Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.calseta.com/llms.txt

Use this file to discover all available pages before exploring further.

enrich_indicator

Trigger enrichment for any indicator value. The enrichment runs asynchronously — the tool returns immediately with the indicator’s current state.

Parameters

ParameterTypeRequiredDescription
typestringYesIndicator type: ip, domain, hash_md5, hash_sha1, hash_sha256, url, email, account
valuestringYesThe indicator value to enrich

Example

{
  "type": "ip",
  "value": "185.220.101.47"
}

Return Value

If enrichment results are already cached: 
{
  "type": "ip",
  "value": "185.220.101.47",
  "malice": "Malicious",
  "enrichment_results": {
    "virustotal": {
      "extracted": { "malicious_count": 14 },
      "success": true
    },
    "abuseipdb": {
      "extracted": { "abuse_confidence_score": 97 },
      "success": true
    }
  }
}
If enrichment is in progress: 
{
  "type": "ip",
  "value": "185.220.101.47",
  "malice": "Pending",
  "status": "enriching"
}
If the indicator has been previously enriched and the cache is still valid, results are returned immediately without re-querying providers.

Required Scope

enrichments:read