Receiving Signals

20 March 2025

    GET https://signals.gse.live/feed /all

    All Reported Signals

    All signals made available to you from reported threat feeds on the GSE

    Request Attributes

    Either attributes (one must be supplied)

    • Name
      idFrom
      Type
      integer
      Description
      Return signals starting from the supplied value (max 30 days ago)

      Results will be sorted ascending by id

    • Name
      reportDateFrom
      Type
      datetime
      Description
      Return signals with a report date starting from the supplied value (max 30 days ago)

      Results will be sorted ascending by report date.

    Optional attributes

    • Name
      abuseType
      Type
      string
      Description
      Filter the results to the supplied abuse types (comma separated) from the following list

      e.g. phishing,malware

      Loading options....
    • Name
      signalType
      Type
      string
      Description
      Filter the results to the supplied signal types (comma separated) from the following list

      e.g. url,hostname

      Loading options....
    • Name
      source
      Type
      string
      Description
      A valid source key referring to one of the sources activated in your account.

      e.g. urlhaus,cda

      Loading options....
    • Name
      status
      Type
      string
      Description
      Filter the results to the supplied statuses (comma seperated) from the following list

      e.g. new,feedback_mitigation

      Loading options....
    • Name
      predictive
      Type
      boolean
      Description
      Filter the results to either predictive / non-predictive results only

      Either 1 or 0

    • Name
      limit
      Type
      integer
      Description
      Limit the number of results to the supplied number

      Defaults to 50. Max 10000

    • Name
      offset
      Type
      integer
      Description
      Offset the results by the supplied number

      Defaults to 0

    Response Attributes

    • Name
      id
      Type
      number
      Description
      Unique identifier for the record.
    • Name
      signal
      Type
      string
      Description
      The suspicious URL or signal

      (e.g., a phishing URL)

    • Name
      source
      Type
      string
      Description
      Source that reported the signal

      (e.g., a threat intel provider)

    • Name
      signal_type
      Type
      string
      Description
      Type of signal

      Type of signal (url, ip, domain, etc.)

      Loading options....
    • Name
      abuse_type
      Type
      string
      Description
      Type of malicious activity.

      eg. phishing, malware.

      Loading options....
    • Name
      report_date
      Type
      string (datetime)
      Description
      Date and time the threat was first reported

      format: YYYY-MM-DD HH:MM:SS

    • Name
      import_date
      Type
      string (datetime)
      Description
      Date and time the signal was imported into the system.

      format: YYYY-MM-DD HH:MM:SS.

    • Name
      predictive
      Type
      number (boolean)
      Description
      Whether the signal was generated by predictive analysis. "1" = true ,"0" = false
    • Name
      confidence_score
      Type
      number
      Description
      Confidence level of the threat detection. This is supplied by the feed provider to further qualify the confidence of signal.

      e.g. 95

    • Name
      status
      Type
      string
      Description
      Current status of the signal

      e.g. new, feedback_mitigation

      Loading options....
    • Name
      extra_data
      Type
      object
      Description
      An optional extra data field to further qualify the signal according to it's status: <br><br> For signals with a status of new if supplied, this will be a vendor specific object containing additional data to further qualify the signal <br><br> For signals with a status of feedback this will be a copy of the feedback report received for the signal <br><br> For signals with a status of detected_mitigation this will contain information about which mitigation type was detected.

    Request

    GET · /all

curl -G https://signals.gse.live/feed/all \
-H "API-KEY: YOUR-API-KEY-HERE" \
-H "API-SECRET: YOUR-API-SECRET-HERE" \ \
-d "idFrom=[[value]]" \
-d "reportDateFrom=[[value]]" \
-d "abuseType=[[value]]" \
-d "signalType=[[value]]" \
-d "source=[[value]]" \
-d "status=[[value]]" \
-d "predictive=[[value]]" \
-d "limit=[[value]]" \
-d "offset=[[value]]" \

    Response

    [
  {
    "id": "100",
    "signal": "https://somesignal.com",
    "source": "Phishing Provider",
    "signal_type": "url",
    "abuse_type": "phishing",
    "report_date": "2020-01-23 14:24:06",
    "import_date": "2024-11-26 15:27:02",
    "predictive": "1",
    "confidence_score": "95",
    "status": "new",
    "extra_data": "{"category": "internal", "collection_method": "form_submission"}"
  },
  // ...
]
    GEThttps://signals.gse.live/feed /log

    Signal Log

    All signal entries received for a given signal, ordered by id

    Request Attributes

    Required attributes

    • Name
      signal
      Type
      string
      Description
      The signal for which the log is to be generated.

      e.g. mydomain.com, https://helloworld.com

    Response Attributes

    • Name
      id
      Type
      number
      Description
      Unique identifier for the record.
    • Name
      signal
      Type
      string
      Description
      The suspicious URL or signal

      (e.g., a phishing URL)

    • Name
      source
      Type
      string
      Description
      Source that reported the signal

      (e.g., a threat intel provider)

    • Name
      signal_type
      Type
      string
      Description
      Type of Signal

      Type of signal (url, ip, domain, etc.)

      Loading options....
    • Name
      abuse_type
      Type
      string
      Description
      Type of malicious activity.

      eg. phishing, malware.

      Loading options....
    • Name
      report_date
      Type
      string
      Description
      Date and time the threat was first reported

      format: YYYY-MM-DD HH:MM:SS

    • Name
      import_date
      Type
      string
      Description
      Date and time the signal was imported into the system.

      format: YYYY-MM-DD HH:MM:SS.

    • Name
      predictive
      Type
      string
      Description
      Whether the signal was generated by predictive analysis. "1" = true ,"0" = false
    • Name
      confidence_score
      Type
      string
      Description
      Confidence level of the threat detection. This is supplied by the feed provider to further qualify the confidence of signal.

      e.g. 95

    • Name
      status
      Type
      string
      Description
      Current status of the signal
      Loading options....
    • Name
      extra_data
      Type
      object
      Description
      An optional extra data field to further qualify the signal according to it's status: <br><br> For signals with a status of new if supplied, this will be a vendor specific object containing additional data to further qualify the signal <br><br> For signals with a status of feedback this will be a copy of the feedback report received for the signal <br><br> For signals with a status of detected_mitigation this will contain information about which mitigation type was detected.

    Request

    GET · /log

curl -G https://signals.gse.live/feed/log \
-H "API-KEY: YOUR-API-KEY-HERE" \
-H "API-SECRET: YOUR-API-SECRET-HERE" \ \
-d "signal=[[value]]" \

    Response

    [
  {
    "id": "200",
    " signal": "https://somesignal.com",
    "source": "Phishing Provider",
    "signal_type": "url",
    "abuse_type": "phishing",
    "report_date": "2020-01-23 14:24:06",
    "import_date": "2024-11-26 15:27:02",
    "predictive": "1",
    "confidence_score": "95",
    "status": "new",
    "extra_data": "{"category": "internal", "collection_method": "form_submission"}"
  },
  // ...
]