Skip to main content
Retrieve the IOCs associated with the threat actor. Notes:
  • Enrichment allows access to actor data for 8 hours without consuming tokens.
  • Maximum 1 request per second is allowed.
Response fields:
  • tokenCharged: If false, the request does not consume tokens.
  • tokensLeft: Shows the remaining token balance.

Parameters

ParameterDescription
End DateThe end date to filter by.
Filter By TimeThe time difference to filter by.
Filter By TypesA comma-separated list of IOC types to filter by.
OffsetThe offset to start returning results from.
Query-
SizeThe maximum number of results to return.

Note: Maximum 1000 results are allowed.
Sort ByThe field to sort the results by.
Sort OrderThe order to sort the results by.
Start DateThe start date to filter by.
Threat Actor IDThe ID of the threat actor. Can be obtained by the List Threat Actors action.

Example Output

{
	"totalUnfilteredCount": "Number",
	"total": "Number",
	"results": [
		{
			"id": "string",
			"linked_entities": [
				{
					"date": "Unix timestamps",
					"description": "String",
					"label": "String",
					"type": "String",
					"value": "String"
				}
			],
			"note": "String",
			"detection_date": "Unix timestamps",
			"reference": {
				"date": "Unix timestamps",
				"description": "String",
				"label": "String",
				"type": "String",
				"value": "String"
			},
			"updated_date": "Unix timestamps",
			"type": "String",
			"value": "String"
		}
	],
	"filters": {
		"types": [
			{
				"key": "String",
				"doc_count": "Number"
			}
		]
	},
	"tokenCharged": "Boolean",
	"tokensLeft": "Number"
}

Workflow Library Example

Get Actor Iocs with Kela and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop