Freetext

The enrichment fields requested for the entities returned. Several fields can be given as a comma separated string.

See https://docs.recordedfuture.com/reference/enrichment-field-attributes for a list of values.

Filters entities based on risk score, e.g. on the form [20, 80] (20 <= risk score <= 80), [20,) (20 <= risk score), or [,90) (risk score < 90). '[' and ']' are inclusive while '(' and ')' are exclusive.

Filters for vulnerabilities based on CVSS score (from most trusted source), e.g. on the form [8.0, 9.0] (8.0 <= CVSS score <= 9.0)

Filters for vulnerabilities based on CVSS v3 score, e.g. on the form [8.0, 9.0] (8.0 <= CVSS v3 score <= 9.0)

RF ID of affected product

Filters entities based on the download of the first reference which is taken into account during risk scoring of the entity. All Elasticsearch compatible date formats are valid.

Filters entities based on the download of the latest reference which is taken into account during risk scoring of the entity. All Elasticsearch compatible date formats are valid.

Filters entities based on presence in a single list. Requires the list ID, which can be found using the List API

Filters for vulnerabilities based on affected products using the CPE identifier system. This field, if used, will be validated as follows:

cpe:2.3:a:wordpress:wordpress:4.5: - Valid. Will find all products with CPEs that start with this string, like WordPress 4.5, but also 4.5 beta3 and 4.5 rc1.

cpe:2.3:a:wordpress:wordpress:4 - Valid. Note the lack of trailing colon. Will find products with versions starting with 4. Like 4.2, 4.2.3, 4.5.

cpe:2.3:a:wordpress:wordpress: - Valid. Will find all known identifiers for WordPress, regardless of version.

cpe:2.3:a:wordpress: - Invalid. Too broad, the "product" part must be defined.