Receiving Signals
20 March 2025
All Reported Signals
All signals made available to you from reported threat feeds on the GSE
Request Attributes
Either attributes (one must be supplied)
- Name
idFrom
- Type
- integer
- Description
- Return signals starting from the supplied value (max 30 days ago)
Results will be sorted ascending by id
- Name
reportDateFrom
- Type
- datetime
- Description
- Return signals with a report date starting from the supplied value (max 30 days ago)
Results will be sorted ascending by report date.
Optional attributes
- Name
abuseType
- Type
- string
- Description
- Filter the results to the supplied abuse types (comma separated) from the following list
e.g. phishing,malware
- Name
signalType
- Type
- string
- Description
- Filter the results to the supplied signal types (comma separated) from the following list
e.g. url,hostname
- Name
source
- Type
- string
- Description
- A valid source key referring to one of the sources activated in your account.
e.g. urlhaus,cda
- Name
status
- Type
- string
- Description
- Filter the results to the supplied statuses (comma seperated) from the following list
e.g. new,feedback_mitigation
- Name
predictive
- Type
- boolean
- Description
- Filter the results to either predictive / non-predictive results only
Either 1 or 0
- Name
limit
- Type
- integer
- Description
- Limit the number of results to the supplied number
Defaults to 50. Max 10000
- Name
offset
- Type
- integer
- Description
- Offset the results by the supplied number
Defaults to 0
Response Attributes
- Name
id
- Type
- number
- Description
- Unique identifier for the record.
- Name
signal
- Type
- string
- Description
- The suspicious URL or signal
(e.g., a phishing URL)
- Name
source
- Type
- string
- Description
- Source that reported the signal
(e.g., a threat intel provider)
- Name
signal_type
- Type
- string
- Description
- Type of signal
Type of signal (url, ip, domain, etc.)
- Name
abuse_type
- Type
- string
- Description
- Type of malicious activity.
eg. phishing, malware.
- Name
report_date
- Type
- string (datetime)
- Description
- Date and time the threat was first reported
format: YYYY-MM-DD HH:MM:SS
- Name
import_date
- Type
- string (datetime)
- Description
- Date and time the signal was imported into the system.
format: YYYY-MM-DD HH:MM:SS.
- Name
predictive
- Type
- number (boolean)
- Description
- Whether the signal was generated by predictive analysis. "1" = true ,"0" = false
- Name
confidence_score
- Type
- number
- Description
- Confidence level of the threat detection. This is supplied by the feed provider to further qualify the confidence of signal.
e.g. 95
- Name
status
- Type
- string
- Description
- Current status of the signal
e.g. new, feedback_mitigation
- Name
status_desc
- Type
- string
- Description
- Additional information about the status; can be an empty string.
Request
GET · /all
curl -G https://signals.gse.live/feed/all \
-H "API-KEY: YOUR-API-KEY-HERE" \
-H "API-SECRET: YOUR-API-SECRET-HERE" \ \
-d "idFrom=[[value]]" \
-d "reportDateFrom=[[value]]" \
-d "abuseType=[[value]]" \
-d "signalType=[[value]]" \
-d "source=[[value]]" \
-d "status=[[value]]" \
-d "predictive=[[value]]" \
-d "limit=[[value]]" \
-d "offset=[[value]]" \
Response
[
{
"id": "100",
"signal": "https://somesignal.com",
"source": "Phishing Provider",
"signal_type": "url",
"abuse_type": "phishing",
"report_date": "2020-01-23 14:24:06",
"import_date": "2024-11-26 15:27:02",
"predictive": "1",
"confidence_score": "95",
"status": "new",
"status_desc": "null"
},
// ...
]
Signal Log
All signal entries received for a given signal, ordered by id
Request Attributes
Required attributes
- Name
signal
- Type
- string
- Description
- The signal for which the log is to be generated.
e.g. mydomain.com, https://helloworld.com
Response Attributes
- Name
id
- Type
- number
- Description
- Unique identifier for the record.
- Name
signal
- Type
- string
- Description
- The suspicious URL or signal
(e.g., a phishing URL)
- Name
source
- Type
- string
- Description
- Source that reported the signal
(e.g., a threat intel provider)
- Name
signal_type
- Type
- string
- Description
- Type of Signal
Type of signal (url, ip, domain, etc.)
- Name
abuse_type
- Type
- string
- Description
- Type of malicious activity.
eg. phishing, malware.
- Name
report_date
- Type
- string
- Description
- Date and time the threat was first reported
format: YYYY-MM-DD HH:MM:SS
- Name
import_date
- Type
- string
- Description
- Date and time the signal was imported into the system.
format: YYYY-MM-DD HH:MM:SS.
- Name
predictive
- Type
- string
- Description
- Whether the signal was generated by predictive analysis. "1" = true ,"0" = false
- Name
confidence_score
- Type
- string
- Description
- Confidence level of the threat detection. This is supplied by the feed provider to further qualify the confidence of signal.
e.g. 95
- Name
status
- Type
- string
- Description
- Current status of the signal
- Name
status_desc
- Type
- string
- Description
- Additional information about the status; can be an empty string.
Request
GET · /log
curl -G https://signals.gse.live/feed/log \
-H "API-KEY: YOUR-API-KEY-HERE" \
-H "API-SECRET: YOUR-API-SECRET-HERE" \ \
-d "signal=[[value]]" \
Response
[
{
"id": "200",
" signal": "https://somesignal.com",
"source": "Phishing Provider",
"signal_type": "url",
"abuse_type": "phishing",
"report_date": "2020-01-23 14:24:06",
"import_date": "2024-11-26 15:27:02",
"predictive": "1",
"confidence_score": "95",
"status": "new",
"status_desc": "null"
},
// ...
]