.net/v1/globalinventory/search?recent=true&size=100","description":"Search Updated SSL Certs in your Digital Footprint/Inventory with flexibility to download using multiple filters, current example shows all SSL Certs in your inventory that were updated in the past 2 days.
\nthe API request can be modified to use the same filter with actual date and time in ISO format
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","search"],"host":["api","riskiq","net"],"query":[{"key":"recent","value":"true"},{"key":"size","value":"100"}],"variable":[]}},"response":[],"_postman_id":"900d4939-0be3-45d2-9644-7b3ffac2ad17"},{"name":"Identify \"Critical: Insecure Login Form\" part of your digital footprint","id":"a094f208-d02b-4c78-b18e-497db8ff9d2d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[{"key":"X-RiskIQ-ISO","value":"true","type":"text"},{"key":"X-RiskIQ-Timezone","value":"UTC","type":"text"}],"url":"https://api.riskiq.net/v1/globalinventory/search?savedSearchName=Critical: Insecure Login Form","description":"To search and view digital assets with specific technology, attributes and/or vulnerability identified and highlighted by RiskIQ Research and Security teams as saved queries & insights readily available to all customers to query.
\ncurrent example shows the saved search query to identify webpages with insecure login forms exposed on the internet.
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","search"],"host":["api","riskiq","net"],"query":[{"key":"savedSearchName","value":"Critical: Insecure Login Form"}],"variable":[]}},"response":[],"_postman_id":"a094f208-d02b-4c78-b18e-497db8ff9d2d"},{"name":"Review Asset changes/deltas in your digital inventory","id":"af702a01-d8c1-4892-b2c7-6acb29ea3135","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/v1/globalinventory/deltas?date=2020-12-19&type=SSL_CERT&measure=ADDED&range=7&size=100","description":"RiskIQ process compares specific asset details and identifies assets which have changed/added/removed in your inventory over daily or specific time periods. The deltas endpoint returns the set of assets which were found to be added to or removed from your inventory as well as the set of assets that include changes of the given type over those time periods.
\nCurrent example shows SSL Certs added to your inventory in the past 7 day time period. See below link for more documentation.
\n\n","urlObject":{"protocol":"https","path":["v1","globalinventory","deltas"],"host":["api","riskiq","net"],"query":[{"key":"date","value":"2020-12-19"},{"key":"type","value":"SSL_CERT"},{"key":"measure","value":"ADDED"},{"key":"range","value":"7"},{"key":"size","value":"100"}],"variable":[]}},"response":[],"_postman_id":"af702a01-d8c1-4892-b2c7-6acb29ea3135"},{"name":"IP's with newly observed RDP Port(3389) in your inventory","id":"56eba91a-e9b7-4c9a-afba-a0c293647f8a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/v1/globalinventory/ape/hit/nop?period=7&ports=3389&size=100","description":"Retrieve the list of IP Addresses with newly opened ports hits
\nDetermines the newly open port period in days and retrieves all IP's with specific ports in the given time period
\nCurrent example shows all IP addresses with newly observed port RDP port in the last 7 days. Below documentation has more details and options.
\nRiskIQ newly observed ports API Endpoint
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","ape","hit","nop"],"host":["api","riskiq","net"],"query":[{"key":"period","value":"7"},{"key":"ports","value":"3389"},{"key":"size","value":"100"}],"variable":[]}},"response":[],"_postman_id":"56eba91a-e9b7-4c9a-afba-a0c293647f8a"},{"name":"Search digital assets vulnerable to Microsoft Exchange vulnerabilities","id":"f3e5b09e-5de8-4827-857d-1d43be18d51f","protocolProfileBehavior":{"disabledSystemHeaders":{"user-agent":true},"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[{"key":"X-RiskIQ-ISO","value":"true","type":"text"},{"key":"X-RiskIQ-Timezone","value":"UTC","type":"text"}],"url":"https://api.riskiq.net/v1/globalinventory/search?recent=true&size=100&page=0","description":"The purpose of this API Query is to identify within a customer's Digital Footprint workspace for digital assets vulnerable to or probably affected by the Microsoft exchange vulnerabilities actively exploited by a state-sponsored group, dubbed HAFNIUM.
\nThreat intel and Microsoft patches details published below.
\nMicrosoft Patches Exchange Vulnerabilities Leveraged by HAFNIUM
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","search"],"host":["api","riskiq","net"],"query":[{"key":"recent","value":"true"},{"key":"size","value":"100"},{"key":"page","value":"0"}],"variable":[]}},"response":[],"_postman_id":"f3e5b09e-5de8-4827-857d-1d43be18d51f"},{"name":"Search digital assets patched against Microsoft Exchange vulnerabilities","id":"6434dacb-c629-4712-83e1-14a8584ec629","protocolProfileBehavior":{"disabledSystemHeaders":{"user-agent":true},"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[{"key":"X-RiskIQ-ISO","value":"true","type":"text"},{"key":"X-RiskIQ-Timezone","value":"UTC","type":"text"}],"body":{"mode":"raw","raw":"{\n \"filters\": {\n \"condition\": \"AND\",\n \"value\": [\n {\n \"name\": \"webComponentNameVersion\",\n \"operator\": \"IN\",\n \"value\": [\n \"Outlook Web App 14.3.513\",\n \"Outlook Web App 15.1.2106\",\n \"Outlook Web App 15.1.2176\",\n \"Outlook Web App 15.2.721\",\n \"Outlook Web App 15.2.792\",\n \"Outlook Web App 15.0.1497\",\n \"Microsoft Exchange 14.3.513\",\n \"Microsoft Exchange 15.1.2106\",\n \"Microsoft Exchange 15.1.2176\",\n \"Microsoft Exchange 15.2.721\",\n \"Microsoft Exchange 15.2.792\",\n \"Microsoft Exchange 15.0.1497\"\n ]\n },\n {\n \"name\": \"state\",\n \"operator\": \"IN\",\n \"value\": [\n \"CONFIRMED\",\n \"CANDIDATE\"\n ]\n }\n ]\n }\n}","options":{"raw":{"language":"json"}}},"url":"https://api.riskiq.net/v1/globalinventory/search?recent=true&size=100","description":"The purpose of this API Query is to identify within a customer's Digital Footprint workspace for digital assets patched by the latest Microsoft exchange patches to be safe against vulnerabilities actively exploited by a state-sponsored group, dubbed HAFNIUM.
\nThreat intel and Microsoft patches details published below.
\nMicrosoft Patches Exchange Vulnerabilities Leveraged by HAFNIUM
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","search"],"host":["api","riskiq","net"],"query":[{"key":"recent","value":"true"},{"key":"size","value":"100"}],"variable":[]}},"response":[],"_postman_id":"6434dacb-c629-4712-83e1-14a8584ec629"},{"name":"Search All Live Hosts in IP Block","id":"450a4871-dd0c-419c-987f-4ebad70d640c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"query\": null,\n \"filters\": {\n \"condition\": \"AND\",\n \"value\": [\n {\n \"name\": \"state\",\n \"operator\": \"IN\",\n \"value\": [\n \"CONFIRMED\"\n ]\n },\n {\n \"name\": \"type\",\n \"operator\": \"IN\",\n \"value\": [\n \"HOST\"\n ]\n },\n {\n \"name\": \"ipAddress\",\n \"operator\": \"NOT_NULL\",\n \"value\": true\n },\n {\n \"name\": \"wildcard\",\n \"operator\": \"IN\",\n \"value\": [\n false\n ]\n },\n {\n \"name\": \"ipBlock\",\n \"operator\": \"IN\",\n \"value\": [\n \"REPLACE-With-IP-Block-In-CDIR-Notation\"\n ]\n }\n ]\n }\n}","options":{"raw":{"language":"json"}}},"url":"https://api.riskiq.net/v1/globalinventory/search?recent=true&size=100","description":"Search all Live Hosts in a IP Block. For the return of large data sets, please see the RIQ documentation on the use of cursors and the query parameter name of 'mark':
\nhttps://api.riskiq.net/api/globalinventory/
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","search"],"host":["api","riskiq","net"],"query":[{"key":"recent","value":"true"},{"key":"size","value":"100"}],"variable":[]}},"response":[],"_postman_id":"450a4871-dd0c-419c-987f-4ebad70d640c"},{"name":"Search Kubernettes Default SSL Certificates","id":"e76d2394-938a-412e-9349-f695132ef942","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n \"query\": null,\n \"filters\": {\n \"condition\": \"AND\",\n \"value\": [\n {\n \"name\": \"issuerCommonName\",\n \"operator\": \"IN\",\n \"value\": [\n \"Kubernetes Ingress Controller Fake Certificate\"\n ]\n },\n {\n \"name\": \"type\",\n \"operator\": \"IN\",\n \"value\": [\n \"SSL_CERT\"\n ]\n },\n {\n \"name\": \"state\",\n \"operator\": \"IN\",\n \"value\": [\n \"CONFIRMED\"\n ]\n }\n ]\n }\n}","options":{"raw":{"language":"json"}}},"url":"https://api.riskiq.net/v1/globalinventory/search?recent=true&size=100","description":"Search for all Approved Inventory that has a default Kubernetes SSL Certificate, indicating a default configuration.
\n","urlObject":{"protocol":"https","path":["v1","globalinventory","search"],"host":["api","riskiq","net"],"query":[{"key":"recent","value":"true"},{"key":"size","value":"100"}],"variable":[]}},"response":[],"_postman_id":"e76d2394-938a-412e-9349-f695132ef942"}],"id":"20658bee-e183-45a0-a1a4-6826892c4c77","description":"Examples of API queries/requests to get ASM digital assets data using RiskIQ's Digital Footprint platform
\nRiskIQ Digital Footprint open API documentation
\n","auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"event":[{"listen":"prerequest","script":{"id":"a5d36748-69e7-455b-bde1-35ad9f47b9f9","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"61a84372-2ac4-4db0-888d-8a9caad7ebab","type":"text/javascript","exec":[""]}}],"_postman_id":"20658bee-e183-45a0-a1a4-6826892c4c77"},{"name":"RiskIQ Illuminate","item":[{"name":"Illuminate SecOps Module","item":[{"name":"Reputation Score Endpoint","id":"08661593-b253-44b4-b763-93585a7798c9","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/reputation?query=2020-windows.com","description":"Get Reputation scores for any Host, IP or Domain using RiskIQ Illuminate SecOps module,
\nAPI Request uses domain \"2020-windows.com\" as an example
\n","urlObject":{"protocol":"https","path":["pt","v2","reputation"],"host":["api","riskiq","net"],"query":[{"key":"query","value":"2020-windows.com"}],"variable":[]}},"response":[],"_postman_id":"08661593-b253-44b4-b763-93585a7798c9"}],"id":"d9c4cd2c-8ba1-42e3-a5e0-2d069df9b839","description":"Examples of API queries/requests to get Reputation scores for any Host, IP or Domain using RiskIQ Illuminate SecOps module
\nRiskIQ Illuminate SecOps open API documentation
\n","auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"event":[{"listen":"prerequest","script":{"id":"c4c45510-beb6-4317-88d6-ef03d5ac1a31","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"661f22b4-ce6e-4cca-aff3-4f703ac78d8b","type":"text/javascript","exec":[""]}}],"_postman_id":"d9c4cd2c-8ba1-42e3-a5e0-2d069df9b839"},{"name":"Attack Surface Intelligence","item":[{"name":"Attack Surface Intelligence","id":"9fc8df24-1920-4c4d-b2aa-fe57831f7e5f","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/attack-surface","description":"Finds the Attack Surface information of the given account. API response includes observations summary by priority level (High, Medium, Low)
\n","urlObject":{"protocol":"https","path":["pt","v2","attack-surface"],"host":["api","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"9fc8df24-1920-4c4d-b2aa-fe57831f7e5f"},{"name":"Attack Surface Priority Information","id":"36d9f27b-6875-4454-99ec-170eea5262e0","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/attack-surface/priority/high","description":"Finds the Attack Surface Priority Information given the level (low, medium, high) associated to the given account
\n","urlObject":{"protocol":"https","path":["pt","v2","attack-surface","priority","high"],"host":["api","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"36d9f27b-6875-4454-99ec-170eea5262e0"},{"name":"Attack Surface Insight Information","id":"c35caf7f-9bba-4dbf-90a2-a369aa3454e8","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/attack-surface/insight/40466?page=0&size=50","description":"Finds the Attack Surface Insight Information given the insight ID for the given account. the Insight ID is found part of the previous API request Attack surface priority information
\nAPI Request uses a sample insight Id as an example
\n","urlObject":{"protocol":"https","path":["pt","v2","attack-surface","insight","40466"],"host":["api","riskiq","net"],"query":[{"description":{"content":"Optional. supports pagination
\n","type":"text/plain"},"key":"page","value":"0"},{"description":{"content":"Optional. No. of results per page
\n","type":"text/plain"},"key":"size","value":"50"}],"variable":[]}},"response":[],"_postman_id":"c35caf7f-9bba-4dbf-90a2-a369aa3454e8"}],"id":"27753c01-9bca-4a1f-bc9c-40b14a9f35ce","description":"RiskIQ’s Attack Surface intelligence identifies and distinguishes resources and digital systems across the open and closed web—brands, infrastructure, third parties, dependencies, peers, industries, and the entire digital supply chain. By using the ASI and Third Party API, Threat Hunters and Incident Responders can easily automate threat hunting and look for vulnerable areas on their own and their vendor/suppliers Attack Surfaces.
\nExamples of API queries/requests to get Attack surface Intelligence for any Host, IP or Domain using RiskIQ Illuminate Attack Surface Intelligence module
\nRiskIQ Attack Surface Intelligence open API documentation
\n","auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"event":[{"listen":"prerequest","script":{"id":"7141cc23-f880-4a69-b973-b7935b19091b","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"9adb54b9-7e17-4b03-b87a-2f61db93970c","type":"text/javascript","exec":[""]}}],"_postman_id":"27753c01-9bca-4a1f-bc9c-40b14a9f35ce"},{"name":"Attack Surface Third-Party Portfolio","item":[{"name":"All Attack Surface Third-Party vendors","id":"1a3c5e55-73c2-49aa-b15a-c341e9b4858f","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/attack-surface/third-party?page=2&size=50","description":"Finds all vendors associated with the given account
\n","urlObject":{"protocol":"https","path":["pt","v2","attack-surface","third-party"],"host":["api","riskiq","net"],"query":[{"description":{"content":"Optional. supports pagination
\n","type":"text/plain"},"key":"page","value":"2"},{"description":{"content":"Optional. No. of results per page
\n","type":"text/plain"},"key":"size","value":"50"}],"variable":[]}},"response":[],"_postman_id":"1a3c5e55-73c2-49aa-b15a-c341e9b4858f"},{"name":"Attack Surface Third-Party vendor information","id":"0105098a-c913-4d27-81ea-bf1971ecf2d8","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/attack-surface/third-party/88256","description":"Finds the Attack Surface Third-Party information (Detail) for the vendor ID specified.
\nAPI Example shows a sample numeric vendor Id (88256).
\n","urlObject":{"protocol":"https","path":["pt","v2","attack-surface","third-party","88256"],"host":["api","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"0105098a-c913-4d27-81ea-bf1971ecf2d8"},{"name":"Attack Surface 3rd Party Priority Information","id":"9c211c15-30a9-4a43-9b5e-2585935446bd","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/priority/medium","description":"Finds the Attack Surface Third-Party Priority Information given the level (low, medium, high) and vendor ID.
\nAPI Example shows a sample numeric vendor Id (88256).
\n","urlObject":{"protocol":"https","path":["pt","v2","attack-surface","third-party","88256","priority","medium"],"host":["api","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"9c211c15-30a9-4a43-9b5e-2585935446bd"},{"name":"Attack Surface Third-Party Insight Information","id":"4a2235d1-56a5-49a4-914d-3cfddeb5a2bc","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/attack-surface/third-party/88256/insight/40466?page=2&size=50","description":"Finds the Attack Surface Insight Information given the insight ID for a given account.
\nAPI Example shows a sample numeric vendor Id (88256) and sample numeric Insight Id (40466).
\n","urlObject":{"protocol":"https","path":["pt","v2","attack-surface","third-party","88256","insight","40466"],"host":["api","riskiq","net"],"query":[{"description":{"content":"Optional. supports pagination
\n","type":"text/plain"},"key":"page","value":"2"},{"description":{"content":"Optional. No. of results per page
\n","type":"text/plain"},"key":"size","value":"50"}],"variable":[]}},"response":[],"_postman_id":"4a2235d1-56a5-49a4-914d-3cfddeb5a2bc"}],"id":"6ec5eaeb-7e49-4bf4-9c67-dc18dac34ced","description":"RiskIQ Illuminate 3rd Party Intelligence module to get all vendors related vulnerabilities associated with a given account
\nRiskIQ Attack Surface 3rd Party Intelligence open API documentation
\n","auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"event":[{"listen":"prerequest","script":{"id":"cdda8e57-cbf4-4fdc-99e5-54ceb945086d","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"39628bb5-b0ca-4c98-b179-0fd46ee1482c","type":"text/javascript","exec":[""]}}],"_postman_id":"6ec5eaeb-7e49-4bf4-9c67-dc18dac34ced"},{"name":"Cyber Threat Intel Profiles","item":[{"name":"All Intel Profiles","id":"21aee3ef-9aac-46ac-9b1a-d5345ee8a5fe","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles","description":"Retrieves all intel profiles.
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles"],"host":["api","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"21aee3ef-9aac-46ac-9b1a-d5345ee8a5fe"},{"name":"All Intel Profiles by type","id":"6a618e90-43c1-4f72-803a-0671adf552e1","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles?type=actor","description":"Retrieves all intel profiles queryable by type.\nTypes: actor, tool, backdoor
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles"],"host":["api","riskiq","net"],"query":[{"key":"type","value":"actor"}],"variable":[]}},"response":[],"_postman_id":"6a618e90-43c1-4f72-803a-0671adf552e1"},{"name":"All Intel Profiles by query actor/group","id":"6ea97e50-ca51-4b69-99e1-473523142a97","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles?query=atp33","description":"Retrieves all intel profiles queryable by actor group
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles"],"host":["api","riskiq","net"],"query":[{"key":"query","value":"atp33"}],"variable":[]}},"response":[],"_postman_id":"6ea97e50-ca51-4b69-99e1-473523142a97"},{"name":"Retrieves the details for a given profile.","id":"17628548-78e2-4ca7-a54d-ad1126b8cc74","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles/apt33","description":"Retrieves the details for a given intel profile.
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles","apt33"],"host":["api","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"17628548-78e2-4ca7-a54d-ad1126b8cc74"},{"name":"All Indicators For a Given Profile","id":"8e33360d-0827-4d2f-9e6e-1da52c9ce765","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles/apt33/indicators","description":"Retrieves the indicators for a given profile id.
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles","apt33","indicators"],"host":["api","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"8e33360d-0827-4d2f-9e6e-1da52c9ce765"},{"name":"All Indicators For a Given Profile - parameters","id":"d86cd291-ace0-4024-a71d-0d059b25505f","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles/apt33/indicators?page=1&size=100&types=domain&sources=osint&categories=host&query=37.48.67.58","description":"Optional queryable parameters are shown that can be used to retrieve the indicators for a given profile id.
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles","apt33","indicators"],"host":["api","riskiq","net"],"query":[{"description":{"content":"optional. supports pagination
\n","type":"text/plain"},"key":"page","value":"1"},{"description":{"content":"optional. No. of results per page
\n","type":"text/plain"},"key":"size","value":"100"},{"description":{"content":"optional
\n","type":"text/plain"},"key":"types","value":"domain"},{"description":{"content":"optional
\n","type":"text/plain"},"key":"sources","value":"osint"},{"description":{"content":"optional
\n","type":"text/plain"},"key":"categories","value":"host"},{"description":{"content":"optional
\n","type":"text/plain"},"key":"query","value":"37.48.67.58"}],"variable":[]}},"response":[],"_postman_id":"d86cd291-ace0-4024-a71d-0d059b25505f"},{"name":"All Profiles By Indicator","id":"d692a8f2-8eb3-4295-9418-378ab660bd14","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles/indicator?query=37.48.67.58","description":"Retrieves all profiles containing the given indicator.
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles","indicator"],"host":["api","riskiq","net"],"query":[{"key":"query","value":"37.48.67.58"}],"variable":[]}},"response":[],"_postman_id":"d692a8f2-8eb3-4295-9418-378ab660bd14"},{"name":"All Profiles By Indicator - parameters","id":"4fea2841-8ee2-4ecd-b3e3-1836ca45f18e","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"user-agent":true}},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.riskiq.net/pt/v2/intel-profiles/indicator?query=37.48.67.58&types=ip&sources=osint&categories=host","description":"Optional queryable parameters are shown that can be used to retrieve all profiles containing the given indicator
\n","urlObject":{"protocol":"https","path":["pt","v2","intel-profiles","indicator"],"host":["api","riskiq","net"],"query":[{"description":{"content":"Optional
\n","type":"text/plain"},"key":"query","value":"37.48.67.58"},{"description":{"content":"Optional
\n","type":"text/plain"},"key":"types","value":"ip"},{"description":{"content":"Optional
\n","type":"text/plain"},"key":"sources","value":"osint"},{"description":{"content":"Optional
\n","type":"text/plain"},"key":"categories","value":"host"}],"variable":[]}},"response":[],"_postman_id":"4fea2841-8ee2-4ecd-b3e3-1836ca45f18e"}],"id":"e7cf4ecd-953c-446e-9a9e-b74ec31d50bc","description":"RiskIQs Cyber Threat Intelligence API helps security teams automate threat intelligence profiles into their SIEM and incident response platforms. These intelligence profiles are enriched with RiskIQs indicators and are built for seamless integration with existing workflows providing quick context and monitoring on known and active threat campaigns.\nUsing CTI API, threat hunters or analysts can return the list of all known intel profiles or even search for any given actor profile name and aliases.
\nRiskIQ Cyber Threat Intelligence open API documentation
\n","auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"event":[{"listen":"prerequest","script":{"id":"0a9ed0a2-4026-4788-b64c-f53389aff24f","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"0f71c5e5-c3b0-478c-b96d-80d06fb229e3","type":"text/javascript","exec":[""]}}],"_postman_id":"e7cf4ecd-953c-446e-9a9e-b74ec31d50bc"},{"name":"Search SSL Certificates by Keyword","id":"e3469398-d123-4833-b937-b176672a6722","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":"{\n \"query\": \"localhost\"\n}","options":{"raw":{"language":"json"}}},"url":"https://api.passivetotal.org/v2/ssl-certificate/search/keyword","description":"Retrieves SSL certificates for a given keyword using PassiveTotal API Endpoint
\nExample shows localhost or *.local keyword search
\nMore on API documentation can be found here, https://api.passivetotal.org/index.html#api-SSL_Certificates-GetV2SslCertificateSearchKeyword
\n","urlObject":{"protocol":"https","path":["v2","ssl-certificate","search","keyword"],"host":["api","passivetotal","org"],"query":[],"variable":[]}},"response":[],"_postman_id":"e3469398-d123-4833-b937-b176672a6722"},{"name":"Search SSL Certificates using certificate attributes","id":"03dbeaf3-9a8a-4c79-aa0d-cd7c81908ede","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":"{\n \"field\": \"issuerOrganizationName\",\n \"query\": \"Symantec Corporation\"\n}","options":{"raw":{"language":"json"}}},"url":"https://api.passivetotal.org/v2/ssl-certificate/search","description":"Retrieves SSL certificates for a given field value in RiskIQ Passive Total
\nAllowed values: issuerSurname, subjectOrganizationName, issuerCountry, issuerOrganizationUnitName, fingerprint, subjectOrganizationUnitName, serialNumber, subjectEmailAddress, subjectCountry, issuerGivenName, subjectCommonName, issuerCommonName, issuerStateOrProvinceName, issuerProvince, subjectStateOrProvinceName, sha1, subjectStreetAddress, subjectSerialNumber, issuerOrganizationName, subjectSurname, subjectLocalityName, issuerStreetAddress, issuerLocalityName, subjectGivenName, subjectProvince, issuerSerialNumber, issuerEmailAddress, name, issuerAlternativeName, subjectAlternativeName
\nAPI documentation, https://api.passivetotal.org/index.html#api-SSL_Certificates-GetV2SslCertificateSearch
\n","urlObject":{"protocol":"https","path":["v2","ssl-certificate","search"],"host":["api","passivetotal","org"],"query":[],"variable":[]}},"response":[],"_postman_id":"03dbeaf3-9a8a-4c79-aa0d-cd7c81908ede"},{"name":"Get hosts by component name","id":"2ed77cfe-dae9-4da7-9cb7-280c5f221bd9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.passivetotal.org/v2/components/solarwinds orion/hosts","description":"Searches the components hosts information by component name in Passive Total
\ncurrent example shows component hosts for \"SolarWinds Orion\"
\nDetail API documentation can be found here, https://api.passivetotal.org/index.html#api-Components-GetV2ComponentsNameHosts
\n","urlObject":{"protocol":"https","path":["v2","components","solarwinds orion","hosts"],"host":["api","passivetotal","org"],"query":[],"variable":[]}},"response":[],"_postman_id":"2ed77cfe-dae9-4da7-9cb7-280c5f221bd9"},{"name":"Get IP Addresses by component name","id":"57ed823f-15c2-4404-9081-5245de76f88a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.passivetotal.org/v2/components/solarwinds orion/addresses","description":"Searches the components IP Addresses information by component name in Passive Total
\ncurrent example shows component IP Addresses for \"SolarWinds Orion\"
\nDetail API documentation can be found here, https://api.passivetotal.org/index.html#api-Components-GetV2ComponentsNameAddresses
\n","urlObject":{"protocol":"https","path":["v2","components","solarwinds orion","addresses"],"host":["api","passivetotal","org"],"query":[],"variable":[]}},"response":[],"_postman_id":"57ed823f-15c2-4404-9081-5245de76f88a"},{"name":"Get hosts by cookie name","id":"9a846bc4-6ecd-45f9-ace4-f98d73c9e01a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.passivetotal.org/v2/cookies/name/orion/hosts","description":"Searches the hosts information by cookie name in Passive Total platform
\ncurrent example shows hosts matching to cookie name \"orion\"
\nDetailed documentation available, https://api.passivetotal.org/index.html#api-Cookies-GetV2CookiesNameNameHosts
\n","urlObject":{"protocol":"https","path":["v2","cookies","name","orion","hosts"],"host":["api","passivetotal","org"],"query":[],"variable":[]}},"response":[],"_postman_id":"9a846bc4-6ecd-45f9-ace4-f98d73c9e01a"},{"name":"Get Threat Intel Portal Article Details","id":"8a82e7d9-a713-46b2-b468-710d2f2b7100","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[],"url":"https://api.passivetotal.org/v2/articles/a58a63e9","description":"Retrieves the details of the article specified.
\nCurrent example shows the \"FireEye discovered a global intrusion campaign via a supply chain attack trojanizing SolarWinds Orion\" article details.
\nMore API docuemtation, https://api.passivetotal.org/index.html#api-Articles
\n","urlObject":{"protocol":"https","path":["v2","articles","a58a63e9"],"host":["api","passivetotal","org"],"query":[],"variable":[]}},"response":[],"_postman_id":"8a82e7d9-a713-46b2-b468-710d2f2b7100"}],"id":"39c1df0f-0168-4223-948f-4d88f9bc62e8","auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"_postman_id":"39c1df0f-0168-4223-948f-4d88f9bc62e8","description":""},{"name":"External Threats","item":[{"name":"External Threats Event Search","id":"9ae5e3e6-e1df-44c9-89a2-e4539d8063b1","protocolProfileBehavior":{"disabledSystemHeaders":{"user-agent":true},"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[{"key":"X-RiskIQ-ISO","value":"true","type":"text"},{"key":"X-RiskIQ-Timezone","value":"UTC","type":"text"},{"key":"User-Agent","value":"RiskIQSolutions","type":"text"}],"body":{"mode":"raw","raw":"{\n \"filters\": [\n {\n \"filters\": [\n {\n \"field\": \"createdAt\",\n \"value\": \"2021-03-01T05:16:30Z\",\n \"type\": \"GTE\"\n }\n ]\n },\n {\n \"filters\": [\n {\n \"field\": \"reviewCode\",\n \"value\": \"New\",\n \"type\": \"EQ\"\n }\n ]\n }\n ]\n}","options":{"raw":{"language":"json"}}},"url":"https://ws.riskiq.net/v1/event/search","description":"The purpose of this API Query is to provide examples of API Requests/queries to access Events data within a RiskIQ Digital Footprint workspace.
\nThis example shows a query to get Events created after a certain date and specific RiskIQ Event Status
\n","urlObject":{"protocol":"https","path":["v1","event","search"],"host":["ws","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"9ae5e3e6-e1df-44c9-89a2-e4539d8063b1"},{"name":"List of Queryable Filters available for Events","id":"492624f2-d9b6-4439-ac36-ac45139b4a1e","protocolProfileBehavior":{"disabledSystemHeaders":{"user-agent":true},"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"GET","header":[{"key":"User-Agent","value":"RiskIQSolutions","type":"text"}],"url":"https://ws.riskiq.net/v1/event/search/filters","description":"Here's a API query to get the List of Queryable filters/fields available for Events API to be used in the previous example
\n","urlObject":{"protocol":"https","path":["v1","event","search","filters"],"host":["ws","riskiq","net"],"query":[],"variable":[]}},"response":[{"id":"93a009ba-d5c7-4964-a5c0-2b4250f4339a","name":"List of Queryable Filters available for Events","originalRequest":{"method":"GET","header":[{"key":"User-Agent","value":"RiskIQSolutions","type":"text"}],"url":"https://ws.riskiq.net/v1/event/search/filters"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"X-RiskIQ-Revision","value":"v0.0.1-5416-g6533ffc"},{"key":"Content-Type","value":"application/json;charset=UTF-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Thu, 07 Oct 2021 15:13:53 GMT"},{"key":"Strict-Transport-Security","value":"max-age=63072000; includeSubDomains; preload;"}],"cookie":[],"responseTime":null,"body":"{\n \"field\": [\n \"action\",\n \"active\",\n \"affectedHost\",\n \"alexaRanking\",\n \"appAccess\",\n \"appBinary\",\n \"appDescription\",\n \"appID\",\n \"appMd5\",\n \"appTitle\",\n \"asnDescription\",\n \"asset\",\n \"assetHost\",\n \"availableCountries\",\n \"blacklistDescription\",\n \"blacklistMatchedList\",\n \"blacklisted\",\n \"brand\",\n \"brokenLinkText\",\n \"brokenLinkUrl\",\n \"brokenRedirectFinalUrl\",\n \"browserBlocked\",\n \"category\",\n \"causeHost\",\n \"childUrlFirstSeenAt\",\n \"classifierMatch\",\n \"correlationType\",\n \"country\",\n \"crawlMessageID\",\n \"createdAt\",\n \"customDesc\",\n \"defacementCause\",\n \"developer\",\n \"domain\",\n \"domainExpires\",\n \"domainStatus\",\n \"downloads\",\n \"dynamicScore\",\n \"eventType\",\n \"eventTypeHidden\",\n \"extraInventoryLinkUrl\",\n \"fileSize\",\n \"firstSeen\",\n \"getPhrase\",\n \"hasSriViolation\",\n \"hasTxtRecord\",\n \"hasUserAddedNotes\",\n \"host\",\n \"id\",\n \"iidCaseID\",\n \"iidClassification\",\n \"iidCompleted\",\n \"iidID\",\n \"iidMitigationStatus\",\n \"insecureLinkUrl\",\n \"invalidAfter\",\n \"invalidBefore\",\n \"ip\",\n \"issuerCommonName\",\n \"issuerCountry\",\n \"issuerLocality\",\n \"issuerOrganization\",\n \"issuerOrganizationalUnit\",\n \"issuerState\",\n \"keySize\",\n \"lastActive\",\n \"lastUpdatedBy\",\n \"logoScore\",\n \"matchType\",\n \"nameServers\",\n \"officialID\",\n \"pageTitle\",\n \"platform\",\n \"policyName\",\n \"policyNameInfra\",\n \"primaryTag\",\n \"priority\",\n \"profileDescription\",\n \"profileHomepage\",\n \"profileJoined\",\n \"profileLink\",\n \"profileLocation\",\n \"profileName\",\n \"profileReach\",\n \"profileUsername\",\n \"provider\",\n \"ratings\",\n \"region\",\n \"registrant\",\n \"registrantEmail\",\n \"registrantOrganization\",\n \"registrar\",\n \"registrarCreatedAt\",\n \"requestComponent\",\n \"resourceHost\",\n \"resourceMd5\",\n \"resourceUrl\",\n \"responseBodySize\",\n \"reviewCode\",\n \"reviewDate\",\n \"ruleMatchedOn\",\n \"sentForBrowserBlocking\",\n \"serialNumber\",\n \"siteLive\",\n \"siteParked\",\n \"socialNetwork\",\n \"source\",\n \"sslCertID\",\n \"statusChangeDate\",\n \"statusChangeValue\",\n \"statusHidden\",\n \"store\",\n \"storeType\",\n \"subjectCommonName\",\n \"subjectCountry\",\n \"subjectLocality\",\n \"subjectOrganizationalUnit\",\n \"subjectState\",\n \"suspect\",\n \"suspiciousRule\",\n \"targetBrand\",\n \"targetCountry\",\n \"threatHost\",\n \"title\",\n \"ubjectOrganization\",\n \"updatedAt\",\n \"updatedBy\",\n \"url\",\n \"userHistory\",\n \"version\",\n \"wildcardDNS\"\n ],\n \"title\": {\n \"action\": \"Action\",\n \"appBinary\": \"Binary Available\",\n \"appID\": \"Mobile App ID\",\n \"appMd5\": \"MD5\",\n \"asset\": \"Asset\",\n \"assetHost\": \"Host\",\n \"blacklistDescription\": \"Blocklist Description\",\n \"blacklistMatchedList\": \"Blocklist Matched List\",\n \"blacklisted\": \"Blocklisted\",\n \"brokenLinkText\": \"Broken Link Text\",\n \"brokenLinkUrl\": \"Broken Link URL\",\n \"brokenRedirectFinalUrl\": \"Broken Redirect Final URL\",\n \"causeHost\": \"Cause Host\",\n \"childUrlFirstSeenAt\": \"Resource Url First Seen\",\n \"correlationType\": \"Blocklist Correlation\",\n \"customDesc\": \"Custom Description\",\n \"defacementCause\": \"Defacement Cause\",\n \"domain\": \"Domain\",\n \"domainStatus\": \"Domain Status\",\n \"extraInventoryLinkUrl\": \"Third Party Link URL\",\n \"fileSize\": \"File Size (In Bytes)\",\n \"getPhrase\": \"Keyword\",\n \"hasSriViolation\": \"Has SRI Violation\",\n \"hasTxtRecord\": \"Email-Capable\",\n \"hasUserAddedNotes\": \"Note\",\n \"host\": \"Host\",\n \"iidCaseID\": \"IID Enforcement ID\",\n \"insecureLinkUrl\": \"Insecure Link URL\",\n \"invalidAfter\": \"SSL Invalid After\",\n \"invalidBefore\": \"SSL Invalid Before\",\n \"ip\": \"IP\",\n \"issuerCommonName\": \"SSL Issuer Common Name\",\n \"issuerCountry\": \"SSL Issuer Country\",\n \"issuerLocality\": \"SSL Issuer Locality\",\n \"issuerOrganization\": \"SSL Issuer Organization\",\n \"issuerOrganizationalUnit\": \"SSL Issuer Organizational Unit\",\n \"issuerState\": \"SSL Issuer State\",\n \"keySize\": \"SSL Key Size\",\n \"lastActive\": \"Incident Date\",\n \"lastUpdatedBy\": \"Last Updated By\",\n \"matchType\": \"Blocklist Match Type\",\n \"nameServers\": \"Name Servers\",\n \"pageTitle\": \"Page Title\",\n \"policyName\": \"Web Compliance Cause\",\n \"policyNameInfra\": \"Infrastructure Cause\",\n \"profileDescription\": \"Profile Description\",\n \"profileHomepage\": \"Profile Homepage\",\n \"profileJoined\": \"Join Date\",\n \"profileLink\": \"Profile Link\",\n \"profileLocation\": \"Profile Location\",\n \"profileName\": \"Profile Name\",\n \"profileReach\": \"Profile Reach\",\n \"profileUsername\": \"Profile Username\",\n \"provider\": \"Provider\",\n \"registrant\": \"Registrant Name\",\n \"registrantOrganization\": \"Registrant Organization\",\n \"registrar\": \"Registrar\",\n \"registrarCreatedAt\": \"Domain Registration Date\",\n \"requestComponent\": \"Suspicious Component\",\n \"resourceHost\": \"Resource Host\",\n \"reviewCode\": \"Current Status\",\n \"reviewDate\": \"Status Last Changed Date\",\n \"ruleMatchedOn\": \"Suspicious Rule Matched On\",\n \"serialNumber\": \"SSL Serial Number\",\n \"siteLive\": \"Live Website\",\n \"socialNetwork\": \"Social Network\",\n \"sslCertID\": \"SSL Certificate ID\",\n \"statusChangeDate\": \"Status Changed Dated\",\n \"statusChangeValue\": \"Status Was Value\",\n \"subjectCommonName\": \"SSL Subject Common Name\",\n \"subjectCountry\": \"SSL Subject Country\",\n \"subjectLocality\": \"SSL Subject Locality\",\n \"subjectOrganizationalUnit\": \"SSL Subject Organizational Unit\",\n \"subjectState\": \"SSL Subject State\",\n \"suspect\": \"Suspicious\",\n \"suspiciousRule\": \"Suspicious Rule\",\n \"targetBrand\": \"Target Brand\",\n \"threatHost\": \"Threat Host\",\n \"ubjectOrganization\": \"SSL Subject Organization\",\n \"updatedBy\": \"Updated By\",\n \"version\": \"SSL Version\"\n }\n}"}],"_postman_id":"492624f2-d9b6-4439-ac36-ac45139b4a1e"},{"name":"Update an existing Event in a workspace","id":"e85d1692-440c-43a1-97ce-852d94e01610","protocolProfileBehavior":{"disabledSystemHeaders":{"user-agent":true},"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":false},"method":"POST","header":[{"key":"User-Agent","value":"RiskIQSolutions","type":"text"}],"body":{"mode":"raw","raw":"{\n \"ids\": [\n 111111,\n 222222\n ],\n \"reviewCode\": \"Confirmed\",\n \"eventPriority\": \"Medium\",\n \"owner\": \"optional owner email\",\n \"country\": \"USA\",\n \"tags\": [\n \"tag1:param1\",\n \"tag2:param2\"\n ],\n \"note\": \"all fields are optional in this request except the url\"\n}","options":{"raw":{"language":"json"}}},"url":"https://ws.riskiq.net/v1/inventory/event/update","description":"This example shows the API Endpoint to update an existing Events within a External Threat workspace.
\nEach event has a unique ID, which can be used to retrieve or update the event.
\n","urlObject":{"protocol":"https","path":["v1","inventory","event","update"],"host":["ws","riskiq","net"],"query":[],"variable":[]}},"response":[],"_postman_id":"e85d1692-440c-43a1-97ce-852d94e01610"}],"id":"3b3b5bcb-69ef-4927-9821-3cc38c0956a3","description":"Examples of API queries/requests to get Events data using RiskIQ's External Threats platform
\nFilters in the same array will be combined using OR logic. Arrays of filters will be combined using AND logic.
\nHere's a list of available request Parameters,\nsavedSearchID - the ID of a saved search (can be obtained from /v1/event/savedSearches)
\nsavedSearchName the Name of a saved search.
\nresults - Maximum number of results to return in a result set. Defaults to 50, maximum 2000.
\noffset - Offset of the first result returned. For example, offset=50 would return a result set starting with the 50th result.
\nscroll - Perform scrolling instead of a paged search. Used in place of offset. No value on initial request and returned scroll value on subsequent requests.
\nsort - Event field to sort on. Example: 'createdAt'.
\norder - Ascending or descending: 'ASC', 'DESC'.
\nincludeUserNotes - Should notes created by a user be added to the response: true, false. Defaults to false.
\nPaged searches are limited to 10,000 results (i.e., offset + results must be less than 10,000). If accessing more results or if retrieving all results, then scrolling should be used instead.
\nScrolling is enabled by passing the scroll parameter in place of the offset parameter. The initial request should be submitted with this parameter and no value. The response will contain the first set of results and a scroll id. To retrieve the next set of results, the scroll parameter is passed with the previously returned scroll id as the value. This request process continues until an empty result list is returned (marking the end of the search results). Note that since the scroll id may change, it is important that a given request pass the scroll id returned in the previous response.
\nThe scroll context is kept active for 1 minute. This means that the request for the next set of results must occur within this time period. Each scroll request extends the expiry time by one minute. Requests including an invalid scroll will result in a 400 response code.
\n","_postman_id":"3b3b5bcb-69ef-4927-9821-3cc38c0956a3","auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"},"isInherited":true,"source":{"_postman_id":"2b5c85a9-36fd-46e5-9aaa-53b0af4c2c5b","id":"2b5c85a9-36fd-46e5-9aaa-53b0af4c2c5b","name":"RiskIQ API Attack Surface Management (ASM) and Threat Intelligence","type":"collection"}}}],"auth":{"type":"basic","basic":{"password":"API-SECRET","username":"API-TOKEN"}},"event":[{"listen":"prerequest","script":{"id":"3f837260-c9ac-47c7-97ff-7bd710235186","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"46996a07-4647-43c9-8906-c27e6f8d4b4f","type":"text/javascript","exec":[""]}}],"variable":[{"key":"username","value":"API-TOKEN"},{"key":"password","value":"API-SECRET"}]}