Get Account
Read current account metadata and settings.
Curl Example
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account
Response
{
"username": "sim.gretina@example.org",
"firstName": "Sim",
"lastName": "Gretina",
"fullName": "Sim Gretina",
"organization": "gretina_org"
"firstActive": "2016-12-02",
"lastActive": "2017-04-10",
"verified": "True",
"suppliedOrganization": "gretina_org",
"jobRole": "Other",
"enterpriseUser": "True",
"country": "united_states",
"phoneNumber": "555 415 4155",
"stateOrRegion": "california",
"accountStatus": "enterprise",
"user_id": "80f5a4f51a303ab4461731a67cde18e552b9d76961467f2a98a0f6974",
"user_hash": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714",
"event_code": null,
"approvedSources": "alienvault, crawl, emerging_threats, farsight",
"projectPrivateQuotaExceeded": false,
"searchWebQuotaExceeded": false,
"searchApiQuotaExceeded": false,
"projectPublicQuotaExceeded": false,
"admin": false,
"ssoIntegrationId": null,
"ssoAuthPartnerId": null,
"ssoSuccess": true,
"features": {
"two_factor_enabled": true,
"analyst_insights": false,
"analyst_projects": false,
"async_heatmap": true,
"tab_update": true,
"exposed_services": false,
"data_table_improvement": true,
"project_selector_v2": true,
"whois_history": false,
"server_side_facets": true,
"projects_tabs": true,
"projects_share": true,
"data_table_paginated": true
},
"guest": false,
"roles": [
"user"
],
"monitorFrequency": "weekly",
"workspaceId": null,
"permissions": []
}
Get History
Read API usage history of the account.
Curl Example
# Retrieve account history
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history
# filter by source
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history?source=api
# filter by focus
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history?focus=riskiq.com
# filter by dt
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/history?dt=2020-04-27
Response
{
"history": [
{
"focus": "example.org",
"dt": "2017-03-06 17:12:16",
"context": "",
"guid": null,
"username": "sim.gretina@example.org",
"source": "api",
"type": "search"
},
{
"focus": "simgretina.example.org",
"dt": "2017-03-06 17:38:41",
"context": "",
"guid": null,
"username": "sim.gretina@example.org",
"source": "api",
"type": "search"
}
]
}
Get Monitors
Get active monitors
Curl Example
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/monitors
Response
{
"monitors": [
{
"tags": [
"caravan",
"registered"
],
"focus": "example.org"
},
{
"tags": [
"google",
"routable",
"dns"
],
"focus": "8.8.8.8"
}
]
}
Get Organization
Read current organization metadata
Curl Example
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/organization
Response
{
"licenses": {
"enterprise": 150
},
"licensedMembers": {
"enterprise": [
"sim.gretina@example.org",
"jamie.berry@example.org",
"caravan.palace@example.org"
]
}
"searchQuota": 9999,
"watchQuota": 368,
"active": true,
"id": "gretina_org",
"registered": "2015-09-21 19:43:49",
"status": "enterprise",
"name": "gretina_org",
"acceptableDomains": [
"example.org"
],
"inactiveMembers": [],
"admins": [
"sim.gretina@example.org"
],
"lastActive": "2016-11-21 17:31:38",
"seats": null,
"features": null,
"showTeamSearchHistory": null,
"defaultDomains": null,
"disabledMembers": null,
"usersNotSignedUpYet": null,
"hasFalconCreds": false,
"sources": null
}
Get Quotas
Read current account and organization quotas.
Curl Example
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/quota
Response
{
"organization": {
"counts": {
"basic_monitors": 0,
"keyword_monitors": 0,
"projects_private": 0,
"projects_public": 0
},
"licenseCounts": {
"enterprise": {
"searchApi": 0,
"searchWeb": 0
}
},
"freebies": {
"search_api": 0,
"search_web": 0
},
"guid": "00000000-0000-0000-0000-000000000000",
"last_reset": "0000-00-00 00:00:00",
"limits": {
"basic_monitors": 100,
"monitor_results": 1,
"projects_private": 1,
"monitor_frequency": "weekly",
"keyword_monitors": 1,
"projects_public": 1000,
"create_crawls": 0,
"crawl_submissions": 0
},
"licenseLimits": {
"enterprise": {
"searchApi": 15,
"searchWeb": 200
}
},
"next_reset": "0000-00-00 00:00:00",
"organization": "riskiq",
"owner": "riskiq",
"profile": {
"analysis": "free",
"workflow": "free"
},
"username": null
},
"user": {
"counts": {
"basic_monitors": 0,
"keyword_monitors": 0,
"projects_private": 0,
"projects_public": 0
},
"licenseCounts": {
"searchApi": 0,
"searchWeb": 0
},
"freebies": {
"search_api": 0,
"search_web": 0
},
"guid": "00000000-0000-0000-0000-000000000000",
"last_reset": "0000-00-00 00:00:00",
"limits": {
"basic_monitors": 100,
"monitor_results": 1,
"projects_private": 1,
"monitor_frequency": "weekly",
"keyword_monitors": 1,
"projects_public": 1000,
"create_crawls": 0,
"crawl_submissions": 0
},
"licenseLimits": {
"searchApi": 15,
"searchWeb": 200
},
"next_reset": "0000-00-00 00:00:00",
"organization": "riskiq",
"owner": "username@example.com",
"profile": {
"analysis": "small",
"workflow": "small"
},
"quotas": {
"account_type": "enterprise"
},
"username": "username@example.com"
}
}
Get Sources
Check sources being used for queries.
Curl Example
# get all sources $ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/sources # get virustotal source as url parameter $ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/sources?source=virustotal
Response
{
"sources": [
{
"authRequired": false,
"authMethod": {
"apiKey": ""
},
"active": true,
"website": "https://www.alienvault.com",
"auth": true,
"description": "Alienvault provides free access to their passive DNS and OTX platform for registered users.",
"source": "alienvault",
"label": "Alienvault",
"configuration": {},
"controllable": true,
"type": [
"pdns"
],
"access": [
"free",
"commercial"
],
"org_configuration": null
},
...
{
"authRequired": false,
"authMethod": {
"apiKey": ""
},
"active": true,
"website": "https://www.virustotal.com/",
"auth": true,
"description": "",
"source": "virustotal",
"label": "Virustotal",
"configuration": {},
"controllable": true,
"type": [
"pdns"
],
"access": [
"free",
"commercial"
],
"org_configuration": null
}
]
}
Get Teamstream
Read team activity.
Curl Example
# Retrieve all history (might take a while) $ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/organization/teamstream # filter by focus $ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/organization/teamstream?focus=example.org
Response
{
"teamstream": [
{
"focus": "example.org",
"dt": "2016-08-24 18:40:06",
"context": 3075,
"guid": null,
"username": "caravan.palace@example.org",
"additional": {},
"source": "web",
"type": "search"
},
...
{
"focus": "electro.example.org",
"dt": "2016-08-24 18:40:06",
"context": 3075,
"guid": null,
"username": "jamie.berry@example.org",
"additional": {},
"source": "web",
"type": "search"
}
]
}
Get items with the specified classification
Retrieve items with the specified classification.
Curl Example
# Retrieve all classification
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/classifications
# filter by classification
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/account/classifications?classification=malicious
Response
{
"malicious": [],
"non_malicious": [
"109.230.11.40"
],
"suspicious": []
}