RiskIQ Security Intelligence Services provides direct, high volume access to RiskIQ data, allowing mature customers the ability to use this data to defend against threats to their environment.
Status: Preview |
Tier: Premium |
Version: 1.0 |
Name |
Summary |
Passive DNS results by IP address |
|
Passive DNS results by resource name |
|
Passive DNS results by hex bytes in data field |
|
Passive DNS results by name |
|
Get SSL certificates by host name |
|
Get SSL certificates by serial number |
|
Get SSL certificate by SHA1 hash |
|
Get hosts by certificate |
|
Get SSL certificates by name |
|
WHOIS_IP (string address, [Optional]string exact, [Optional]string maxResults) |
Get WHOIS records associated with an address |
WHOIS_DOMAIN (string domain, [Optional]string exact, [Optional]string maxResults) |
Get the current WHOIS for a domain |
WHOIS_BY_EMAIL (string email, [Optional]string exact, [Optional]string maxResults) |
Get WHOIS records associated with an email address |
WHOIS_BY_NAME (string name, [Optional]string exact, [Optional]string maxResults) |
Get WHOIS records associated with a name |
WHOIS_BY_NAMESERVER (string nameserver, [Optional]string exact, [Optional]string maxResults) |
Get WHOIS records associated with a name server |
WHOIS_BY_ORGANIZATION (string org, [Optional]string exact, [Optional]string maxResults) |
Get WHOIS records associated with an organization |
WHOIS_BY_PHONE (string phone, [Optional]string exact, [Optional]string maxResults) |
Get WHOIS records associated with a phone number |
Get trackers for a host |
|
Get trackers for a domain |
|
Get trackers for a IPv4 address |
|
Get children host pairs of host |
|
Get parent host pairs of host |
|
Get the web components for a host |
|
Get the web components for a domain |
|
Get the web components for a IPv4 address |
|
Get cookies associated with host |
|
Get cookies associated with IPv4 address |
|
Get enriched information by host |
|
Get enriched information by IPv4 |
Name |
Summary |
Name |
Summary |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Summary: Passive DNS results by IP address
Description: Passive DNS results by IP address
Syntax:
RiskIQ.PDNS_IP (string ip, [Optional]string max, [Optional]string lastSeenAfter, [Optional]string firstSeenBefore)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
ip |
string (IP address in data fields for which to retrieve results.) |
IP address in data fields for which to retrieve results. |
True |
|
max |
string (Maximum number of results to retrieve.) |
Maximum number of results to retrieve. |
False |
|
lastSeenAfter |
string (Filter data based on lastSeen after date (YYYY-MM-DD).) |
Filter data based on lastSeen after date (YYYY-MM-DD). |
False |
|
firstSeenBefore |
string (Filter data based on firstSeen before date (YYYY-MM-DD).) |
Filter data based on firstSeen before date (YYYY-MM-DD). |
False |
Returns:
Type:RRSets
Summary: Passive DNS results by resource name
Description: Passive DNS results by resource name
Syntax:
RiskIQ.PDNS_RESOURCE_DATA (string name, [Optional]string type, [Optional]string max, [Optional]string lastSeenAfter, [Optional]string firstSeenBefore)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
name |
string (Domain name to search against.) |
DNS name. Colloquially referred to as a domain name or DNS zone. Various types of PDNS records contain DNS names in their data fields. For example, the data fields of a name server (NS) record contain the host names of authoritative name servers. |
True |
|
type |
string (Record type.) |
DNS resource record type. Indicates the type of a DNS resource record. Different types of records describe different aspects of a resource. For example, a record with a type of A describes an IPv4 address for a given host name (the rrname of the record). There are many different defined types. Some of the more common ones besides A include AAAA for IPv6 records, NS for name server records, MX for mail server records, and TXT for arbitrary data. |
False |
|
max |
string (Maximum number of results to retrieve.) |
Maximum number of results to retrieve. |
False |
|
lastSeenAfter |
string (Filter data based on lastSeen after date (YYYY-MM-DD).) |
Filter data based on lastSeen after date (YYYY-MM-DD). |
False |
|
firstSeenBefore |
string (Filter data based on firstSeen before date (YYYY-MM-DD).) |
Filter data based on firstSeen before date (YYYY-MM-DD). |
False |
Returns:
Type:RRSets
Summary: Passive DNS results by hex bytes in data field
Description: Passive DNS results by hex bytes in data field
Syntax:
RiskIQ.PDNS_RESOURCE_DATA_HEX ([Optional]string type, [Optional]string max, [Optional]string lastSeenAfter, [Optional]string firstSeenBefore, string hex)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
type |
string (DNS resource record type.) |
DNS resource record type. Indicates the type of a DNS resource record. Different types of records describe different aspects of a resource. For example, a record with a type of A describes an IPv4 address for a given host name (the rrname of the record). There are many different defined types. Some of the more common ones besides A include AAAA for IPv6 records, NS for name server records, MX for mail server records, and TXT for arbitrary data. |
False |
|
max |
string (Maximum number of results to retrieve.) |
Maximum number of results to retrieve. |
False |
|
lastSeenAfter |
string (Filter data based on lastSeen after date (YYYY-MM-DD).) |
Filter data based on lastSeen after date (YYYY-MM-DD). |
False |
|
firstSeenBefore |
string (Filter data based on firstSeen before date (YYYY-MM-DD).) |
Filter data based on firstSeen before date (YYYY-MM-DD). |
False |
|
hex |
string (Hexadecimal encoding of data field bytes.) |
Hexadecimal encoding of data field bytes. |
True |
Returns:
Type:RRSets
Summary: Passive DNS results by name
Description: Passive DNS results by name
Syntax:
RiskIQ.PDNS_NAME (string name, [Optional]string type, [Optional]string max, [Optional]string lastSeenAfter, [Optional]string firstSeenBefore)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
name |
string (DNS resource record name.) |
DNS resource record name. The name of the DNS zone to which a DNS resource record pertains. Commonly used interchangeably with domain name or host name in many scenarios. Technically, an rrname ends with a terminal dot (e.g. riskiq.net.); but this API automatically assumes an implied terminal dot if one is not supplied. |
True |
|
type |
string (DNS resource record type.) |
DNS resource record type. Indicates the type of a DNS resource record. Different types of records describe different aspects of a resource. For example, a record with an type of A describes an IPv4 address for a given host name (the rrname of the record). There are many different defined types. Some of the more common ones besides A include AAAA for IPv6 records, NS for name server records, MX for mail server records, and TXT for arbitrary data. |
False |
|
max |
string (Maximum number of results to retrieve.) |
Maximum number of results to retrieve. |
False |
|
lastSeenAfter |
string (Filter data based on lastSeen after date (YYYY-MM-DD).) |
Filter data based on lastSeen after date (YYYY-MM-DD). |
False |
|
firstSeenBefore |
string (Filter data based on firstSeen before date (YYYY-MM-DD).) |
Filter data based on firstSeen before date (YYYY-MM-DD). |
False |
Returns:
Type:RRSets
Summary: Get SSL certificates by host name
Description: SSL Certificates by host name
Syntax:
RiskIQ.SSL_BY_HOST (string host)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
host |
string (DNS host name or IP address for which to retrieve certificates.) |
DNS host name or IP address for which to retrieve certificates. |
True |
Returns:
Type:SslCertWithHostPage
Summary: Get SSL certificates by serial number
Description: SSL Certificates by serial number
Syntax:
RiskIQ.SSL_BY_SERIAL (string serial)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
serial |
string (Serial number of certificates to retrieve.) |
Serial number of certificates to retrieve. |
True |
Returns:
Type:SslCertPage
Summary: Get SSL certificate by SHA1 hash
Description: SSL Certificate details by SHA-1
Syntax:
RiskIQ.SSL_BY_SHA1 (string sha1)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
sha1 |
string (SHA1 hash of certificate to retrieve.) |
SHA1 hash of certificate to retrieve. |
True |
Returns:
Type:SslCert
Summary: Get hosts by certificate
Description: Hosts by SSL Certificate SHA-1
Syntax:
RiskIQ.HOSTS_BY_SSL_SHA1 (string certSha1)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
certSha1 |
string (SHA1 hash of certificate for which to retrieve associated hosts.) |
SHA1 hash of certificate for which to retrieve associated hosts. |
True |
Returns:
Type:SslCertHostPage
Summary: Get SSL certificates by name
Description: SSL Certificates by name
Syntax:
RiskIQ.SSL_BY_NAME (string name)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
name |
string (Name of certificates to retrieve..) |
Name of certificates to retrieve, including formal subject alternative and common names and other colloquial names. |
True |
Returns:
Type:SslCertPage
Summary: Get WHOIS records associated with an address
Description: WHOIS record by IP address
Syntax:
RiskIQ.WHOIS_IP (string address, [Optional]string exact, [Optional]string maxResults)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
address |
string (The address you wish to search for.) |
The address you wish to search for. |
True |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
|
maxResults |
string (Maximum number of results to return.) |
Maximum number of results to return. Defaults to 1000 and maximum value is 10000. |
False |
Returns:
Type:WhoisResult
Summary: Get the current WHOIS for a domain
Description: WHOIS record by domain
Syntax:
RiskIQ.WHOIS_DOMAIN (string domain, [Optional]string exact, [Optional]string maxResults)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
domain |
string (The domain or IP Address you wish to search for.) |
The domain or IP Address you wish to search for. |
True |
|
exact |
string (Search for an exact match. Valid values are true and false.) |
Search for an exact match. Valid values are true and false. |
False |
|
maxResults |
string (Maximum number of results to return.) |
Maximum number of results to return. Defaults to 1000 and maximum value is 10000. |
False |
Returns:
Type:WhoisResult
Summary: Get WHOIS records associated with an email address
Description: WHOIS records by email address
Syntax:
RiskIQ.WHOIS_BY_EMAIL (string email, [Optional]string exact, [Optional]string maxResults)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
|
string (The email address you wish to search for.) |
The email address you wish to search for. |
True |
|
exact |
string (Search for an exact match. Valid values are true and false.) |
Search for an exact match. Valid values are true and false. |
False |
|
maxResults |
string (Maximum number of results to return.) |
Maximum number of results to return. Defaults to 1000 and maximum value is 10000. |
False |
Returns:
Type:WhoisResult
Summary: Get WHOIS records associated with a name
Description: WHOIS records by name
Syntax:
RiskIQ.WHOIS_BY_NAME (string name, [Optional]string exact, [Optional]string maxResults)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
name |
string (The name you wish to search for.) |
The name you wish to search for. |
True |
|
exact |
string (Search for an exact match. Valid values are true and false.) |
Search for an exact match. Valid values are true and false. |
False |
|
maxResults |
string (Maximum number of results to return.) |
Maximum number of results to return. Defaults to 1000 and maximum value is 10000. |
False |
Returns:
Type:WhoisResult
Summary: Get WHOIS records associated with a name server
Description: WHOIS records by name server
Syntax:
RiskIQ.WHOIS_BY_NAMESERVER (string nameserver, [Optional]string exact, [Optional]string maxResults)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
nameserver |
string (The name server you wish to search for.) |
The name server you wish to search for. |
True |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
|
maxResults |
string (Maximum number of results to return.) |
Maximum number of results to return. Defaults to 1000 and maximum value is 10000. |
False |
Returns:
Type:WhoisResult
Summary: Get WHOIS records associated with an organization
Description: WHOIS records by organization
Syntax:
RiskIQ.WHOIS_BY_ORGANIZATION (string org, [Optional]string exact, [Optional]string maxResults)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
org |
string (The organization you wish to search for.) |
The organization you wish to search for. |
True |
|
exact |
string (Search for an exact matrch.) |
Search for an exact match. Valid values are true and false. |
False |
|
maxResults |
string (Maximum number of results to return.) |
Maximum number of results to return. Defaults to 1000 and maximum value is 10000. |
False |
Returns:
Type:WhoisResult
Summary: Get WHOIS records associated with a phone number
Description: WHOIS records by phone number
Syntax:
RiskIQ.WHOIS_BY_PHONE (string phone, [Optional]string exact, [Optional]string maxResults)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
phone |
string (The phone number you wish to search for.) |
The phone number you wish to search for. |
True |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
|
maxResults |
string (Maximum number of results to return.) |
Maximum number of results to return. Defaults to 1000 and maximum value is 10000. |
False |
Returns:
Type:WhoisResult
Summary: Get trackers for a host
Description: Trackers for a host
Syntax:
RiskIQ.TRACKERS_HOST (string host, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
host |
string (Hostname you want to search for.) |
Hostname you want to search for |
True |
|
size |
integer(int32) (Maximum number of results to return.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostAttributeResult
Summary: Get trackers for a domain
Description: Trackers for a domain
Syntax:
RiskIQ.TRACKERS_DOMAIN (string domain, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
domain |
string (Domain you want to search for.) |
Domain you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostAttributeResult
Summary: Get trackers for a IPv4 address
Description: Trackers for an IP address
Syntax:
RiskIQ.TRACKERS_IP (string address, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
address |
string (IPv4 address you want to search for.) |
IPv4 address you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostAttributeResult
Summary: Get children host pairs of host
Description: Children Host Pairs by host
Syntax:
RiskIQ.HOST_PAIRS_CHILD (string host, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
host |
string (Hostname you want to search for.) |
Hostname you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostPairsResult
Summary: Get parent host pairs of host
Description: Parent Host Pairs by host
Syntax:
RiskIQ.HOST_PAIRS_PARENT (string host, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
host |
string (Hostname you want to search for.) |
Hostname you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostPairsResult
Summary: Get the web components for a host
Description: Web Components by host
Syntax:
RiskIQ.WEB_COMPONENT_HOST (string host, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
host |
string (Hostname you want to search for.) |
Hostname you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostComponentsResult
Summary: Get the web components for a domain
Description: Web Components by domain
Syntax:
RiskIQ.WEB_COMPONENTS_DOMAIN (string domain, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
domain |
string (Domain you want to search for.) |
Domain you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostComponentsResult
Summary: Get the web components for a IPv4 address
Description: Web Components by IP address
Syntax:
RiskIQ.WEB_COMPONENTS_IP (string address, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
address |
string (IPv4 address you want to search for.) |
IPv4 address you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostComponentsResult
Summary: Get cookies associated with host
Description: Cookies by host
Syntax:
RiskIQ.COOKIES_HOST (string host, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
host |
string (Hostname you want to search for.) |
Hostname you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostCookieResult
Summary: Get cookies associated with IPv4 address
Description: Cookies by IP address
Syntax:
RiskIQ.COOKIES_IP (string address, [Optional]integer size, [Optional]integer page, [Optional]integer before, [Optional]integer after, [Optional]integer beforeDay, [Optional]integer afterDay, [Optional]string exact)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
address |
string (IPv4 address you want to search for.) |
IPv4 you want to search for |
True |
|
size |
integer(int32) (Maximum number of results.) |
Maximum number of results to return per page. |
False |
|
page |
integer(int32) (Page number.) |
Page number. |
False |
|
before |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. |
False |
|
after |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. |
False |
|
beforeDay |
integer(int64) (Filter for records last seen before date.) |
Filter for records last seen before this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
afterDay |
integer(int64) (Filter for records last seen after date.) |
Filter for records first seen after this date in MILLISECONDS. Granularity of this filter is DAYS. |
False |
|
exact |
string (Search for an exact match.) |
Search for an exact match. Valid values are true and false. |
False |
Returns:
Type:HostCookieResult
Summary: Get enriched information by host
Description: Enrichment by host
Syntax:
RiskIQ.ENRICHMENT_HOST (string host, [Optional]boolean whois, [Optional]boolean hostDetails, [Optional]boolean ipDetails, [Optional]boolean linkedAssetCounts, [Optional]boolean recentPDNS, [Optional]boolean subDomainPDNS, [Optional]boolean openPorts, [Optional]boolean certificates)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
host |
string (Query you want to search for.) |
Host domain or URL you want to search for |
True |
|
whois |
boolean (Include WHOIS information.) |
Include who is information. |
False |
|
hostDetails |
boolean (Include host details information.) |
Include host details. |
False |
|
ipDetails |
boolean (Include IP details information.) |
Include IP details. |
False |
|
linkedAssetCounts |
boolean (Include linked asset count information.) |
Include linked asset counts. |
False |
|
recentPDNS |
boolean (Include PDNS lookup information.) |
Include recent PDNS lookups. |
False |
|
subDomainPDNS |
boolean (Include subdomain information.) |
Include subdomain PDNS lookups. |
False |
|
openPorts |
boolean (Include open ports information.) |
Include Open ports. |
False |
|
certificates |
boolean (Include certificates information.) |
Include certificates. |
False |
Returns:
Type:EnrichResponse
Summary: Get enriched information by IPv4
Description: Enrichment by IP address
Syntax:
RiskIQ.ENRICHMENT_IP (string ip, [Optional]boolean whois, [Optional]boolean hostDetails, [Optional]boolean linkedAssetCounts, [Optional]boolean openPorts, [Optional]boolean certificates)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
ip |
string (Query you want to search for.) |
IPv4 address you want to search for |
True |
|
whois |
boolean (Include WHOIS information.) |
Include whois information. |
False |
|
hostDetails |
boolean (Include host details information.) |
Include host details. |
False |
|
linkedAssetCounts |
boolean (Include linked asset count information.) |
Include linked asset counts. |
False |
|
openPorts |
boolean (Include open ports information.) |
Include open ports. |
False |
|
certificates |
boolean (Include certificates information.) |
Include certificates. |
False |
Returns:
Type:EnrichResponse
Summary:
Description:
Properties:
Name |
Type |
Summary |
type |
string
|
|
name |
string
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
firstSeen |
integer(int64)
|
|
lastSeen |
integer(int64)
|
|
count |
integer(int32)
|
|
id |
string
|
|
hostname |
string
|
|
domain |
string
|
|
attributeValue |
string
|
|
attributeType |
string
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (string)
|
|
last |
boolean
|
|
totalElements |
integer(int32)
|
|
totalPages |
integer(int32)
|
|
size |
integer(int32)
|
|
sort |
|
|
numberOfElements |
integer(int32)
|
|
first |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
sorted |
boolean
|
|
unsorted |
boolean
|
|
empty |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (HostAttributeContentResult)
|
|
facetResultPages |
array of (string)
|
|
facetQueryResult |
|
|
highlighted |
array of (string)
|
|
maxScore |
number(float)
|
|
facetFields |
array of (string)
|
|
facetPivotFields |
array of (string)
|
|
totalElements |
integer(int32)
|
|
totalPages |
integer(int32)
|
|
last |
boolean
|
|
size |
integer(int32)
|
|
number |
integer(int32)
|
|
sort |
|
|
numberOfElements |
integer(int32)
|
|
first |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
sorted |
boolean
|
|
unsorted |
boolean
|
|
empty |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
firstSeen |
integer(int64)
|
|
lastSeen |
integer(int64)
|
|
count |
integer(int32)
|
|
id |
string
|
|
hostname |
string
|
|
domain |
string
|
|
cookieDomain |
string
|
|
cookieName |
string
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
firstSeen |
integer(int64)
|
|
lastSeen |
integer(int64)
|
|
count |
integer(int32)
|
|
id |
string
|
|
hostname |
string
|
|
domain |
string
|
|
webComponentVersion |
string
|
|
webComponentName |
string
|
|
webComponentCategory |
string
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (HostComponentContentResult)
|
|
facetResultPages |
array of (string)
|
|
facetQueryResult |
|
|
highlighted |
array of (string)
|
|
maxScore |
number(float)
|
|
facetFields |
array of (string)
|
|
facetPivotFields |
array of (string)
|
|
totalElements |
integer(int32)
|
|
totalPages |
integer(int32)
|
|
last |
boolean
|
|
size |
integer(int32)
|
|
number |
integer(int32)
|
|
sort |
|
|
numberOfElements |
integer(int32)
|
|
first |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
sorted |
boolean
|
|
unsorted |
boolean
|
|
empty |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (HostCacheContentResult)
|
|
facetResultPages |
array of (string)
|
|
facetQueryResult |
|
|
highlighted |
array of (string)
|
|
maxScore |
number(float)
|
|
facetFields |
array of (string)
|
|
facetPivotFields |
array of (string)
|
|
totalElements |
integer(int32)
|
|
totalPages |
integer(int32)
|
|
last |
boolean
|
|
size |
integer(int32)
|
|
number |
integer(int32)
|
|
sort |
|
|
numberOfElements |
integer(int32)
|
|
first |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
sorted |
boolean
|
|
unsorted |
boolean
|
|
empty |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
firstSeen |
integer(int64)
|
|
lastSeen |
integer(int64)
|
|
count |
integer(int32)
|
|
id |
string
|
|
cause |
string
|
|
childCount |
integer(int32)
|
|
childHostname |
string
|
|
childScore |
number(float)
|
|
pairScore |
number(float)
|
|
parentCount |
integer(int32)
|
|
parentHostname |
string
|
|
parentScore |
number(float)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (HostPairsContentResult)
|
|
facetResultPages |
array of (string)
|
|
facetQueryResult |
|
|
highlighted |
array of (string)
|
|
maxScore |
number(float)
|
|
facetFields |
array of (string)
|
|
facetPivotFields |
array of (string)
|
|
totalElements |
integer(int32)
|
|
totalPages |
integer(int32)
|
|
last |
boolean
|
|
size |
integer(int32)
|
|
number |
integer(int32)
|
|
sort |
|
|
numberOfElements |
integer(int32)
|
|
first |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
sorted |
boolean
|
|
unsorted |
boolean
|
|
empty |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
count |
integer(int32)
|
|
firstSeen |
string
|
|
lastSeen |
string
|
|
name |
string
|
|
data |
array of (string)
|
|
rrtype |
string
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
recordCount |
integer(int32)
|
|
records |
array of (RRSet)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
count |
integer(int32)
|
|
firstSeen |
integer(int32)
|
|
id |
string
|
|
issuer |
array of (CertTypedName)
|
|
issuerAlternativeNames |
array of (CertTypedName)
|
|
issuerID |
string
|
|
lastSeen |
integer(int32)
|
|
notAfter |
integer(int32)
|
|
notBefore |
integer(int32)
|
|
publicKeyAlgorithm |
string
|
|
serialNumber |
string
|
|
sha1 |
string
|
|
signatureAlgorithm |
string
|
|
signatureAlgorithmOid |
string
|
|
subject |
array of (CertTypedName)
|
|
subjectAlternativeNames |
array of (CertTypedName)
|
|
subjectID |
string
|
|
version |
integer(int32)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
count |
integer(int32)
|
|
firstSeen |
integer(int32)
|
|
host |
string
|
|
lastSeen |
integer(int32)
|
|
port |
integer(int32)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (SslCertHost)
|
|
first |
boolean
|
|
last |
boolean
|
|
number |
integer(int32)
|
|
numberOfElements |
integer(int32)
|
|
size |
integer(int32)
|
|
sort |
|
|
totalElements |
integer(int32)
|
|
totalPages |
integer(int32)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
sorted |
boolean
|
|
unsorted |
boolean
|
|
empty |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (SslCert)
|
|
first |
boolean
|
|
last |
boolean
|
|
number |
integer(int32)
|
|
numberOfElements |
integer(int32)
|
|
size |
integer(int32)
|
|
sort |
|
|
totalElements |
integer(int32)
|
|
totalPages |
integer(int32)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
sorted |
boolean
|
|
unsorted |
boolean
|
|
empty |
boolean
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
content |
array of (ContentItem)
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
firstSeen |
integer(int32)
|
|
lastSeen |
integer(int32)
|
|
count |
integer(int32)
|
|
id |
string
|
|
address |
string
|
|
asn |
string
|
|
bgpPrefix |
string
|
|
port |
integer(int32)
|
|
sha1 |
string
|
|
cert |
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
domain |
string
|
|
|
string
|
|
name |
string
|
|
organization |
string
|
|
street |
string
|
|
city |
string
|
|
state |
string
|
|
postalCode |
string
|
|
country |
string
|
|
telephone |
string
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
domain |
string
|
|
registrar |
string
|
|
whoisServer |
string
|
|
registered |
string
|
|
registryUpdatedAt |
string
|
|
expiresAt |
string
|
|
contactEmail |
string
|
|
nameServers |
array of (string)
|
|
registrant |
|
|
admin |
|
|
billing |
|
|
tech |
|
|
zone |
|
|
text |
string
|
|
lastLoadedAt |
string
|
|
Summary:
Description:
Properties:
Name |
Type |
Summary |
results |
integer(int32)
|
|
domains |
array of (WhoisDomain)
|
|