Our REST API allows you to submit an IPv4 address and retrieve all available context we have about it but not only, you can submit a search query to retrieve more hosts.
| Field | Type | Explanation |
|---|---|---|
| hostname | keyword | Reverse DNS of the host |
| organization | keyword | ASN organization name |
| asn | integer | ASN organization number |
| ip | ip | Host we observed on our sensors |
| scan.type | keyword | Type of scan (.e.g. web_scan, port_scan) |
| scan.port | integer | Port scanned |
| scan.protocol | keyword | TCP or UDP |
| scan.category | keyword | Category of a given scan (.e.g. env crawler in web_scan context) |
| bruteforce.service | keyword | Service bruteforced (.e.g. RDP) |
| bruteforce.product | keyword | Product bruteforced (.e.g. GlobalProtect) |
| friendly | boolean | Host belonging with a hostname recognized from a friendly service |
| ja3 | keyword | JA3 fingerprint for TLS connections |
| ja4_tls | keyword | JA4 fingerprint for TLS connections |
| ja4_tcp | keyword | JA4 fingerprint for TCP connections |
| ja4_http | keyword | JA4 fingerprint for HTTP connections |
| ja4_ssh | keyword | JA4 fingerprint for SSH connections |
| hassh.hassh_id | keyword | HASSH identifier |
| hassh.hassh_name | keyword | HASSH name |
| location.country_code | keyword | Country code |
| location.country_name | keyword | Country name |
| location.physical_country_name | keyword | Physical country name |
| location.physical_country_code | keyword | Physical country code |
| location.physical_continent_name | keyword | Physical continent name |
| location.continent_code | keyword | Continent code |
| location.continent_name | keyword | Continent name |
| bruteforce.port | integer | Port bruteforced |
| bruteforce.service | keyword | Service bruteforced |
| exploitation.cve | keyword | CVE identifier exploited |
| exploitation.product | keyword | Product exploited |