Get Objects

{ "more": false, "objects": [ { "id": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "type": "identity", "name": "Pulsedive", "identity_class": "organization", "sectors": [ "technology" ], "contact_information": "https://pulsedive.com/", "description": "Pulsedive is an analyst-centric threat intelligence platform built with on-demand scanning for live data, risk scoring to reduce false positives, and powerful integration capabilities for leveraging Pulsedive data inside your organization.", "created": "2026-02-08T08:56:18.000Z", "modified": "2026-02-08T08:56:18.000Z", "spec_version": "2.1", "lang": "en" }, { "id": "extension-definition--c58a936d-f97f-545b-9646-434cc3382126", "type": "extension-definition", "name": "Pulsedive Indicator Extension", "description": "This schema adds Pulsedive-specific properties to Indicator objects.", "schema": "https://pulsedive.com/api/taxii", "version": "1.0.0", "extension_types": [ "toplevel-property-extension" ], "extension_properties": [ "pulsedive_risk", "pulsedive_risk_int", "pulsedive_retired", "pulsedive_retired_timestamp", "pulsedive_retired_reason" ], "created": "2026-02-08T08:56:18.000Z", "modified": "2026-02-08T08:56:18.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1" }, { "id": "indicator--606a6a6a-bec0-5fb3-9203-000077081047", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T08:39:49.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'register-polymarket.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T08:39:49.000Z", "modified": "2026-02-07T08:40:14.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--e8989e12-a49a-5614-a49c-000077081056", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T08:39:53.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'kraken-world.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T08:39:53.000Z", "modified": "2026-02-07T08:40:52.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--54783807-ff40-57e9-9f33-000077081057", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T08:39:54.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'zentral-invest.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T08:39:54.000Z", "modified": "2026-02-07T08:41:11.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--c2939ac3-4eef-5e08-90e7-000077082902", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T08:43:05.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'point-fort-fichet-courbevoie.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T08:43:05.000Z", "modified": "2026-02-07T08:43:26.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--23236d25-ed94-5bd4-a1e0-000077083237", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T09:34:25.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = '783yto.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T09:34:25.000Z", "modified": "2026-02-07T09:34:34.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--a7aa2b33-7743-5d00-9560-000077083252", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T09:34:25.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = '746ytt.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T09:34:25.000Z", "modified": "2026-02-07T09:34:34.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--fe622958-12ca-5c54-8899-000077083253", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T09:34:25.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = '5742kyx.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T09:34:25.000Z", "modified": "2026-02-07T09:34:34.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--502373cb-ce74-54c4-bb5c-000077083241", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T09:34:25.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = '9874yt.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T09:34:25.000Z", "modified": "2026-02-07T09:34:35.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--5c91c153-dd55-5ce0-8e64-000077083246", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T09:34:25.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'tba8513.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T09:34:25.000Z", "modified": "2026-02-07T09:34:35.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" }, { "id": "indicator--9b9e796a-0e68-5afe-9773-000077083236", "type": "indicator", "pulsedive_risk": "critical", "pulsedive_risk_int": 4, "pulsedive_retired": 0, "name": "Detection Pattern", "description": "Very high risk of malicious activity.", "valid_from": "2026-02-07T09:34:24.000Z", "indicator_types": [ "malicious-activity" ], "pattern": "[domain-name:value = 'greenmort.com']", "pattern_type": "stix", "extensions": { "extension-definition--c58a936d-f97f-545b-9646-434cc3382126": { "extension_type": "toplevel-property-extension" } }, "created": "2026-02-07T09:34:24.000Z", "modified": "2026-02-07T09:34:36.000Z", "created_by_ref": "identity--5c9fb347-238c-5b07-bae0-93fe6972689d", "spec_version": "2.1", "lang": "en" } ] }

Authorizations

Authorization

string

header

required

Encode your credentials in the format taxii2:<YOUR_API_KEY> using Base64 and include them in the Authorization header. An API key is required for all requests.

Some tools require a username and password separately. Use taxii2 as the username and your API key as the password. The client will automatically encode this as taxii2:<YOUR_API_KEY> and convert to Base64.

If using Try It: Use the username/password method for HTTP Basic Authorization.

Headers

string

Media type used for content negotiation. Use application/taxii+json;version=2.1 for TAXII requests.

Standard method required by the TAXII specification. Use in production environments.

Path Parameters

collectionID

string

required

ID of the collection to query. Use one of the available collection IDs.

Query Parameters

string

required

Media type used for content negotiation. Use application/taxii+json;version=2.1 for TAXII requests.

Specific to Pulsedive's implementation. Best for testing and debugging, manual API exploration, and simple curl commands. For production deployments, use HTTP Accept Header.

pretty

enum<integer>

default:0

Indicates whether to format returned JSON results.

For pretty-printed output, set to 1. For compact output, set to 0.

Available options:

0,

1

limit

integer

default:1000

Maximum number of results to return per page.

Used with Next Token pagination.

Required range: x <= 1000

string

Token that indicates the next set of results to retrieve. Should match the next token provided in the previous response.

Used with Next Token Pagination.

added_after

string<date-time>

Timestamp filter. Returns only objects added after the specified time. UTC (YYYY-MM-DDTHH:MM:SS.MMMZ) or Pulsedive (YYYY-MM-DD HH:MM:SS) format.

Used with Time-Based Pagination.

match[id]

string

Filter by specific STIX object ID(s). Supports comma-separated list for multiple IDs.

To learn more, visit Filtering.

Example:

"indicator--12345678-1234-5678-9012-123456789012"

match[spec_version]

string

Filter by STIX specification version(s). Supports comma-separated list for multiple versions.

To learn more, visit Filtering.

Example:

"2.1"

match[type]

string

Filter by STIX object type(s). Supports comma-separated list for multiple types.

For available STIX Domain Object types, see the STIX specification.

To learn more, visit Filtering.

Example:

"indicator"

match[version]

string

Filter by STIX object version(s). Supports comma-separated list for multiple versions.

Accepts keywords (first, last, all) or timestamps in STIX (YYYY-MM-DDTHH:MM:SS.MMMZ) or Pulsedive (YYYY-MM-DD HH:MM:SS) format. Pulsedive doesn't maintain object version history, so first, last, and all will return the latest object version.

To learn more, visit Filtering.

match[seen]

string<date-time>

Filter by last seen timestamp(s). Specific to Pulsedive's implementation.

Supports comma-separated list for multiple timestamps.

Accepts STIX (YYYY-MM-DDTHH:MM:SS.MMMZ) or Pulsedive (YYYY-MM-DD HH:MM:SS) timestamp format.

To learn more, visit Filtering.

match[risk]

enum<string>

Filter by risk level(s). Specific to Pulsedive's implementation.

Supports comma-separated list for multiple risk levels.

To learn more, visit Filtering.

Available options:

unknown,

none,

very low,

low,

medium,

high,

critical

match[itype]

enum<string>

Filter by indicator type(s). Specific to Pulsedive's implementation.

Supports comma-separated list for multiple types.

To learn more, visit Filtering.

Available options:

ip,

ipv6,

domain,

url

match[retired]

boolean

Filter by indicator status. Specific to Pulsedive's implementation.

For retired indicators, set to true. For active indicators, set to false.

To learn more, visit Filtering.

Response

Successful request. Returns object information in JSON format.

boolean

Indicates whether additional results are available. Use the next field to retrieve them. Used with pagination.

Example:

false

string

Pagination token for retrieving the next set of results. Only present when more is true. Used with pagination.

Example:

"2018-01-01 00:00:00|1000"

objects

(Pulsedive Indicator Extension · object | Extended STIX Indicator Properties · object)[]

Array of STIX 2.1 objects. The first two objects are always system objects, followed by query results:

identity: Identifies the Pulsedive organization. Conforms to the STIX 2.1 specification for the STIX Identity Domain Object.
extension-definition: Defines Pulsedive custom extended properties for the STIX Indicator Domain Object.
Query results: STIX objects that conform to the STIX 2.1 specification.

For indicators:
- STIX Indicator Domain Object, plus Pulsedive extended properties defined in the extension-definition object.
For threats, the appropriate object:

Pulsedive Indicator Extension
Extended STIX Indicator Properties

Show child attributes

STIX/TAXII 2.1 Export

API Roots

Collections

Objects

Authorizations

Headers

Path Parameters

Query Parameters

Response