> ## Documentation Index
> Fetch the complete documentation index at: https://api.docs.flare.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Search
**DEPRECATED:** This endpoint should be replaced by
[/firework/v4/events/global/\_search ](/api-reference/v4/endpoints/global-search)
This endpoint is subject to quotas and is subject to the `Search` ratelimiting tier.
See
[Rate Limits and Quotas ](/concepts/rate-limits-and-quotas).
## OpenAPI
````yaml firework-v2-openapi get /firework/v2/search/
openapi: 3.0.1
info:
description: >
Manage and access Firework resources.
### Steps to use the Api
1. `Send` a POST request to `https://api.flare.systems/tokens/generate` with
your **Firework** credentials using [Basic
Auth](https://en.wikipedia.org/wiki/Basic_access_authentication) to get a
authentication token.
---
2. On the current page, click on the **Authorize** button and insert the
token using the following format: `Bearer {token}`
Example value: `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.Et9HFtf9R3GEMA0IICOfFMVXY7kkTX1wr4qCyhIf58U`
---
3. You should now be able to use SwaggerUI's built-in tools to query the
documented endpoints.
title: Firework API
version: v2
servers:
- url: https://api.flare.io/
security:
- BearerAuth: []
tags:
- description: Searches the threat activity database.
name: search
- description: Manage a user's or organization's identifiers
name: Identifiers
- description: Perform actions on activities.
name: activities
- description: Perform actions on the current user.
name: me
- description: Manage tenants.
name: tenants
- description: Admin management of organizations.
name: organizations
- description: Manage reporting as an admin.
name: reporting
paths:
/firework/v2/search/:
get:
tags:
- search
operationId: get_search_/search/
parameters:
- description: >-
Fields to includes in the results in a dotted form. For example,
"data.actor_name" will include items similar to:```json
"items": [{
"data": {
"actor_name": "Seller123"
}
}]
```
By default, all fields are included in the response.
explode: true
in: query
name: fields
schema:
items:
type: string
type: array
style: form
- description: |2-
The `time` parameter is used to limit results to those found in the provided time span.
*Expected format* : from@to
*Example value* : 2019-09-03T04:00:00.000Z@2019-09-14T04:00:00.000Z
in: query
name: time
schema:
type: string
- description: >-
The `size` parameter is used to limit the number of results returned
for the search query.
in: query
name: size
schema:
default: 10
type: integer
- description: >-
The `search_after` parameter is used to paginate through results.
To get the first page of results, omit this parameter. Afterward,
include the `search_after` parameter in your next request with the
latest response's `search_after` value to get the next page of
results.
in: query
name: search_after
schema:
type: string
- description: >-
The `from` parameter is used to paginate through results.
To get the first page of results, omit this parameter. Afterward,
include the `from` parameter in your next request with the latest
response's `next` value to get the next page of results.
in: query
name: from
schema:
type: string
- description: User defined tags used to filter search results
explode: true
in: query
name: tags
schema:
items:
type: string
type: array
style: form
- description: User defined operator to apply to tags filter
in: query
name: tags_query_operator
schema:
type: string
- description: >
Type of activities to search through.
*Expected values* : attachment, listing, ransomleak, forum_post,
forum_topic, forum_profile, blog_post, seller, paste, leak,
chat_message, domain, bot, stealer_log, infected_devices, driller,
driller_forum_topic, driller_forum_post, driller_profile, cc, ccbin,
financial_data, leaked_data, leaked_file, document, account, actor,
forum_content, blog_content, profile, leaked_credential,
illicit_networks, open_web, domains, leaks, social_media_account,
social_media, source_code, source_code_secrets_np,
source_code_secrets, source_code_files, docker, stack_exchange,
google, service, driller_host, buckets, bucket, bucket_object,
whois, cookie, pii, experimental
*Some search types contain others*
- illicit_networks: forum_post, financial_data, blog_post,
stealer_log, bot, forum_topic, seller, listing, forum_profile,
ransomleak, chat_message
- open_web: google, bucket_object, docker, source_code_secrets,
bucket, paste, source_code_files, social_media_account,
stack_exchange, service
- leaks: leak
- domains: domain
explode: true
in: query
name: types
schema:
enum:
- attachment
- listing
- ransomleak
- forum_post
- forum_topic
- forum_profile
- blog_post
- seller
- paste
- leak
- chat_message
- domain
- bot
- stealer_log
- infected_devices
- driller
- driller_forum_topic
- driller_forum_post
- driller_profile
- cc
- ccbin
- financial_data
- leaked_data
- leaked_file
- document
- account
- actor
- forum_content
- blog_content
- profile
- leaked_credential
- illicit_networks
- open_web
- domains
- leaks
- social_media_account
- social_media
- source_code
- source_code_secrets_np
- source_code_secrets
- source_code_files
- docker
- stack_exchange
- google
- service
- driller_host
- buckets
- bucket
- bucket_object
- whois
- cookie
- pii
- experimental
items:
type: string
type: array
style: form
- description: Type of experimental activities to search through.
explode: true
in: query
name: experimental_types
schema:
items:
type: string
type: array
style: form
- in: query
name: event_action
schema:
enum:
- default
- ignored
- remediated
- risk_score_edited
- exclude_ignored
- ignored_or_remediated
type: string
- explode: true
in: query
name: event_actions
schema:
enum:
- default
- ignored
- remediated
- risk_score_edited
- exclude_ignored
- ignored_or_remediated
items:
type: string
type: array
style: form
- explode: true
in: query
name: risks
schema:
enum:
- '1'
- '2'
- '3'
- '4'
- '5'
items:
type: integer
type: array
style: form
- in: query
name: order
schema:
default: desc
enum:
- asc
- desc
type: string
- in: query
name: sort_by
schema:
default: created
enum:
- created
- indexed
- updated
- alertable-materialized
- materialized
- searchable
type: string
- in: query
name: use_global_policies
schema:
default: true
type: boolean
- description: The time zone used to compute the statistics.
in: query
name: time_zone
schema:
type: string
- description: >-
Query used to filter results. Search query uses the [Lucene
query](https://www.elastic.co/guide/en/elasticsearch/reference/6.x/query-dsl-query-string-query.html#query-string-syntax)
syntax.
in: query
name: query
schema:
type: string
- in: query
name: has_modified_risk_score
schema:
default: false
type: boolean
- in: query
name: has_notes
schema:
default: false
type: boolean
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Search'
description: Returns the search result(s).
'400':
content:
application/json:
schema:
$ref: '#/components/schemas/HttpError'
description: Query is invalid.
components:
schemas:
Search:
properties:
items:
items:
properties: {}
type: object
type: array
nb_hits:
type: integer
links:
$ref: '#/components/schemas/SearchLinks'
search_after:
type: string
type: object
HttpError:
properties:
message:
type: string
code:
type: string
type: object
SearchLinks:
properties:
next:
type: string
type: object
securitySchemes:
BearerAuth:
type: http
scheme: bearer
````