The Events API enables automated systems to pull real-time and historical cyber threat intelligence data related to monitored assets - including emails, domains, and IP addresses (*These assets are defined and managed within the Lunar platform). Each event includes detailed metadata, affected assets, and optional breach, device, and account information to support incident response and remediation.
API Design
- Protocol: RESTful API
- Transport: JSON over HTTPS
- Authentication: Token-based
Sorting & Ordering
- Events are sorted by
created_date(event creation date) in ascending order (oldest to newest).
Pagination
- Results are paginated using the from parameter.
- Each page contains up to 10 events.
- Use the next field in the response to retrieve the next page.
History Retention
Historical event data is retained for 1 year.
PII Access Controls
Passwords and sensitive data fields are masked or exposed based on Admin configuration.
Authorized Domains for Leaked Credentials
To comply with privacy regulations, access to leaked credentials is restricted to assets under pre-approved domains.
Use the Authorized Domains API to view, add, or remove approved domains independently.
- Applies to these asset types: domain, email
- If a top-level domain (TLD) is authorized, all its subdomains are included automatically.