DarkFlash Incidents API
Retrieve DarkFlash incidents programmatically — credential leaks, dark web mentions, ransomware listings, and threat actor activity.
Base URL
https://incidents.cyberxtron.com
Authentication
Every request requires two custom headers:
XTRON-ORG-KEY: your_org_key
XTRON-ORG-SECRET: your_org_secret
Contact support@cyberxtron.com to obtain credentials.
Endpoint
GET /api/v1/darkflash/incidents
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
keyword | string | — | Filter by monitored keyword |
status | string[] | — | Open, In Progress, Closed |
severity | string | — | Filter by severity label |
created_date | string | — | Filter by date (YYYY-MM-DD) |
created_time | string | — | Filter by time (HH:MM:SS) |
page | integer | 1 | Page number (min: 1) |
size | integer | 10 | Results per page (min: 1, max: 100) |
Example Requests
# All open DarkFlash incidents
curl \
-H "XTRON-ORG-KEY: your_org_key" \
-H "XTRON-ORG-SECRET: your_org_secret" \
"https://incidents.cyberxtron.com/api/v1/darkflash/incidents?status=Open"
# Filter by keyword and severity
curl \
-H "XTRON-ORG-KEY: your_org_key" \
-H "XTRON-ORG-SECRET: your_org_secret" \
"https://incidents.cyberxtron.com/api/v1/darkflash/incidents?keyword=example.com&severity=Critical&page=1&size=25"
# Filter by date
curl \
-H "XTRON-ORG-KEY: your_org_key" \
-H "XTRON-ORG-SECRET: your_org_secret" \
"https://incidents.cyberxtron.com/api/v1/darkflash/incidents?created_date=2026-04-01&status=Open"
Example Response
{
"success": true,
"data": [
{
"id": 12345,
"title": "Employee credentials found in stealer log",
"taskKey": "DFINC-123",
"status_description": "Open",
"status_statusCd": "Open",
"severity_label": "Critical",
"category_name": "Credential Leak",
"taskType_name": "Stealer Log",
"product_name": "DarkFlash",
"description": "Employee credentials matching your monitored domain were found in a stealer log.",
"createdDt": 1743494400,
"updatedDt": 1743494400,
"impact": "Compromised credentials may allow unauthorized access to corporate systems.",
"recommendation": "Force a password reset for the affected accounts and review authentication logs.",
"keyword": "example.com",
"publisher_source": "Dark web forum",
"retrieved_data": "username@example.com:password123"
}
],
"meta": {
"pagination": {
"total": 42,
"page": 1,
"page_size": 10,
"total_pages": 5
}
}
}
Response Fields
Common Fields
| Field | Type | Description |
|---|---|---|
id | integer | Unique numeric ID |
title | string | Incident title |
taskKey | string | Ticket key (e.g., DFINC-123) |
status_statusCd | string | Open, In Progress, Closed |
severity_label | string | Critical, High, Medium, Low |
category_name | string | Detection category |
taskType_name | string | Specific incident type |
description | string | Full details |
impact | string | Impact description |
recommendation | string | Suggested remediation |
createdDt | integer | Creation Unix timestamp |
updatedDt | integer | Last update Unix timestamp |
DarkFlash-Specific Fields
| Field | Type | Description |
|---|---|---|
keyword | string | Monitored keyword that triggered this detection |
publisher_source | string | Source where data was found |
retrieved_data | string | Raw data excerpt from the source |
Pagination
| Field | Description |
|---|---|
meta.pagination.total | Total matching records |
meta.pagination.page | Current page |
meta.pagination.page_size | Results on this page |
meta.pagination.total_pages | Total pages |
Error Codes
| Status | Description |
|---|---|
401 | Invalid or missing credentials |
403 | Subscription suspended or expired |
422 | Invalid query parameter value |