Get Domains by Search - Cloud Security API

{"type":"api","title":"Get Domains by Search","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/d2a1854d5c0ed9069a7f0bc54a9b813f3075ddc9/570121d2-76a9-3f3f-bf01-6671496640c5","info":{"title":"Cisco Secure Access Investigate API","description":"The Secure Access Investigate API provides a complete view of domains in relation to IP and autonomous system number (ASN) information.\nYou can get the following domain information:\n\n* Domain status, risk score, and geolocation\n* Number of domain searches\n* Co-occurring domains\n* Subdomains of a domain\n* Tagged timeline of a domain, IP, or URL\n* Security reputation of a domain\n* Top accessed domains\n* WHOIS information for the domain\n* Threat intelligence data for domains, IPs, and URLs\n* Threat intelligence samples by file hash","version":"2.0.0","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Domain Status and Categorization"},{"name":"Domain Volume"},{"name":"Co-occurrences for a Domain"},{"name":"Passive DNS"},{"name":"Tagging Timeline"},{"name":"Subdomains for a Domain"},{"name":"Related Domains for a Domain"},{"name":"Security Information for a Domain"},{"name":"AS Information for a Domain"},{"name":"WHOIS Information for a Domain"},{"name":"Popularity List-Top Million Domains"},{"name":"Search Domain"},{"name":"Cisco Secure Malware Analytics Integration"},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/investigate/investigate-overview.md","uri":"secure-access-api-reference-investigate-api-overview"}},"openapi":"3.0.0","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"investigate/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"scopes":{"investigate.investigate:read":"Investigate read access","investigate.bulk:read":"Investigate bulk read access"},"tokenUrl":"https://api.sse.cisco.com/auth/v2/token"}}}}},"spec":{"summary":"Get Domains by Search","operationId":"getSearch","tags":["Search Domain","Secure Access"],"description":"List the newly seen domains that match a regular expression pattern.","parameters":[{"name":"expression","in":"path","required":true,"description":"A standard regular expression pattern search.","schema":{"type":"string"},"example":"exa[a-z]ple.com"},{"name":"start","in":"query","required":true,"description":"Specifies a relative or absolute start time. If specifying an absolute time,\nuse an epoch time (Unix time) millisecond timestamp within the last 30 days.\nFilter for data that appears after this time.\nIf specifying a relative time, use either seconds, minutes, hours, days\nor weeks with a minus sign in front.\nAs an example, -1days, -1000minutes, or -2weeks are all valid.\nYou cannot combine timestamps. Only use one of the relative time enumerators per query.","schema":{"type":"string"},"example":"-1days","$$ref":"#/components/parameters/start"},{"name":"stop","in":"query","required":false,"description":"Point in time in the past expressed as a timestamp in milliseconds or relative time.\nFilter for data that appears before this time.\nValid formats: stop=-1days, stop=now, stop=1509642000000. The maximum time range is 30 days.","schema":{"type":"string"},"example":"now","$$ref":"#/components/parameters/stop"},{"name":"limit","in":"query","required":false,"description":"The number of items to return in the response from the collection. The default limit is 10.\nIncrease the limit to request a larger set of data.","schema":{"type":"integer","default":10},"example":25,"$$ref":"#/components/parameters/limitParam"},{"name":"offset","in":"query","required":false,"description":"A number that represents an index in the collection. By default, the offset is 0 (the first record).","schema":{"type":"integer","default":0},"example":2,"$$ref":"#/components/parameters/offsetParam"},{"name":"includeCategory","in":"query","required":false,"description":"Enables or disables the inclusion of security categories in the response.\nThe default value is false.\n","schema":{"type":"boolean"},"example":true},{"name":"type","in":"query","required":false,"description":"Specifies the search database node type. Valid values are: URL, IP, or HOST.\n","schema":{"type":"string","enum":["URL","IP","HOST"]},"example":"IP"}],"security":[{"oauthFlow":["investigate.investigate:read"]}],"responses":{"200":{"description":"OK","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","description":"The list of newly seen domains that match a regular expression pattern.","properties":{"expression":{"type":"string","description":"Specifies the regular expression used in the search.","example":"exa[a-z]ple.com"},"totalResults":{"type":"integer","description":"The total number of samples.","format":"int64","example":1000,"$$ref":"#/components/schemas/totalresults"},"moreDataAvailable":{"type":"boolean","description":"Specifies whether more samples are available for the destination.","example":true,"$$ref":"#/components/schemas/moreDataAvailable"},"limit":{"type":"integer","description":"The maximum number of records to include in the response.","format":"int64","example":100,"$$ref":"#/components/schemas/limit"},"matches":{"type":"array","description":"The list of matching records.","items":{"type":"object","description":"The properties of the matching domain.","properties":{"firstSeen":{"type":"integer","format":"int64","description":"The first time Secure Access related the domain for the resource record, specified\nin Unix Epoch time.","example":1615427410,"$$ref":"#/components/schemas/firstSeen"},"name":{"type":"string","description":"The name of the query.","example":"example.com"},"securityCategories":{"type":"array","description":"The list of Secure Access security categories that match the domain.","items":{"type":"string","description":"A Secure Access security category."},"example":["Phishing Attacks","Malware"]},"firstSeenISO":{"type":"string","format":"date-time","description":"The first time Secure Access related the domain for the resource record,\nspecified in ISO date and time format.","example":"2015-05-22T21:42:07.421Z","$$ref":"#/components/schemas/firstSeenISO"}},"example":{"expression":"exa[a-z]ple.com","totalResults":1,"moreDataAvailable":false,"limit":1000,"matches":[{"name":"example.com","firstSeen":1432330927421,"firstSeenISO":"2015-05-22T21:42:07.421Z","securityCategories":["Phishing Attacks","Malware"]}]},"$$ref":"#/components/schemas/MatchRecord"},"example":[{"name":"example","firstSeen":1432330927421,"firstSeenISO":"2015-05-22T21:42:07.421Z","securityCategories":["Botnet"]}]}}},"example":{"expression":"exa[a-z]ple.com","totalResults":1,"moreDataAvailable":false,"limit":1000,"matches":[{"name":"example","firstSeen":1432330927421,"firstSeenISO":"2015-05-22T21:42:07.421Z","securityCategories":["Botnet"]}]}}}},"400":{"description":"Bad Request","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Internal Server Error","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"getSearch","method":"get","path":"/search/{expression}"}}