Find Correlated Reports

GET /1.3/reports/correlated


Returns a paginated list of all reports that contain any of the provided indicator values.


Parameter Required Default Description
indicators X   indicator value of any type; i.e. an IP address, email address, URL, MD5, SHA1, SHA256, Registry Key, Malware name, etc.
enclaveIds   All enclaves the user has READ access to. A comma-separated list of enclave IDs. Only reports in these enclaves will be returned.
distributionType   ENCLAVE Only reports with this distribution type will be returned (ENCLAVE or COMMUNITY).
pageNumber   0 which page of the result set to get
pageSize   25 the number of results per page

Response (200)

A page of Report.

Example Usage


curl -k -H "Authorization: Bearer {access_token}" \


    "items": [
            "id": "00618551-1924-431d-8e05-ca8eeeec2dcb",
            "created": 1517561071043,
            "updated": 1517561080713,
            "title": "Hit by malware",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517561071028,
            "reportBody": "We got hit with the WANNACRY virus the other day.",
            "enclaveIds": [
            "id": "a9e5ebd9-26c4-4683-b75c-e3976f33f206",
            "created": 1517559481323,
            "updated": 1517559481425,
            "title": "Do we have WANNACRY?",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517559477175,
            "reportBody": "We think we might have WANNACRY...",
            "enclaveIds": [
    "hasNext": false,
    "pageSize": 25,
    "pageNumber": 0