Receiving Signals

20 March 2025

    GET https://signals.gse.live/feed /all

    All Reported Signals

    All signals made available to you from reported threat feeds on the GSE

    Request Attributes

    Either attributes (one must be supplied)

    • Name
      idFrom
      Type
      integer
      Description
      Return signals starting from the supplied value (max 30 days ago)

      Results will be sorted ascending by id


    • Name
      reportDateFrom
      Type
      datetime
      Description
      Return signals with a report date starting from the supplied value (max 30 days ago)

      Results will be sorted ascending by report date.

    Optional attributes

    • Name
      abuseType
      Type
      string
      Description
      Filter the results to the supplied abuse types (comma separated) from the following list

      e.g. phishing,malware


    • Name
      signalType
      Type
      string
      Description
      Filter the results to the supplied signal types (comma separated) from the following list

      e.g. url,hostname


    • Name
      source
      Type
      string
      Description
      A valid source key referring to one of the sources activated in your account.

      e.g. urlhaus,cda


    • Name
      status
      Type
      string
      Description
      Filter the results to the supplied statuses (comma seperated) from the following list

      e.g. new,feedback_mitigation


    • Name
      predictive
      Type
      boolean
      Description
      Filter the results to either predictive / non-predictive results only

      Either 1 or 0


    • Name
      limit
      Type
      integer
      Description
      Limit the number of results to the supplied number

      Defaults to 50. Max 10000


    • Name
      offset
      Type
      integer
      Description
      Offset the results by the supplied number

      Defaults to 0

    Response Attributes

    • Name
      id
      Type
      number
      Description
      Unique identifier for the record.

    • Name
      signal
      Type
      string
      Description
      The suspicious URL or signal

      (e.g., a phishing URL)


    • Name
      source
      Type
      string
      Description
      Source that reported the signal

      (e.g., a threat intel provider)


    • Name
      signal_type
      Type
      string
      Description
      Type of signal

      Type of signal (url, ip, domain, etc.)


    • Name
      abuse_type
      Type
      string
      Description
      Type of malicious activity.

      eg. phishing, malware.


    • Name
      report_date
      Type
      string (datetime)
      Description
      Date and time the threat was first reported

      format: YYYY-MM-DD HH:MM:SS


    • Name
      import_date
      Type
      string (datetime)
      Description
      Date and time the signal was imported into the system.

      format: YYYY-MM-DD HH:MM:SS.


    • Name
      predictive
      Type
      number (boolean)
      Description
      Whether the signal was generated by predictive analysis. "1" = true ,"0" = false

    • Name
      confidence_score
      Type
      number
      Description
      Confidence level of the threat detection. This is supplied by the feed provider to further qualify the confidence of signal.

      e.g. 95


    • Name
      status
      Type
      string
      Description
      Current status of the signal

      e.g. new, feedback_mitigation


    • Name
      status_desc
      Type
      string
      Description
      Additional information about the status; can be an empty string.

    Request

    GET · /all
    
    curl -G https://signals.gse.live/feed/all \
    -H "API-KEY: YOUR-API-KEY-HERE" \
    -H "API-SECRET: YOUR-API-SECRET-HERE" \ \
    -d "idFrom=[[value]]" \
    -d "reportDateFrom=[[value]]" \
    -d "abuseType=[[value]]" \
    -d "signalType=[[value]]" \
    -d "source=[[value]]" \
    -d "status=[[value]]" \
    -d "predictive=[[value]]" \
    -d "limit=[[value]]" \
    -d "offset=[[value]]" \

    Response

    [
      {
        "id": "100",
        "signal": "https://somesignal.com",
        "source": "Phishing Provider",
        "signal_type": "url",
        "abuse_type": "phishing",
        "report_date": "2020-01-23 14:24:06",
        "import_date": "2024-11-26 15:27:02",
        "predictive": "1",
        "confidence_score": "95",
        "status": "new",
        "status_desc": "null"
      },
      // ...
    ]

    GEThttps://signals.gse.live/feed /log

    Signal Log

    All signal entries received for a given signal, ordered by id

    Request Attributes

    Required attributes

    • Name
      signal
      Type
      string
      Description
      The signal for which the log is to be generated.

      e.g. mydomain.com, https://helloworld.com

    Response Attributes

    • Name
      id
      Type
      number
      Description
      Unique identifier for the record.

    • Name
      signal
      Type
      string
      Description
      The suspicious URL or signal

      (e.g., a phishing URL)


    • Name
      source
      Type
      string
      Description
      Source that reported the signal

      (e.g., a threat intel provider)


    • Name
      signal_type
      Type
      string
      Description
      Type of Signal

      Type of signal (url, ip, domain, etc.)


    • Name
      abuse_type
      Type
      string
      Description
      Type of malicious activity.

      eg. phishing, malware.


    • Name
      report_date
      Type
      string
      Description
      Date and time the threat was first reported

      format: YYYY-MM-DD HH:MM:SS


    • Name
      import_date
      Type
      string
      Description
      Date and time the signal was imported into the system.

      format: YYYY-MM-DD HH:MM:SS.


    • Name
      predictive
      Type
      string
      Description
      Whether the signal was generated by predictive analysis. "1" = true ,"0" = false

    • Name
      confidence_score
      Type
      string
      Description
      Confidence level of the threat detection. This is supplied by the feed provider to further qualify the confidence of signal.

      e.g. 95


    • Name
      status
      Type
      string
      Description
      Current status of the signal

    • Name
      status_desc
      Type
      string
      Description
      Additional information about the status; can be an empty string.

    Request

    GET · /log
    
    curl -G https://signals.gse.live/feed/log \
    -H "API-KEY: YOUR-API-KEY-HERE" \
    -H "API-SECRET: YOUR-API-SECRET-HERE" \ \
    -d "signal=[[value]]" \

    Response

    [
      {
        "id": "200",
        " signal": "https://somesignal.com",
        "source": "Phishing Provider",
        "signal_type": "url",
        "abuse_type": "phishing",
        "report_date": "2020-01-23 14:24:06",
        "import_date": "2024-11-26 15:27:02",
        "predictive": "1",
        "confidence_score": "95",
        "status": "new",
        "status_desc": "null"
      },
      // ...
    ]
    Receiving Signals