GET /accounts/{account_id}/cloudforce-one/events/indicators
Retrieves a paginated list of indicators across specified datasets. Use datasetIds=all or datasetIds=* to query all datasets for the account. If no datasetIds provided, uses the default dataset.
Servers
- https://api.cloudflare.com/client/v4
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
account_id |
String | Yes |
Account ID. |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
createdBefore |
String | No |
Filter indicators created on or before this date. Must use ISO 8601 format (e.g., '2024-12-31T23:59:59Z'). |
relatedEventsLimit |
Number | No |
Limit the number of related events returned per indicator. Default: 2. Set to 0 for none, -1 for all events. |
indicatorType |
String | No | |
search[] |
Array | No |
Structured search as a JSON array of {field, op, value} objects. Searchable fields: value, indicatorType. Supports operators: equals, not, contains, startsWith, endsWith, gt, lt, gte, lte, like, in, find. Use the 'in' operator with an array value to bulk-check up to 100 indicators in a single request, e.g. search=[{"field":"value","op":"in","value":["evil.com","bad.org"]}]. Multiple conditions are AND'd together. Max 10 conditions per request. |
relatedEvents[] |
Array | No |
Filter by related event IDs |
datasetIds[] |
Array | No |
Dataset IDs to query indicators from (array of UUIDs), or special value 'all' or '*' to query all datasets. If not provided, uses the default dataset. |
page |
Number | No | |
includeTags |
Boolean | No |
Whether to include full tag details for each indicator. Defaults to true. |
createdAfter |
String | No |
Filter indicators created on or after this date. Must use ISO 8601 format (e.g., '2024-01-15T00:00:00Z'). |
name |
String | No |
Filter indicators by value using substring match (LIKE). Legacy alternative to structured search. |
format |
String | No |
Output format for indicator data. 'json' returns the default format, 'stix2' returns STIX 2.1 Indicator SDOs. Valid values:
|
includeTotalCount |
Boolean | No |
Whether to compute accurate total count via COUNT(*). Defaults to false for performance. When false, total_count is an approximation. |
tags[] |
Array | No |
Filter by tag values or UUIDs. Indicators must have at least one of the specified tags (OR logic). Supports both tag UUID and tag value. |
pageSize |
Number | No |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.