cloudflare · Mar 13, 2025
diff --git a/‎.stats.yml
+1-1 b/‎.stats.yml
+1-1
diff --git a/‎api.md
+160 b/‎api.md
+160
diff --git a/‎cloudforce_one/cloudforceone.go
+5-3 b/‎cloudforce_one/cloudforceone.go
+5-3
diff --git a/‎cloudforce_one/threatevent.go
+510 b/‎cloudforce_one/threatevent.go
+510
diff --git a/‎cloudforce_one/threatevent_test.go
+204 b/‎cloudforce_one/threatevent_test.go
+204
diff --git a/‎cloudforce_one/threateventattacker.go
+84 b/‎cloudforce_one/threateventattacker.go
+84
diff --git a/‎cloudforce_one/threateventattacker_test.go
+37 b/‎cloudforce_one/threateventattacker_test.go
+37
diff --git a/‎cloudforce_one/threateventcategory.go
+245 b/‎cloudforce_one/threateventcategory.go
+245
diff --git a/‎cloudforce_one/threateventcategory_test.go
+157 b/‎cloudforce_one/threateventcategory_test.go
+157
diff --git a/‎cloudforce_one/threateventcountry.go
+86 b/‎cloudforce_one/threateventcountry.go
+86
diff --git a/‎cloudforce_one/threateventcountry_test.go
+37 b/‎cloudforce_one/threateventcountry_test.go
+37
diff --git a/‎cloudforce_one/threateventcron.go
+92 b/‎cloudforce_one/threateventcron.go
+92
diff --git a/‎cloudforce_one/threateventcron_test.go
+60 b/‎cloudforce_one/threateventcron_test.go
+60
diff --git a/‎cloudforce_one/threateventdataset.go
+245 b/‎cloudforce_one/threateventdataset.go
+245
diff --git a/‎cloudforce_one/threateventdataset_test.go
+154 b/‎cloudforce_one/threateventdataset_test.go
+154
diff --git a/‎cloudforce_one/threateventindicatortype.go
+84 b/‎cloudforce_one/threateventindicatortype.go
+84
diff --git a/‎cloudforce_one/threateventindicatortype_test.go
+37 b/‎cloudforce_one/threateventindicatortype_test.go
+37
diff --git a/‎cloudforce_one/threateventinsight.go
+312 b/‎cloudforce_one/threateventinsight.go
+312
diff --git a/‎cloudforce_one/threateventinsight_test.go
+132 b/‎cloudforce_one/threateventinsight_test.go
+132
diff --git a/‎cloudforce_one/threateventraw.go
+130 b/‎cloudforce_one/threateventraw.go
+130
diff --git a/‎cloudforce_one/threateventraw_test.go
+76 b/‎cloudforce_one/threateventraw_test.go
+76
diff --git a/‎cloudforce_one/threateventrelate.go
+164 b/‎cloudforce_one/threateventrelate.go
+164
diff --git a/‎cloudforce_one/threateventrelate_test.go
+72 b/‎cloudforce_one/threateventrelate_test.go
+72
diff --git a/‎cloudforce_one/threateventtag.go
+203 b/‎cloudforce_one/threateventtag.go
+203
diff --git a/‎cloudforce_one/threateventtag_test.go
+101 b/‎cloudforce_one/threateventtag_test.go
+101
diff --git a/‎cloudforce_one/threateventtargetindustry.go
+84 b/‎cloudforce_one/threateventtargetindustry.go
+84
diff --git a/‎cloudforce_one/threateventtargetindustry_test.go
+37 b/‎cloudforce_one/threateventtargetindustry_test.go
+37
@@ -1,2 +1,2 @@
-configured_endpoints: 1571
+configured_endpoints: 1603
 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-90e340b831573a4b2cb1327a72bdb7ac34d744f89ab29828978c0c3abcff1441.yml
@@ -13,9 +13,10 @@ import (
 // automatically. You should not instantiate this service directly, and instead use
 // the [NewCloudforceOneService] method instead.
 type CloudforceOneService struct {
-	Options  []option.RequestOption
-	Scans    *ScanService
-	Requests *RequestService
+	Options      []option.RequestOption
+	Scans        *ScanService
+	Requests     *RequestService
+	ThreatEvents *ThreatEventService
 }
 
 // NewCloudforceOneService generates a new service that applies the given options
@@ -26,5 +27,6 @@ func NewCloudforceOneService(opts ...option.RequestOption) (r *CloudforceOneServ
 	r.Options = opts
 	r.Scans = NewScanService(opts...)
 	r.Requests = NewRequestService(opts...)
+	r.ThreatEvents = NewThreatEventService(opts...)
 	return
 }
@@ -0,0 +1,204 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/cloudforce_one"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventNewWithOptionalParams(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.New(
+		context.TODO(),
+		0.000000,
+		cloudforce_one.ThreatEventNewParams{
+			Attacker:        cloudflare.F("Flying Yeti"),
+			AttackerCountry: cloudflare.F("CN"),
+			Category:        cloudflare.F("Domain Resolution"),
+			Date:            cloudflare.F(time.Now()),
+			Event:           cloudflare.F("An attacker registered the domain domain.com"),
+			IndicatorType:   cloudflare.F("domain"),
+			Raw: cloudflare.F(cloudforce_one.ThreatEventNewParamsRaw{
+				Data:   cloudflare.F[any](map[string]interface{}{}),
+				Source: cloudflare.F("example.com"),
+				TLP:    cloudflare.F("amber"),
+			}),
+			TLP:            cloudflare.F("amber"),
+			AccountID:      cloudflare.F(123456.000000),
+			DatasetID:      cloudflare.F("durableObjectName"),
+			Indicator:      cloudflare.F("domain.com"),
+			Tags:           cloudflare.F([]string{"malware"}),
+			TargetCountry:  cloudflare.F("US"),
+			TargetIndustry: cloudflare.F("Agriculture"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventUpdateWithOptionalParams(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Update(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		cloudforce_one.ThreatEventUpdateParams{
+			Attacker:        cloudflare.F("Flying Yeti"),
+			AttackerCountry: cloudflare.F("CN"),
+			Category:        cloudflare.F("Domain Resolution"),
+			Date:            cloudflare.F(time.Now()),
+			Event:           cloudflare.F("An attacker registered the domain domain.com"),
+			Indicator:       cloudflare.F("domain2.com"),
+			IndicatorType:   cloudflare.F("sha256"),
+			TargetCountry:   cloudflare.F("US"),
+			TargetIndustry:  cloudflare.F("Insurance"),
+			TLP:             cloudflare.F("amber"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventDelete(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Delete(
+		context.TODO(),
+		0.000000,
+		"eventId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventBulkNew(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.BulkNew(
+		context.TODO(),
+		0.000000,
+		cloudforce_one.ThreatEventBulkNewParams{
+			Data: cloudflare.F([]cloudforce_one.ThreatEventBulkNewParamsData{{
+				Attacker:        cloudflare.F("Flying Yeti"),
+				AttackerCountry: cloudflare.F("CN"),
+				Category:        cloudflare.F("Domain Resolution"),
+				Date:            cloudflare.F(time.Now()),
+				Event:           cloudflare.F("An attacker registered the domain domain.com"),
+				IndicatorType:   cloudflare.F("domain"),
+				Raw: cloudflare.F(cloudforce_one.ThreatEventBulkNewParamsDataRaw{
+					Data:   cloudflare.F[any](map[string]interface{}{}),
+					Source: cloudflare.F("example.com"),
+					TLP:    cloudflare.F("amber"),
+				}),
+				TLP:            cloudflare.F("amber"),
+				AccountID:      cloudflare.F(123456.000000),
+				DatasetID:      cloudflare.F("durableObjectName"),
+				Indicator:      cloudflare.F("domain.com"),
+				Tags:           cloudflare.F([]string{"malware"}),
+				TargetCountry:  cloudflare.F("US"),
+				TargetIndustry: cloudflare.F("Agriculture"),
+			}}),
+			DatasetID: cloudflare.F("durableObjectName"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventGet(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Get(
+		context.TODO(),
+		0.000000,
+		"eventId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,84 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventAttackerService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventAttackerService] method instead.
+type ThreatEventAttackerService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventAttackerService generates a new service that applies the given
+// options to each request. These options are applied after the parent client's
+// options (if there is one), and before any request-specific options.
+func NewThreatEventAttackerService(opts ...option.RequestOption) (r *ThreatEventAttackerService) {
+	r = &ThreatEventAttackerService{}
+	r.Options = opts
+	return
+}
+
+// Lists attackers
+func (r *ThreatEventAttackerService) List(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *ThreatEventAttackerListResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/attackers", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventAttackerListResponse struct {
+	Items ThreatEventAttackerListResponseItems `json:"items,required"`
+	Type  string                               `json:"type,required"`
+	JSON  threatEventAttackerListResponseJSON  `json:"-"`
+}
+
+// threatEventAttackerListResponseJSON contains the JSON metadata for the struct
+// [ThreatEventAttackerListResponse]
+type threatEventAttackerListResponseJSON struct {
+	Items       apijson.Field
+	Type        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventAttackerListResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventAttackerListResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventAttackerListResponseItems struct {
+	Type string                                   `json:"type,required"`
+	JSON threatEventAttackerListResponseItemsJSON `json:"-"`
+}
+
+// threatEventAttackerListResponseItemsJSON contains the JSON metadata for the
+// struct [ThreatEventAttackerListResponseItems]
+type threatEventAttackerListResponseItemsJSON struct {
+	Type        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventAttackerListResponseItems) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventAttackerListResponseItemsJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,37 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventAttackerList(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Attackers.List(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,245 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/param"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventCategoryService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventCategoryService] method instead.
+type ThreatEventCategoryService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventCategoryService generates a new service that applies the given
+// options to each request. These options are applied after the parent client's
+// options (if there is one), and before any request-specific options.
+func NewThreatEventCategoryService(opts ...option.RequestOption) (r *ThreatEventCategoryService) {
+	r = &ThreatEventCategoryService{}
+	r.Options = opts
+	return
+}
+
+// Creates a new category
+func (r *ThreatEventCategoryService) New(ctx context.Context, accountID float64, body ThreatEventCategoryNewParams, opts ...option.RequestOption) (res *ThreatEventCategoryNewResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/categories/create", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &res, opts...)
+	return
+}
+
+// Updates a category
+func (r *ThreatEventCategoryService) Update(ctx context.Context, accountID float64, categoryID string, body ThreatEventCategoryUpdateParams, opts ...option.RequestOption) (res *ThreatEventCategoryUpdateResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if categoryID == "" {
+		err = errors.New("missing required categoryId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/categories/%s", accountID, categoryID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &res, opts...)
+	return
+}
+
+// Lists categories
+func (r *ThreatEventCategoryService) List(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *[]ThreatEventCategoryListResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/categories", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+// Deletes a category
+func (r *ThreatEventCategoryService) Delete(ctx context.Context, accountID float64, categoryID string, opts ...option.RequestOption) (res *ThreatEventCategoryDeleteResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if categoryID == "" {
+		err = errors.New("missing required categoryId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/categories/%s", accountID, categoryID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodDelete, path, nil, &res, opts...)
+	return
+}
+
+// Reads a category
+func (r *ThreatEventCategoryService) Get(ctx context.Context, accountID float64, categoryID string, opts ...option.RequestOption) (res *ThreatEventCategoryGetResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if categoryID == "" {
+		err = errors.New("missing required categoryId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/categories/%s", accountID, categoryID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventCategoryNewResponse struct {
+	KillChain   float64                            `json:"killChain,required"`
+	Name        string                             `json:"name,required"`
+	UUID        string                             `json:"uuid,required"`
+	MitreAttack []string                           `json:"mitreAttack"`
+	Shortname   string                             `json:"shortname"`
+	JSON        threatEventCategoryNewResponseJSON `json:"-"`
+}
+
+// threatEventCategoryNewResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCategoryNewResponse]
+type threatEventCategoryNewResponseJSON struct {
+	KillChain   apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	MitreAttack apijson.Field
+	Shortname   apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCategoryNewResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCategoryNewResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventCategoryUpdateResponse struct {
+	KillChain   float64                               `json:"killChain,required"`
+	Name        string                                `json:"name,required"`
+	UUID        string                                `json:"uuid,required"`
+	MitreAttack []string                              `json:"mitreAttack"`
+	Shortname   string                                `json:"shortname"`
+	JSON        threatEventCategoryUpdateResponseJSON `json:"-"`
+}
+
+// threatEventCategoryUpdateResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCategoryUpdateResponse]
+type threatEventCategoryUpdateResponseJSON struct {
+	KillChain   apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	MitreAttack apijson.Field
+	Shortname   apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCategoryUpdateResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCategoryUpdateResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventCategoryListResponse struct {
+	KillChain   float64                             `json:"killChain,required"`
+	Name        string                              `json:"name,required"`
+	UUID        string                              `json:"uuid,required"`
+	MitreAttack []string                            `json:"mitreAttack"`
+	Shortname   string                              `json:"shortname"`
+	JSON        threatEventCategoryListResponseJSON `json:"-"`
+}
+
+// threatEventCategoryListResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCategoryListResponse]
+type threatEventCategoryListResponseJSON struct {
+	KillChain   apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	MitreAttack apijson.Field
+	Shortname   apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCategoryListResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCategoryListResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventCategoryDeleteResponse struct {
+	UUID string                                `json:"uuid,required"`
+	JSON threatEventCategoryDeleteResponseJSON `json:"-"`
+}
+
+// threatEventCategoryDeleteResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCategoryDeleteResponse]
+type threatEventCategoryDeleteResponseJSON struct {
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCategoryDeleteResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCategoryDeleteResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventCategoryGetResponse struct {
+	KillChain   float64                            `json:"killChain,required"`
+	Name        string                             `json:"name,required"`
+	UUID        string                             `json:"uuid,required"`
+	MitreAttack []string                           `json:"mitreAttack"`
+	Shortname   string                             `json:"shortname"`
+	JSON        threatEventCategoryGetResponseJSON `json:"-"`
+}
+
+// threatEventCategoryGetResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCategoryGetResponse]
+type threatEventCategoryGetResponseJSON struct {
+	KillChain   apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	MitreAttack apijson.Field
+	Shortname   apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCategoryGetResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCategoryGetResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventCategoryNewParams struct {
+	KillChain   param.Field[float64]  `json:"killChain,required"`
+	Name        param.Field[string]   `json:"name,required"`
+	MitreAttack param.Field[[]string] `json:"mitreAttack"`
+	Shortname   param.Field[string]   `json:"shortname"`
+}
+
+func (r ThreatEventCategoryNewParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
+type ThreatEventCategoryUpdateParams struct {
+	KillChain   param.Field[float64]  `json:"killChain"`
+	MitreAttack param.Field[[]string] `json:"mitreAttack"`
+	Name        param.Field[string]   `json:"name"`
+	Shortname   param.Field[string]   `json:"shortname"`
+}
+
+func (r ThreatEventCategoryUpdateParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
@@ -0,0 +1,157 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/cloudforce_one"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventCategoryNewWithOptionalParams(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Categories.New(
+		context.TODO(),
+		0.000000,
+		cloudforce_one.ThreatEventCategoryNewParams{
+			KillChain:   cloudflare.F(0.000000),
+			Name:        cloudflare.F("name"),
+			MitreAttack: cloudflare.F([]string{"T1234"}),
+			Shortname:   cloudflare.F("shortname"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventCategoryUpdateWithOptionalParams(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Categories.Update(
+		context.TODO(),
+		0.000000,
+		"categoryId",
+		cloudforce_one.ThreatEventCategoryUpdateParams{
+			KillChain:   cloudflare.F(0.000000),
+			MitreAttack: cloudflare.F([]string{"T1234"}),
+			Name:        cloudflare.F("name"),
+			Shortname:   cloudflare.F("shortname"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventCategoryList(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Categories.List(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventCategoryDelete(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Categories.Delete(
+		context.TODO(),
+		0.000000,
+		"categoryId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventCategoryGet(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Categories.Get(
+		context.TODO(),
+		0.000000,
+		"categoryId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,86 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventCountryService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventCountryService] method instead.
+type ThreatEventCountryService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventCountryService generates a new service that applies the given
+// options to each request. These options are applied after the parent client's
+// options (if there is one), and before any request-specific options.
+func NewThreatEventCountryService(opts ...option.RequestOption) (r *ThreatEventCountryService) {
+	r = &ThreatEventCountryService{}
+	r.Options = opts
+	return
+}
+
+// Retrieves countries information for all countries
+func (r *ThreatEventCountryService) List(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *[]ThreatEventCountryListResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/countries", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventCountryListResponse struct {
+	Result  []ThreatEventCountryListResponseResult `json:"result,required"`
+	Success string                                 `json:"success,required"`
+	JSON    threatEventCountryListResponseJSON     `json:"-"`
+}
+
+// threatEventCountryListResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCountryListResponse]
+type threatEventCountryListResponseJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCountryListResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCountryListResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventCountryListResponseResult struct {
+	Alpha3 string                                   `json:"alpha3,required"`
+	Name   string                                   `json:"name,required"`
+	JSON   threatEventCountryListResponseResultJSON `json:"-"`
+}
+
+// threatEventCountryListResponseResultJSON contains the JSON metadata for the
+// struct [ThreatEventCountryListResponseResult]
+type threatEventCountryListResponseResultJSON struct {
+	Alpha3      apijson.Field
+	Name        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCountryListResponseResult) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCountryListResponseResultJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,37 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventCountryList(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Countries.List(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,92 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventCronService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventCronService] method instead.
+type ThreatEventCronService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventCronService generates a new service that applies the given options
+// to each request. These options are applied after the parent client's options (if
+// there is one), and before any request-specific options.
+func NewThreatEventCronService(opts ...option.RequestOption) (r *ThreatEventCronService) {
+	r = &ThreatEventCronService{}
+	r.Options = opts
+	return
+}
+
+// Reads the last cron update time
+func (r *ThreatEventCronService) New(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *ThreatEventCronNewResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/cron", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, nil, &res, opts...)
+	return
+}
+
+// Reads the last cron update time
+func (r *ThreatEventCronService) List(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *ThreatEventCronListResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/cron", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventCronNewResponse struct {
+	ID     float64                        `json:"id,required"`
+	Update string                         `json:"update,required"`
+	JSON   threatEventCronNewResponseJSON `json:"-"`
+}
+
+// threatEventCronNewResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCronNewResponse]
+type threatEventCronNewResponseJSON struct {
+	ID          apijson.Field
+	Update      apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCronNewResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCronNewResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventCronListResponse struct {
+	Update string                          `json:"update,required"`
+	JSON   threatEventCronListResponseJSON `json:"-"`
+}
+
+// threatEventCronListResponseJSON contains the JSON metadata for the struct
+// [ThreatEventCronListResponse]
+type threatEventCronListResponseJSON struct {
+	Update      apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventCronListResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventCronListResponseJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,60 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventCronNew(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Cron.New(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventCronList(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Cron.List(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,245 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/param"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventDatasetService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventDatasetService] method instead.
+type ThreatEventDatasetService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventDatasetService generates a new service that applies the given
+// options to each request. These options are applied after the parent client's
+// options (if there is one), and before any request-specific options.
+func NewThreatEventDatasetService(opts ...option.RequestOption) (r *ThreatEventDatasetService) {
+	r = &ThreatEventDatasetService{}
+	r.Options = opts
+	return
+}
+
+// Creates a dataset
+func (r *ThreatEventDatasetService) New(ctx context.Context, accountID float64, body ThreatEventDatasetNewParams, opts ...option.RequestOption) (res *ThreatEventDatasetNewResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/dataset/create", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &res, opts...)
+	return
+}
+
+// Updates an existing dataset
+func (r *ThreatEventDatasetService) Update(ctx context.Context, accountID float64, datasetID string, body ThreatEventDatasetUpdateParams, opts ...option.RequestOption) (res *ThreatEventDatasetUpdateResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if datasetID == "" {
+		err = errors.New("missing required datasetId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/dataset/%s", accountID, datasetID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &res, opts...)
+	return
+}
+
+// Lists all datasets in an account
+func (r *ThreatEventDatasetService) List(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *[]ThreatEventDatasetListResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/dataset", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+// Reads a dataset
+func (r *ThreatEventDatasetService) Get(ctx context.Context, accountID float64, datasetID string, opts ...option.RequestOption) (res *ThreatEventDatasetGetResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if datasetID == "" {
+		err = errors.New("missing required datasetId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/dataset/%s", accountID, datasetID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+// Reads data for a raw event
+func (r *ThreatEventDatasetService) Raw(ctx context.Context, accountID float64, datasetID string, eventID string, opts ...option.RequestOption) (res *ThreatEventDatasetRawResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if datasetID == "" {
+		err = errors.New("missing required datasetId parameter")
+		return
+	}
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/raw/%s/%s", accountID, datasetID, eventID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventDatasetNewResponse struct {
+	IsPublic bool                              `json:"isPublic,required"`
+	Name     string                            `json:"name,required"`
+	UUID     string                            `json:"uuid,required"`
+	JSON     threatEventDatasetNewResponseJSON `json:"-"`
+}
+
+// threatEventDatasetNewResponseJSON contains the JSON metadata for the struct
+// [ThreatEventDatasetNewResponse]
+type threatEventDatasetNewResponseJSON struct {
+	IsPublic    apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventDatasetNewResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventDatasetNewResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventDatasetUpdateResponse struct {
+	IsPublic bool                                 `json:"isPublic,required"`
+	Name     string                               `json:"name,required"`
+	UUID     string                               `json:"uuid,required"`
+	JSON     threatEventDatasetUpdateResponseJSON `json:"-"`
+}
+
+// threatEventDatasetUpdateResponseJSON contains the JSON metadata for the struct
+// [ThreatEventDatasetUpdateResponse]
+type threatEventDatasetUpdateResponseJSON struct {
+	IsPublic    apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventDatasetUpdateResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventDatasetUpdateResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventDatasetListResponse struct {
+	IsPublic bool                               `json:"isPublic,required"`
+	Name     string                             `json:"name,required"`
+	UUID     string                             `json:"uuid,required"`
+	JSON     threatEventDatasetListResponseJSON `json:"-"`
+}
+
+// threatEventDatasetListResponseJSON contains the JSON metadata for the struct
+// [ThreatEventDatasetListResponse]
+type threatEventDatasetListResponseJSON struct {
+	IsPublic    apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventDatasetListResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventDatasetListResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventDatasetGetResponse struct {
+	IsPublic bool                              `json:"isPublic,required"`
+	Name     string                            `json:"name,required"`
+	UUID     string                            `json:"uuid,required"`
+	JSON     threatEventDatasetGetResponseJSON `json:"-"`
+}
+
+// threatEventDatasetGetResponseJSON contains the JSON metadata for the struct
+// [ThreatEventDatasetGetResponse]
+type threatEventDatasetGetResponseJSON struct {
+	IsPublic    apijson.Field
+	Name        apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventDatasetGetResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventDatasetGetResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventDatasetRawResponse struct {
+	ID        string                            `json:"id,required"`
+	AccountID float64                           `json:"accountId,required"`
+	Created   string                            `json:"created,required"`
+	Data      interface{}                       `json:"data,required"`
+	Source    string                            `json:"source,required"`
+	TLP       string                            `json:"tlp,required"`
+	JSON      threatEventDatasetRawResponseJSON `json:"-"`
+}
+
+// threatEventDatasetRawResponseJSON contains the JSON metadata for the struct
+// [ThreatEventDatasetRawResponse]
+type threatEventDatasetRawResponseJSON struct {
+	ID          apijson.Field
+	AccountID   apijson.Field
+	Created     apijson.Field
+	Data        apijson.Field
+	Source      apijson.Field
+	TLP         apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventDatasetRawResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventDatasetRawResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventDatasetNewParams struct {
+	// If true, then anyone can search the dataset. If false, then its limited to the
+	// account.
+	IsPublic param.Field[bool] `json:"isPublic,required"`
+	// Used to describe the dataset within the account context
+	Name param.Field[string] `json:"name,required"`
+}
+
+func (r ThreatEventDatasetNewParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
+type ThreatEventDatasetUpdateParams struct {
+	// If true, then anyone can search the dataset. If false, then its limited to the
+	// account.
+	IsPublic param.Field[bool] `json:"isPublic,required"`
+	// Used to describe the dataset within the account context
+	Name param.Field[string] `json:"name,required"`
+}
+
+func (r ThreatEventDatasetUpdateParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
@@ -0,0 +1,154 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/cloudforce_one"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventDatasetNew(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Dataset.New(
+		context.TODO(),
+		0.000000,
+		cloudforce_one.ThreatEventDatasetNewParams{
+			IsPublic: cloudflare.F(true),
+			Name:     cloudflare.F("x"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventDatasetUpdate(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Dataset.Update(
+		context.TODO(),
+		0.000000,
+		"datasetId",
+		cloudforce_one.ThreatEventDatasetUpdateParams{
+			IsPublic: cloudflare.F(true),
+			Name:     cloudflare.F("x"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventDatasetList(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Dataset.List(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventDatasetGet(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Dataset.Get(
+		context.TODO(),
+		0.000000,
+		"datasetId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventDatasetRaw(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Dataset.Raw(
+		context.TODO(),
+		0.000000,
+		"datasetId",
+		"eventId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,84 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventIndicatorTypeService contains methods and other services that help
+// with interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventIndicatorTypeService] method instead.
+type ThreatEventIndicatorTypeService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventIndicatorTypeService generates a new service that applies the
+// given options to each request. These options are applied after the parent
+// client's options (if there is one), and before any request-specific options.
+func NewThreatEventIndicatorTypeService(opts ...option.RequestOption) (r *ThreatEventIndicatorTypeService) {
+	r = &ThreatEventIndicatorTypeService{}
+	r.Options = opts
+	return
+}
+
+// Lists all indicator types
+func (r *ThreatEventIndicatorTypeService) List(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *ThreatEventIndicatorTypeListResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/indicatorTypes", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventIndicatorTypeListResponse struct {
+	Items ThreatEventIndicatorTypeListResponseItems `json:"items,required"`
+	Type  string                                    `json:"type,required"`
+	JSON  threatEventIndicatorTypeListResponseJSON  `json:"-"`
+}
+
+// threatEventIndicatorTypeListResponseJSON contains the JSON metadata for the
+// struct [ThreatEventIndicatorTypeListResponse]
+type threatEventIndicatorTypeListResponseJSON struct {
+	Items       apijson.Field
+	Type        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventIndicatorTypeListResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventIndicatorTypeListResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventIndicatorTypeListResponseItems struct {
+	Type string                                        `json:"type,required"`
+	JSON threatEventIndicatorTypeListResponseItemsJSON `json:"-"`
+}
+
+// threatEventIndicatorTypeListResponseItemsJSON contains the JSON metadata for the
+// struct [ThreatEventIndicatorTypeListResponseItems]
+type threatEventIndicatorTypeListResponseItemsJSON struct {
+	Type        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventIndicatorTypeListResponseItems) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventIndicatorTypeListResponseItemsJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,37 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventIndicatorTypeList(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.IndicatorTypes.List(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,312 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/param"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventInsightService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventInsightService] method instead.
+type ThreatEventInsightService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventInsightService generates a new service that applies the given
+// options to each request. These options are applied after the parent client's
+// options (if there is one), and before any request-specific options.
+func NewThreatEventInsightService(opts ...option.RequestOption) (r *ThreatEventInsightService) {
+	r = &ThreatEventInsightService{}
+	r.Options = opts
+	return
+}
+
+// Updates an event insight
+func (r *ThreatEventInsightService) Update(ctx context.Context, accountID float64, eventID string, insightID string, body ThreatEventInsightUpdateParams, opts ...option.RequestOption) (res *ThreatEventInsightUpdateResponse, err error) {
+	var env ThreatEventInsightUpdateResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	if insightID == "" {
+		err = errors.New("missing required insightId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/%s/insight/%s", accountID, eventID, insightID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+// Deletes an event insight
+func (r *ThreatEventInsightService) Delete(ctx context.Context, accountID float64, eventID string, insightID string, opts ...option.RequestOption) (res *ThreatEventInsightDeleteResponse, err error) {
+	var env ThreatEventInsightDeleteResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	if insightID == "" {
+		err = errors.New("missing required insightId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/%s/insight/%s", accountID, eventID, insightID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodDelete, path, nil, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+// Adds an insight to an event
+func (r *ThreatEventInsightService) Creat(ctx context.Context, accountID float64, eventID string, body ThreatEventInsightCreatParams, opts ...option.RequestOption) (res *ThreatEventInsightCreatResponse, err error) {
+	var env ThreatEventInsightCreatResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/%s/insight/create", accountID, eventID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+// Reads an event insight
+func (r *ThreatEventInsightService) Get(ctx context.Context, accountID float64, eventID string, insightID string, opts ...option.RequestOption) (res *ThreatEventInsightGetResponse, err error) {
+	var env ThreatEventInsightGetResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	if insightID == "" {
+		err = errors.New("missing required insightId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/%s/insight/%s", accountID, eventID, insightID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+type ThreatEventInsightUpdateResponse struct {
+	Content string                               `json:"content,required"`
+	UUID    string                               `json:"uuid,required"`
+	JSON    threatEventInsightUpdateResponseJSON `json:"-"`
+}
+
+// threatEventInsightUpdateResponseJSON contains the JSON metadata for the struct
+// [ThreatEventInsightUpdateResponse]
+type threatEventInsightUpdateResponseJSON struct {
+	Content     apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightUpdateResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightUpdateResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventInsightDeleteResponse struct {
+	Success bool                                 `json:"success,required"`
+	JSON    threatEventInsightDeleteResponseJSON `json:"-"`
+}
+
+// threatEventInsightDeleteResponseJSON contains the JSON metadata for the struct
+// [ThreatEventInsightDeleteResponse]
+type threatEventInsightDeleteResponseJSON struct {
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightDeleteResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightDeleteResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventInsightCreatResponse struct {
+	Content string                              `json:"content,required"`
+	UUID    string                              `json:"uuid,required"`
+	JSON    threatEventInsightCreatResponseJSON `json:"-"`
+}
+
+// threatEventInsightCreatResponseJSON contains the JSON metadata for the struct
+// [ThreatEventInsightCreatResponse]
+type threatEventInsightCreatResponseJSON struct {
+	Content     apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightCreatResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightCreatResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventInsightGetResponse struct {
+	Content string                            `json:"content,required"`
+	UUID    string                            `json:"uuid,required"`
+	JSON    threatEventInsightGetResponseJSON `json:"-"`
+}
+
+// threatEventInsightGetResponseJSON contains the JSON metadata for the struct
+// [ThreatEventInsightGetResponse]
+type threatEventInsightGetResponseJSON struct {
+	Content     apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightGetResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightGetResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventInsightUpdateParams struct {
+	Content param.Field[string] `json:"content,required"`
+}
+
+func (r ThreatEventInsightUpdateParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
+type ThreatEventInsightUpdateResponseEnvelope struct {
+	Result  ThreatEventInsightUpdateResponse             `json:"result,required"`
+	Success bool                                         `json:"success,required"`
+	JSON    threatEventInsightUpdateResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventInsightUpdateResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventInsightUpdateResponseEnvelope]
+type threatEventInsightUpdateResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightUpdateResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightUpdateResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventInsightDeleteResponseEnvelope struct {
+	Result  ThreatEventInsightDeleteResponse             `json:"result,required"`
+	Success bool                                         `json:"success,required"`
+	JSON    threatEventInsightDeleteResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventInsightDeleteResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventInsightDeleteResponseEnvelope]
+type threatEventInsightDeleteResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightDeleteResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightDeleteResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventInsightCreatParams struct {
+	Content param.Field[string] `json:"content,required"`
+}
+
+func (r ThreatEventInsightCreatParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
+type ThreatEventInsightCreatResponseEnvelope struct {
+	Result  ThreatEventInsightCreatResponse             `json:"result,required"`
+	Success bool                                        `json:"success,required"`
+	JSON    threatEventInsightCreatResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventInsightCreatResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventInsightCreatResponseEnvelope]
+type threatEventInsightCreatResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightCreatResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightCreatResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventInsightGetResponseEnvelope struct {
+	Result  ThreatEventInsightGetResponse             `json:"result,required"`
+	Success bool                                      `json:"success,required"`
+	JSON    threatEventInsightGetResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventInsightGetResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventInsightGetResponseEnvelope]
+type threatEventInsightGetResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventInsightGetResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventInsightGetResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,132 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/cloudforce_one"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventInsightUpdate(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Insight.Update(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		"insightId",
+		cloudforce_one.ThreatEventInsightUpdateParams{
+			Content: cloudflare.F("Updated: Here is some additional context _in markdown_"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventInsightDelete(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Insight.Delete(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		"insightId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventInsightCreat(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Insight.Creat(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		cloudforce_one.ThreatEventInsightCreatParams{
+			Content: cloudflare.F("Here is some additional context _in markdown_"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventInsightGet(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Insight.Get(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		"insightId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,130 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/param"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventRawService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventRawService] method instead.
+type ThreatEventRawService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventRawService generates a new service that applies the given options
+// to each request. These options are applied after the parent client's options (if
+// there is one), and before any request-specific options.
+func NewThreatEventRawService(opts ...option.RequestOption) (r *ThreatEventRawService) {
+	r = &ThreatEventRawService{}
+	r.Options = opts
+	return
+}
+
+// Updates a raw event
+func (r *ThreatEventRawService) Update(ctx context.Context, accountID float64, eventID string, rawID string, body ThreatEventRawUpdateParams, opts ...option.RequestOption) (res *ThreatEventRawUpdateResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	if rawID == "" {
+		err = errors.New("missing required rawId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/%s/raw/%s", accountID, eventID, rawID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &res, opts...)
+	return
+}
+
+// Reads data for a raw event
+func (r *ThreatEventRawService) Get(ctx context.Context, accountID float64, eventID string, rawID string, opts ...option.RequestOption) (res *ThreatEventRawGetResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	if rawID == "" {
+		err = errors.New("missing required rawId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/%s/raw/%s", accountID, eventID, rawID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventRawUpdateResponse struct {
+	ID   string                           `json:"id,required"`
+	Data interface{}                      `json:"data,required"`
+	JSON threatEventRawUpdateResponseJSON `json:"-"`
+}
+
+// threatEventRawUpdateResponseJSON contains the JSON metadata for the struct
+// [ThreatEventRawUpdateResponse]
+type threatEventRawUpdateResponseJSON struct {
+	ID          apijson.Field
+	Data        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventRawUpdateResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventRawUpdateResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventRawGetResponse struct {
+	ID        string                        `json:"id,required"`
+	AccountID float64                       `json:"accountId,required"`
+	Created   string                        `json:"created,required"`
+	Data      interface{}                   `json:"data,required"`
+	Source    string                        `json:"source,required"`
+	TLP       string                        `json:"tlp,required"`
+	JSON      threatEventRawGetResponseJSON `json:"-"`
+}
+
+// threatEventRawGetResponseJSON contains the JSON metadata for the struct
+// [ThreatEventRawGetResponse]
+type threatEventRawGetResponseJSON struct {
+	ID          apijson.Field
+	AccountID   apijson.Field
+	Created     apijson.Field
+	Data        apijson.Field
+	Source      apijson.Field
+	TLP         apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventRawGetResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventRawGetResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventRawUpdateParams struct {
+	Data   param.Field[interface{}] `json:"data"`
+	Source param.Field[string]      `json:"source"`
+	TLP    param.Field[string]      `json:"tlp"`
+}
+
+func (r ThreatEventRawUpdateParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
@@ -0,0 +1,76 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/cloudforce_one"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventRawUpdateWithOptionalParams(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Raw.Update(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		"rawId",
+		cloudforce_one.ThreatEventRawUpdateParams{
+			Data:   cloudflare.F[any](map[string]interface{}{}),
+			Source: cloudflare.F("example.com"),
+			TLP:    cloudflare.F("amber"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventRawGet(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Raw.Get(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		"rawId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,164 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/param"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventRelateService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventRelateService] method instead.
+type ThreatEventRelateService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventRelateService generates a new service that applies the given
+// options to each request. These options are applied after the parent client's
+// options (if there is one), and before any request-specific options.
+func NewThreatEventRelateService(opts ...option.RequestOption) (r *ThreatEventRelateService) {
+	r = &ThreatEventRelateService{}
+	r.Options = opts
+	return
+}
+
+// Creates event references for a event
+func (r *ThreatEventRelateService) Update(ctx context.Context, accountID float64, eventID string, body ThreatEventRelateUpdateParams, opts ...option.RequestOption) (res *ThreatEventRelateUpdateResponse, err error) {
+	var env ThreatEventRelateUpdateResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/relate/%s", accountID, eventID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+// Removes an event refence
+func (r *ThreatEventRelateService) Delete(ctx context.Context, accountID float64, eventID string, opts ...option.RequestOption) (res *ThreatEventRelateDeleteResponse, err error) {
+	var env ThreatEventRelateDeleteResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/relate/%s", accountID, eventID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodDelete, path, nil, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+type ThreatEventRelateUpdateResponse struct {
+	Success bool                                `json:"success,required"`
+	JSON    threatEventRelateUpdateResponseJSON `json:"-"`
+}
+
+// threatEventRelateUpdateResponseJSON contains the JSON metadata for the struct
+// [ThreatEventRelateUpdateResponse]
+type threatEventRelateUpdateResponseJSON struct {
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventRelateUpdateResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventRelateUpdateResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventRelateDeleteResponse struct {
+	Success bool                                `json:"success,required"`
+	JSON    threatEventRelateDeleteResponseJSON `json:"-"`
+}
+
+// threatEventRelateDeleteResponseJSON contains the JSON metadata for the struct
+// [ThreatEventRelateDeleteResponse]
+type threatEventRelateDeleteResponseJSON struct {
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventRelateDeleteResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventRelateDeleteResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventRelateUpdateParams struct {
+	Events param.Field[[]string] `json:"events,required"`
+}
+
+func (r ThreatEventRelateUpdateParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
+type ThreatEventRelateUpdateResponseEnvelope struct {
+	Result  ThreatEventRelateUpdateResponse             `json:"result,required"`
+	Success bool                                        `json:"success,required"`
+	JSON    threatEventRelateUpdateResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventRelateUpdateResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventRelateUpdateResponseEnvelope]
+type threatEventRelateUpdateResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventRelateUpdateResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventRelateUpdateResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventRelateDeleteResponseEnvelope struct {
+	Result  ThreatEventRelateDeleteResponse             `json:"result,required"`
+	Success bool                                        `json:"success,required"`
+	JSON    threatEventRelateDeleteResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventRelateDeleteResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventRelateDeleteResponseEnvelope]
+type threatEventRelateDeleteResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventRelateDeleteResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventRelateDeleteResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,72 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/cloudforce_one"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventRelateUpdate(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Relate.Update(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		cloudforce_one.ThreatEventRelateUpdateParams{
+			Events: cloudflare.F([]string{"88888888-4444-4444-4444-121212121212"}),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventRelateDelete(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Relate.Delete(
+		context.TODO(),
+		0.000000,
+		"eventId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,203 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/param"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventTagService contains methods and other services that help with
+// interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventTagService] method instead.
+type ThreatEventTagService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventTagService generates a new service that applies the given options
+// to each request. These options are applied after the parent client's options (if
+// there is one), and before any request-specific options.
+func NewThreatEventTagService(opts ...option.RequestOption) (r *ThreatEventTagService) {
+	r = &ThreatEventTagService{}
+	r.Options = opts
+	return
+}
+
+// Creates a new tag
+func (r *ThreatEventTagService) New(ctx context.Context, accountID float64, body ThreatEventTagNewParams, opts ...option.RequestOption) (res *ThreatEventTagNewResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/tags/create", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &res, opts...)
+	return
+}
+
+// Adds a tag to an event
+func (r *ThreatEventTagService) Update(ctx context.Context, accountID float64, eventID string, body ThreatEventTagUpdateParams, opts ...option.RequestOption) (res *ThreatEventTagUpdateResponse, err error) {
+	var env ThreatEventTagUpdateResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/tag/%s", accountID, eventID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, body, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+// Removes a tag from an event
+func (r *ThreatEventTagService) Delete(ctx context.Context, accountID float64, eventID string, opts ...option.RequestOption) (res *ThreatEventTagDeleteResponse, err error) {
+	var env ThreatEventTagDeleteResponseEnvelope
+	opts = append(r.Options[:], opts...)
+	if eventID == "" {
+		err = errors.New("missing required eventId parameter")
+		return
+	}
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/tag/%s", accountID, eventID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodDelete, path, nil, &env, opts...)
+	if err != nil {
+		return
+	}
+	res = &env.Result
+	return
+}
+
+type ThreatEventTagNewResponse struct {
+	Name string                        `json:"name,required"`
+	UUID string                        `json:"uuid,required"`
+	JSON threatEventTagNewResponseJSON `json:"-"`
+}
+
+// threatEventTagNewResponseJSON contains the JSON metadata for the struct
+// [ThreatEventTagNewResponse]
+type threatEventTagNewResponseJSON struct {
+	Name        apijson.Field
+	UUID        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventTagNewResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventTagNewResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventTagUpdateResponse struct {
+	Success bool                             `json:"success,required"`
+	JSON    threatEventTagUpdateResponseJSON `json:"-"`
+}
+
+// threatEventTagUpdateResponseJSON contains the JSON metadata for the struct
+// [ThreatEventTagUpdateResponse]
+type threatEventTagUpdateResponseJSON struct {
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventTagUpdateResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventTagUpdateResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventTagDeleteResponse struct {
+	Success bool                             `json:"success,required"`
+	JSON    threatEventTagDeleteResponseJSON `json:"-"`
+}
+
+// threatEventTagDeleteResponseJSON contains the JSON metadata for the struct
+// [ThreatEventTagDeleteResponse]
+type threatEventTagDeleteResponseJSON struct {
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventTagDeleteResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventTagDeleteResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventTagNewParams struct {
+	Name param.Field[string] `json:"name,required"`
+}
+
+func (r ThreatEventTagNewParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
+type ThreatEventTagUpdateParams struct {
+	Tags param.Field[[]string] `json:"tags,required"`
+}
+
+func (r ThreatEventTagUpdateParams) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
+type ThreatEventTagUpdateResponseEnvelope struct {
+	Result  ThreatEventTagUpdateResponse             `json:"result,required"`
+	Success bool                                     `json:"success,required"`
+	JSON    threatEventTagUpdateResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventTagUpdateResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventTagUpdateResponseEnvelope]
+type threatEventTagUpdateResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventTagUpdateResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventTagUpdateResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventTagDeleteResponseEnvelope struct {
+	Result  ThreatEventTagDeleteResponse             `json:"result,required"`
+	Success bool                                     `json:"success,required"`
+	JSON    threatEventTagDeleteResponseEnvelopeJSON `json:"-"`
+}
+
+// threatEventTagDeleteResponseEnvelopeJSON contains the JSON metadata for the
+// struct [ThreatEventTagDeleteResponseEnvelope]
+type threatEventTagDeleteResponseEnvelopeJSON struct {
+	Result      apijson.Field
+	Success     apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventTagDeleteResponseEnvelope) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventTagDeleteResponseEnvelopeJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,101 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/cloudforce_one"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventTagNew(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Tags.New(
+		context.TODO(),
+		0.000000,
+		cloudforce_one.ThreatEventTagNewParams{
+			Name: cloudflare.F("name"),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventTagUpdate(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Tags.Update(
+		context.TODO(),
+		0.000000,
+		"eventId",
+		cloudforce_one.ThreatEventTagUpdateParams{
+			Tags: cloudflare.F([]string{"botnet"}),
+		},
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
+
+func TestThreatEventTagDelete(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.Tags.Delete(
+		context.TODO(),
+		0.000000,
+		"eventId",
+	)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
@@ -0,0 +1,84 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v4/internal/apijson"
+	"github.com/cloudflare/cloudflare-go/v4/internal/requestconfig"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+// ThreatEventTargetIndustryService contains methods and other services that help
+// with interacting with the cloudflare API.
+//
+// Note, unlike clients, this service does not read variables from the environment
+// automatically. You should not instantiate this service directly, and instead use
+// the [NewThreatEventTargetIndustryService] method instead.
+type ThreatEventTargetIndustryService struct {
+	Options []option.RequestOption
+}
+
+// NewThreatEventTargetIndustryService generates a new service that applies the
+// given options to each request. These options are applied after the parent
+// client's options (if there is one), and before any request-specific options.
+func NewThreatEventTargetIndustryService(opts ...option.RequestOption) (r *ThreatEventTargetIndustryService) {
+	r = &ThreatEventTargetIndustryService{}
+	r.Options = opts
+	return
+}
+
+// Lists all target industries
+func (r *ThreatEventTargetIndustryService) List(ctx context.Context, accountID float64, opts ...option.RequestOption) (res *ThreatEventTargetIndustryListResponse, err error) {
+	opts = append(r.Options[:], opts...)
+	path := fmt.Sprintf("accounts/%v/cloudforce-one/events/targetIndustries", accountID)
+	err = requestconfig.ExecuteNewRequest(ctx, http.MethodGet, path, nil, &res, opts...)
+	return
+}
+
+type ThreatEventTargetIndustryListResponse struct {
+	Items ThreatEventTargetIndustryListResponseItems `json:"items,required"`
+	Type  string                                     `json:"type,required"`
+	JSON  threatEventTargetIndustryListResponseJSON  `json:"-"`
+}
+
+// threatEventTargetIndustryListResponseJSON contains the JSON metadata for the
+// struct [ThreatEventTargetIndustryListResponse]
+type threatEventTargetIndustryListResponseJSON struct {
+	Items       apijson.Field
+	Type        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventTargetIndustryListResponse) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventTargetIndustryListResponseJSON) RawJSON() string {
+	return r.raw
+}
+
+type ThreatEventTargetIndustryListResponseItems struct {
+	Type string                                         `json:"type,required"`
+	JSON threatEventTargetIndustryListResponseItemsJSON `json:"-"`
+}
+
+// threatEventTargetIndustryListResponseItemsJSON contains the JSON metadata for
+// the struct [ThreatEventTargetIndustryListResponseItems]
+type threatEventTargetIndustryListResponseItemsJSON struct {
+	Type        apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *ThreatEventTargetIndustryListResponseItems) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r threatEventTargetIndustryListResponseItemsJSON) RawJSON() string {
+	return r.raw
+}
@@ -0,0 +1,37 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package cloudforce_one_test
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/cloudflare-go/v4"
+	"github.com/cloudflare/cloudflare-go/v4/internal/testutil"
+	"github.com/cloudflare/cloudflare-go/v4/option"
+)
+
+func TestThreatEventTargetIndustryList(t *testing.T) {
+	baseURL := "http://localhost:4010"
+	if envURL, ok := os.LookupEnv("TEST_API_BASE_URL"); ok {
+		baseURL = envURL
+	}
+	if !testutil.CheckTestServer(t, baseURL) {
+		return
+	}
+	client := cloudflare.NewClient(
+		option.WithBaseURL(baseURL),
+		option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
+		option.WithAPIEmail("user@example.com"),
+	)
+	_, err := client.CloudforceOne.ThreatEvents.TargetIndustries.List(context.TODO(), 0.000000)
+	if err != nil {
+		var apierr *cloudflare.Error
+		if errors.As(err, &apierr) {
+			t.Log(string(apierr.DumpRequest(true)))
+		}
+		t.Fatalf("err should be nil: %s", err.Error())
+	}
+}
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-configured_endpoints: 1571`
	`1`	`+configured_endpoints: 1603`
`2`	`2`	`openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-90e340b831573a4b2cb1327a72bdb7ac34d744f89ab29828978c0c3abcff1441.yml`