> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pulsedive.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Objects

> Fetch STIX objects from a specific collection with optional filtering and pagination.




## OpenAPI

````yaml /taxii/api.yaml get /taxii2/api/collections/{collectionID}/objects
openapi: 3.0.3
info:
  title: Pulsedive TAXII API Reference
  version: 1.0.0
  description: >
    The Pulsedive TAXII endpoint lets you export indicators and threats using
    industry-standard STIX format.


    Please report any discrepancies in API behavior to <a
    href="mailto:support@pulsedive.com">Pulsedive Support</a>.
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  contact:
    email: support@pulsedive.com
servers:
  - url: https://pulsedive.com
security: []
tags:
  - name: API Roots
    description: Get API roots.
  - name: Collections
    description: >-
      Collections contain the STIX objects you can download from Pulsedive's
      TAXII server.
  - name: Objects
    description: >-
      Objects are the individual STIX entities within a collection, such as
      indicators, threat actors, malware, and other intelligence artifacts.
externalDocs:
  url: https://docs.pulsedive.com
paths:
  /taxii2/api/collections/{collectionID}/objects:
    get:
      tags:
        - Objects
      summary: Get Objects
      description: >
        Fetch STIX objects from a specific collection with optional filtering
        and pagination.
      operationId: getAllObjects
      parameters:
        - $ref: '#/components/parameters/CollectionID'
        - $ref: '#/components/parameters/AcceptHeader'
        - $ref: '#/components/parameters/AcceptQuery'
        - $ref: '#/components/parameters/Pretty'
        - $ref: '#/components/parameters/Limit'
        - $ref: '#/components/parameters/Next'
        - $ref: '#/components/parameters/AddedAfter'
        - $ref: '#/components/parameters/MatchID'
        - $ref: '#/components/parameters/MatchSpecVersion'
        - $ref: '#/components/parameters/MatchType'
        - $ref: '#/components/parameters/MatchVersion'
        - $ref: '#/components/parameters/MatchSeen'
        - $ref: '#/components/parameters/MatchRisk'
        - $ref: '#/components/parameters/MatchIType'
        - $ref: '#/components/parameters/MatchRetired'
      responses:
        '200':
          description: Successful request. Returns object information in JSON format.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ObjectResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalServerError'
      security:
        - HTTP Basic Authorization: []
        - API Key in Query String: []
      x-codeSamples:
        - lang: curl
          label: Production
          source: >
            curl
            "https://pulsedive.com/taxii2/api/collections/981c4916-ebb2-4567-aece-54ae970c4230/objects"
            \
              -H "Accept: application/taxii+json;version=2.1" \
              -u "taxii2:<YOUR_API_KEY>"
        - lang: curl
          label: Production - Filtering
          source: >
            curl
            "https://pulsedive.com/taxii2/api/collections/981c4916-ebb2-4567-aece-54ae970c4230/objects?match%5Brisk%5D=high%2Ccritical&match%5Bitype%5D=domain%2Curl&match%5Bretired%5D=false&added_after=2017-01-01%2000%3A00%3A00"
            \
              -H "Accept: application/taxii+json;version=2.1" \
              -u "taxii2:<YOUR_API_KEY>"
        - lang: curl
          label: Testing
          source: >
            curl
            "https://pulsedive.com/taxii2/api/collections/981c4916-ebb2-4567-aece-54ae970c4230/objects?accept=application%2Ftaxii%2Bjson%3Bversion%3D2.1&key=<YOUR_API_KEY>"
        - lang: curl
          label: Testing - Filtering
          source: >
            curl
            "https://pulsedive.com/taxii2/api/collections/981c4916-ebb2-4567-aece-54ae970c4230/objects?accept=application%2Ftaxii%2Bjson%3Bversion%3D2.1&match%5Brisk%5D=high%2Ccritical&match%5Bitype%5D=domain%2Curl&match%5Bretired%5D=false&added_after=2017-01-01%2000%3A00%3A00&key=<YOUR_API_KEY>"
components:
  parameters:
    CollectionID:
      name: collectionID
      in: path
      required: true
      description: >
        ID of the collection to query. Use one of the [available collection
        IDs](/taxii/collection/overview#available-collections).
      schema:
        type: string
    AcceptHeader:
      name: Accept
      in: header
      required: false
      description: >
        Media type used for content negotiation. Use
        `application/taxii+json;version=2.1` for TAXII requests.


        Standard method required by the TAXII specification. Use in production
        environments.
      schema:
        type: string
    AcceptQuery:
      name: accept
      in: query
      required: true
      description: >
        Media type used for content negotiation. Use
        `application/taxii+json;version=2.1` for TAXII requests.


        Specific to Pulsedive's implementation. Best for testing and debugging,
        manual API exploration, and simple curl commands. For production
        deployments, use [HTTP Accept
        Header](/taxii/versioning#http-accept-header).
      schema:
        type: string
    Pretty:
      name: pretty
      in: query
      required: false
      description: |
        Indicates whether to format returned JSON results.

        For pretty-printed output, set to 1.
        For compact output, set to 0.
      schema:
        type: integer
        enum:
          - 0
          - 1
        default: 0
      examples:
        compact:
          summary: Compact output
          value: 0
        pretty:
          summary: Pretty-printed output
          value: 1
    Limit:
      name: limit
      in: query
      required: false
      description: >
        Maximum number of results to return per page.


        Used with [Next Token
        pagination](/taxii/pagination#next-token-pagination).
      schema:
        type: integer
        default: 1000
        maximum: 1000
    Next:
      name: next
      in: query
      required: false
      description: >
        Token that indicates the next set of results to retrieve. Should match
        the `next` token provided in the previous response.


        Used with [Next Token
        Pagination](/taxii/pagination#next-token-pagination).
      schema:
        type: string
    AddedAfter:
      name: added_after
      in: query
      required: false
      description: >
        Timestamp filter. Returns only objects added after the specified time.
        UTC (`YYYY-MM-DDTHH:MM:SS.MMMZ`) or Pulsedive (`YYYY-MM-DD HH:MM:SS`)
        format.


        Used with [Time-Based
        Pagination](/taxii/pagination#time-based-pagination).
      schema:
        type: string
        format: date-time
    MatchID:
      name: match[id]
      in: query
      required: false
      description: >
        Filter by specific STIX object ID(s). Supports comma-separated list for
        multiple IDs.


        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: string
        example: indicator--12345678-1234-5678-9012-123456789012
    MatchSpecVersion:
      name: match[spec_version]
      in: query
      required: false
      description: >
        Filter by STIX specification version(s). Supports comma-separated list
        for multiple versions.


        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: string
        example: '2.1'
    MatchType:
      name: match[type]
      in: query
      required: false
      description: >
        Filter by STIX object type(s). Supports comma-separated list for
        multiple types.


        For available STIX Domain Object types, see the [STIX
        specification](https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html).


        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: string
        example: indicator
    MatchVersion:
      name: match[version]
      in: query
      required: false
      description: >
        Filter by STIX object version(s). Supports comma-separated list for
        multiple versions.


        Accepts keywords (`first`, `last`, `all`) or timestamps in STIX
        (`YYYY-MM-DDTHH:MM:SS.MMMZ`) or Pulsedive (`YYYY-MM-DD HH:MM:SS`)
        format. Pulsedive doesn't maintain object version history, so `first`,
        `last`, and `all` will return the latest object version.


        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: string
      examples:
        keyword:
          summary: Keyword
          value: first
        stix_timestamp:
          summary: STIX timestamp
          value: '2024-01-15T11:45:30.000Z'
        pulsedive_timestamp:
          summary: Pulsedive timestamp
          value: '2024-01-15 11:24:30'
    MatchSeen:
      name: match[seen]
      in: query
      required: false
      description: >
        Filter by last seen timestamp(s). Specific to Pulsedive's
        implementation.


        Supports comma-separated list for multiple timestamps.


        Accepts STIX (`YYYY-MM-DDTHH:MM:SS.MMMZ`) or Pulsedive (`YYYY-MM-DD
        HH:MM:SS`) timestamp format.


        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: string
        format: date-time
      examples:
        stix_timestamp:
          summary: STIX timestamp
          value: '2024-01-15T11:45:30.000Z'
        pulsedive_timestamp:
          summary: Pulsedive timestamp
          value: '2024-01-15 11:24:30'
    MatchRisk:
      name: match[risk]
      in: query
      required: false
      description: |
        Filter by risk level(s). Specific to Pulsedive's implementation.

        Supports comma-separated list for multiple risk levels.

        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: string
        enum:
          - unknown
          - none
          - very low
          - low
          - medium
          - high
          - critical
      examples:
        single_value:
          summary: Single value
          value: low
        multiple_values:
          summary: Multiple values
          value: low, medium, critical
    MatchIType:
      name: match[itype]
      in: query
      required: false
      description: |
        Filter by indicator type(s). Specific to Pulsedive's implementation.

        Supports comma-separated list for multiple types.

        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: string
        enum:
          - ip
          - ipv6
          - domain
          - url
    MatchRetired:
      name: match[retired]
      in: query
      required: false
      description: |
        Filter by indicator status. Specific to Pulsedive's implementation.

        For retired indicators, set to `true`.
        For active indicators, set to `false`.

        To learn more, visit [Filtering](/taxii/filtering).
      schema:
        type: boolean
  schemas:
    ObjectResponse:
      type: object
      properties:
        more:
          type: boolean
          description: >
            Indicates whether additional results are available. Use the `next`
            field to retrieve them. Used with [pagination](/taxii/pagination).
          example: false
        next:
          type: string
          description: >
            Pagination token for retrieving the next set of results. Only
            present when `more` is `true`. Used with
            [pagination](/taxii/pagination).
          example: 2018-01-01 00:00:00|1000
        objects:
          type: array
          description: >
            Array of STIX 2.1 objects. The first two objects are always system
            objects, followed by query results:


            1. `identity`: Identifies the Pulsedive organization. Conforms to
            the STIX 2.1 specification for the [STIX Identity Domain
            Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_wh296fiwpklp).

            2. `extension-definition`: Defines Pulsedive custom extended
            properties for the STIX Indicator Domain Object.

            3. Query results: STIX objects that conform to the [STIX 2.1
            specification](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_nrhq5e9nylke).

                For indicators:
                - [STIX Indicator Domain Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_muftrcpnf89v), plus Pulsedive extended properties defined in the `extension-definition` object.

                For threats, the appropriate object:
                - [STIX Malware Domain Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_s5l7katgbp09)
                - [STIX Threat Actor Domain Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_k017w16zutw)
                - [STIX Campaign Domain Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_pcpvfz4ik6d6)
                - [STIX Attack Pattern Domain Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_axjijf603msy)
                - [STIX Tool Domain Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_z4voa9ndw8v)
                - [STIX Vulnerability Domain Object](https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_q5ytzmajn6re)
          items:
            anyOf:
              - $ref: '#/components/schemas/PulsediveExtensionDefinition'
              - $ref: '#/components/schemas/PulsediveSTIXIndicator'
      example:
        more: false
        objects:
          - id: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            type: identity
            name: Pulsedive
            identity_class: organization
            sectors:
              - technology
            contact_information: https://pulsedive.com/
            description: >-
              Pulsedive is an analyst-centric threat intelligence platform built
              with on-demand scanning for live data, risk scoring to reduce
              false positives, and powerful integration capabilities for
              leveraging Pulsedive data inside your organization.
            created: '2026-02-08T08:56:18.000Z'
            modified: '2026-02-08T08:56:18.000Z'
            spec_version: '2.1'
            lang: en
          - id: extension-definition--c58a936d-f97f-545b-9646-434cc3382126
            type: extension-definition
            name: Pulsedive Indicator Extension
            description: >-
              This schema adds Pulsedive-specific properties to Indicator
              objects.
            schema: https://pulsedive.com/api/taxii
            version: 1.0.0
            extension_types:
              - toplevel-property-extension
            extension_properties:
              - pulsedive_risk
              - pulsedive_risk_int
              - pulsedive_retired
              - pulsedive_retired_timestamp
              - pulsedive_retired_reason
            created: '2026-02-08T08:56:18.000Z'
            modified: '2026-02-08T08:56:18.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
          - id: indicator--606a6a6a-bec0-5fb3-9203-000077081047
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T08:39:49.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''register-polymarket.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T08:39:49.000Z'
            modified: '2026-02-07T08:40:14.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--e8989e12-a49a-5614-a49c-000077081056
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T08:39:53.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''kraken-world.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T08:39:53.000Z'
            modified: '2026-02-07T08:40:52.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--54783807-ff40-57e9-9f33-000077081057
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T08:39:54.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''zentral-invest.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T08:39:54.000Z'
            modified: '2026-02-07T08:41:11.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--c2939ac3-4eef-5e08-90e7-000077082902
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T08:43:05.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''point-fort-fichet-courbevoie.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T08:43:05.000Z'
            modified: '2026-02-07T08:43:26.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--23236d25-ed94-5bd4-a1e0-000077083237
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T09:34:25.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''783yto.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T09:34:25.000Z'
            modified: '2026-02-07T09:34:34.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--a7aa2b33-7743-5d00-9560-000077083252
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T09:34:25.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''746ytt.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T09:34:25.000Z'
            modified: '2026-02-07T09:34:34.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--fe622958-12ca-5c54-8899-000077083253
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T09:34:25.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''5742kyx.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T09:34:25.000Z'
            modified: '2026-02-07T09:34:34.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--502373cb-ce74-54c4-bb5c-000077083241
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T09:34:25.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''9874yt.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T09:34:25.000Z'
            modified: '2026-02-07T09:34:35.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--5c91c153-dd55-5ce0-8e64-000077083246
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T09:34:25.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''tba8513.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T09:34:25.000Z'
            modified: '2026-02-07T09:34:35.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
          - id: indicator--9b9e796a-0e68-5afe-9773-000077083236
            type: indicator
            pulsedive_risk: critical
            pulsedive_risk_int: 4
            pulsedive_retired: 0
            name: Detection Pattern
            description: Very high risk of malicious activity.
            valid_from: '2026-02-07T09:34:24.000Z'
            indicator_types:
              - malicious-activity
            pattern: '[domain-name:value = ''greenmort.com'']'
            pattern_type: stix
            extensions:
              extension-definition--c58a936d-f97f-545b-9646-434cc3382126:
                extension_type: toplevel-property-extension
            created: '2026-02-07T09:34:24.000Z'
            modified: '2026-02-07T09:34:36.000Z'
            created_by_ref: identity--5c9fb347-238c-5b07-bae0-93fe6972689d
            spec_version: '2.1'
            lang: en
    PulsediveExtensionDefinition:
      type: object
      title: Pulsedive Indicator Extension
      properties:
        type:
          type: string
          description: >
            Type of STIX object. For the Pulsedive custom extension, this will
            always be `extension-definition`.
          enum:
            - extension-definition
        id:
          type: string
          description: |
            Unique identifier for this extension definition.
        name:
          type: string
          description: |
            Name of the extension.
        description:
          type: string
          description: |
            Explanation of what the extension does.
        schema:
          type: string
          description: |
            URL pointing to the JSON schema or documentation for this extension.
        version:
          type: string
          description: |
            Version of the extension definition.
        extension_types:
          type: array
          description: >
            Type for the Pulsedive custom extension. Always
            `toplevel-property-extension`.
          items:
            type: string
        extension_properties:
          type: array
          description: |
            Names of the custom properties this extension adds.
          items:
            type: string
            enum:
              - pulsedive_risk
              - pulsedive_risk_int
              - pulsedive_retired
              - pulsedive_retired_timestamp
              - pulsedive_retired_reason
        created:
          type: string
          format: date-time
          description: |
            Timestamp when this extension definition was created. UTC format.
        modified:
          type: string
          format: date-time
          description: >
            Timestamp when this extension definition was last modified. UTC
            format.
        created_by_ref:
          type: string
          description: >
            Unique identifier of the Identity object that created this
            extension.
        spec_version:
          type: string
          description: |
            STIX specification version. Pulsedive uses 2.1.
    PulsediveSTIXIndicator:
      title: Extended STIX Indicator Properties
      allOf:
        - type: object
        - $ref: '#/components/schemas/PulsediveIndicatorExtension'
    ErrorResponse:
      type: object
      properties:
        error:
          type: string
          description: Message describing the error that occurred, if available.
    PulsediveIndicatorExtension:
      type: object
      properties:
        pulsedive_risk:
          type: string
          description: |
            Risk level assigned by Pulsedive's risk scoring algorithm.
          enum:
            - none
            - unknown
            - low
            - medium
            - high
            - critical
        pulsedive_risk_int:
          type: integer
          description: >
            Numeric representation of the risk level for easier programmatic
            comparison and sorting.


            Options include: `-1` (`none`), `0` (`unknown`), `1` (`low`), `2`
            (`medium`), `3` (`high`), `4` (`critical`).
          enum:
            - -1
            - 0
            - 1
            - 2
            - 3
            - 4
        pulsedive_retired:
          type: integer
          description: >
            Indicates whether the indicator is inactive or obsolete.


            An indicator is automatically retired if, in the past three months,
            it has not been:


            - Reported using the Seen button in the Pulsedive UI

            - Observed in any source feeds

            - Submitted through the Analyze section of the Pulsedive UI


            Pulsedive research can also retire indicators manually.


            When set to `1`, this indicator is retired.

            When set to `0`, this indicator is active.
          enum:
            - 0
            - 1
        pulsedive_retired_timestamp:
          type: string
          format: date-time
          description: >
            Timestamp when the indicator was retired. UTC format. Only appears
            when retired.
        pulsedive_retired_reason:
          type: string
          description: |
            Explanation for why the indicator was retired.
  responses:
    BadRequest:
      description: |
        Bad request. The request was malformed or missing required parameters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: |
        Unauthorized. Your API key is missing or invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFound:
      description: |
        Not found. The requested indicator could not be located.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    TooManyRequests:
      description: >
        Rate limit exceeded. Too many requests have been made in a short period
        of time.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerError:
      description: |
        Server error. An unexpected problem occurred on our end.
        These errors are automatically reported to our team.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    HTTP Basic Authorization:
      type: http
      scheme: basic
      description: >
        Encode your credentials in the format `taxii2:<YOUR_API_KEY>` using
        Base64 and include them in the `Authorization` header. An API key is
        required for all requests.


        Some tools require a username and password separately. Use `taxii2` as
        the username and your API key as the password. The client will
        automatically encode this as `taxii2:<YOUR_API_KEY>` and convert to
        Base64.


        If using **Try It**: Use the username/password method for HTTP Basic
        Authorization.
    API Key in Query String:
      type: apiKey
      in: query
      name: key
      description: >
        Include your API key as a query parameter. An API key is required for
        all requests.


        Specific to Pulsedive's implementation. Best for testing and debugging,
        manual API exploration, and simple curl commands. For production, use
        [HTTP Basic
        Authorization](/taxii/authentication#http-basic-authorization).

````