Archive Exports provides access to historical threat intelligence data for domains and IP addresses associated with specific campaigns, threat actors, and past incidents.
It is ideal for tracking the evolution of threat campaigns, identifying recurring patterns, conducting forensic analysis, and maintaining a long-term audit trail. By preserving historical data, organizations can build a robust knowledge base to strengthen future threat detection and response strategies.
How to Access Archive Export
From the navigation menu, select Defend > Data Export.
Click the Category button at the top of the page
Select Archive Exports
Export Options
1. Automate Export (Recommended for recurring access)
Locate the desired archive feed
Click Automate Export
Choose your preferred file type (CSV is most common)
Copy the API Endpoint (valid for 3 hours)
Use the provided cURL, Python, or PHP code snippets to integrate into your automation scripts or security tools
2. Manual Download
Locate the desired archive feed
Click Download File
Select the required file type
Click Download to save the file locally
Use Cases
Analyzing the historical behavior of specific threat actors
Tracking how phishing, malware, or C2 infrastructure has evolved over time
Building long-term intelligence databases for research and reporting
Supporting compliance audits and incident investigations