Skip to main content
Retrieve the Finished Intelligence items associated with the threat actor. Notes:
  • Enrichment allows access to actor data for 8 hours without consuming tokens.
  • The last 5 FINTEL actions of the actor are available without the Threat Landscape module.
  • Maximum 1 request per second is allowed.
Response fields:
  • tokenCharged: If false, the request does not consume tokens.
  • tokensLeft: Shows the remaining token balance.

Parameters

ParameterDescription
Document TypeThe document type to filter by.
OffsetThe offset to start returning results from.
QueryThe query used on actor properties to filter results by, such as title, summary.
Report TypesThe report types to filter by.

Applicable types based on the document type:
* If Document Types is report: Actor Profile or Emerging Threats.


* If Document Types is event: Ransom Event, Network Access, Malware, Source Update, APT Activity, Threat Update, Database Leak, or Vulnerabilities.


* If Document Types is insight: leave empty.
SizeThe maximum number of results to return.

Note: Maximum 1000 results are allowed.
Threat Actor IDThe ID of the threat actor. Can be obtained by the List Threat Actors action.

Example Output

{
	"totalUnfilteredCount": "Number",
	"totalFiltered": "Number",
	"results": [
		{
			"id": "String",
			"title": "String",
			"summary": "String",
			"text": "String",
			"tags": [
				"String"
			],
			"references": [
				{
					"id": "String",
					"index": "String",
					"title": "String"
				}
			],
			"externalSources": [
				"String (URL)"
			],
			"associatedThreatActors": [
				{
					"id": "String",
					"name": "String",
					"fields": []
				}
			],
			"tlp": "Number",
			"postedDate": "Unix timestamps",
			"documentType": "String",
			"reportType": "String",
			"data_file": [
				{
					"key": "String",
					"name": "String",
					"type": "String"
				}
			],
			"pdf": "String",
			"media": [
				{
					"type": "String",
					"url": "String",
					"name": "String"
				}
			],
			"iocs": [],
			"mitre": [
				{
					"name": "String",
					"id": "String",
					"fields": [],
					"group": "String"
				}
			],
			"relatedIntelligence": [],
			"geography": "String",
			"sector": "String"
		}
	],
	"filters": {
		"types": [
			{
				"key": "String",
				"doc_count": "Number"
			}
		],
		"documentTypes": [
			{
				"key": "String",
				"doc_count": "Number"
			}
		]
	},
	"tokenCharged": "Boolean",
	"tokensLeft": "Number"
}

Workflow Library Example

Get Actor Fintel with Kela and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop