Search API

Documentation of the Search API endpoints

The main Search API documentation is available here in PDF format. This site is supplementing that documentation.

/file/treeview

The Search API endpoint /file/treeview was added in June 2025. It returns a JSON array of items that represent the data visualized in the “Tree View” to intelx.io end-users. Essentially, this returns a list of other items linked to a given item. Intelligence X links related items such as,

Stealer Logs that contain a collection of files in a single container file (typically a ZIP or RAR file)
Other container files that represent a single leak
Large files that are broken up into multiple files
Archived website copies (different URLs) to a single domain
Archived website copies (different historical copies of the same URL) to a single URL

This endpoint is only available to users with a valid API, Identity, or Enterprise license.

The required parameters for the request are:

Request: GET /file/treeview?storageid=[storage identifier]&bucket=[bucket]
Request: GET /file/treeview?systemid=[system ID]&bucket=[bucket]

To use this endpoint, it requires as input either:

The System ID in the systemid= parameter to specify the item which Tree View data shall be returned.
The Storage ID in the storageid= parameter of the actual Tree View file. This is the same identifier that is returned in the search results from the /intelligent/search/result endpoint in the field indexfile. This is the preferred way.

The bucket= parameter is required to specify the bucket of the item (which is again available in the search result data).

The result is a JSON encoded array of items that are linked to the original item. Note that only the following fields are populated (the others are empty and not used): systemid, name, date, media, type, size

Full sample requests and response:

https://2.intelx.io/file/treeview?bucket=darknet.tor&systemid=e3abda9e-1131-4e01-b8b8-007a5ba4c506
https://2.intelx.io/file/treeview?bucket=darknet.tor&storageid=3306966f477a4d65321670148a59b83b37779617b1a6427d1ae4c0b6e6d8d96808675d68fa79cc8f20a1a89abf7ab99ac1711a79e43a7596dead85ae78f76005

[
  {
    "systemid": "d102e792-942d-442c-9d55-9f95e3a03f1c",
    "owner": "00000000-0000-0000-0000-000000000000",
    "storageid": "",
    "instore": true,
    "size": 0,
    "accesslevel": 0,
    "type": 1004,
    "media": 14,
    "added": "0001-01-01T00:00:00Z",
    "date": "2017-11-21T14:28:42Z",
    "name": "https://www.nytimes3xbfgragh.onion/2017/11/03/world/europe/spain-catalonia-puigdemont-warrant.html",
    "description": "",
    "xscore": 0,
    "simhash": 0,
    "bucket": "",
    "keyvalues": [
      {
        "key": "Title",
        "value": ""
      },
      {
        "key": "First Alive",
        "value": "2017-11-26 03:59:34"
      },
      {
        "key": "Last Alive",
        "value": "2022-01-03 21:09:27"
      }
    ],
    "tags": null,
    "relations": null
  }
]