TheDocumentation Index
Fetch the complete documentation index at: https://docs.pulsedive.com/llms.txt
Use this file to discover all available pages before exploring further.
threat endpoint lets you retrieve threat information, view and summarize linked indicators, and understand how individual observables connect to broader malicious activity.
What Threats Represent
Threats represent higher-level entities such as malware families, adversary groups, or campaigns. They provide context that ties indicators together and describes the activity they support. Threats may include:- Names, aliases, and descriptive details
- Risk and classification information
- Relationships to indicators and feeds
Retrieving a Threat
Retrieve threats by their ID or by their name, including common aliases. Both methods return the same threat information, making it easy to pivot from known threat names or from programmatic lookups. Retrieving a threat focuses on its descriptive and contextual data. Indicators associated with the threat can be retrieved separately.Getting Linked Indicators
Retrieve the full list of indicators associated with a threat to analyze the underlying observables. Linked indicators help you:- Explore infrastructure and campaigns
- Connect tactical indicators to strategic context
- Investigate relationships between different data sources
Getting Indicator Summaries
Threats often link to many indicators. Summary views make it possible to quickly understand the scope of a threat by providing aggregated counts or distributions of linked indicators. These summaries can help you:- Gauge the breadth of activity related to a threat
- Prioritize investigation
- Identify spikes or concentrations in indicator activity