JSON and CSV export options
JSON and CSV exports help professional users ingest tracker events into internal systems.
Use exports when you need to:
- archive new events
- feed a SIEM, SOAR, TIP, or case-management system
- compare eCrime.ch events with internal exposure lists
- build recurring reports
- trigger internal review workflows
Authentication
Section titled “Authentication”Exports use the API key from your profile settings.
X-API-Key: <your-api-key>Keep the key server-side and do not embed it in public scripts, shared notebooks, or screenshots.
Time Windows
Section titled “Time Windows”Export views support practical time ranges such as recent hours, today, yesterday, this month, and last month. For reliable automation, poll on a schedule and store the last successful run time in your own system.
JSON Export
Section titled “JSON Export”JSON is best for integrations that preserve field names and nested data.
Typical event fields include:
- event ID
- first seen and last seen timestamps
- leak site and leak URL
- actor or leak title
- country and sector
- company name and website
- employee range
- keyword match status
- duplicate status
- leaked-data status and timestamp
Leaked Data Fields
Section titled “Leaked Data Fields”Exports can include two fields related to leaked-data observations:
data_leakis true when leaked data was observed, or when the event claim changed to a leaked-data status at some point.data_leak_seenis the timestamp for when that leaked-data status was observed after the event was already being tracked.
data_leak_seen can be empty even when data_leak is true. This usually means the event was already in a leaked-data state when eCrime.ch first observed it, so there was no later transition timestamp to record. It does not necessarily mean that a leak was only threatened, or that no publication evidence existed.
For a simple “did this firm experience a data leak?” indicator, use data_leak. Use data_leak_seen when you specifically need the timestamp of a leaked-data observation or status change, and treat empty values as “no separate transition timestamp recorded” rather than as “no leak.”
Historical records from 2020 and 2021 should be interpreted with extra care, because leak-site date coverage and platform data quality were less consistent in the earlier years than they are now.
CSV Export
Section titled “CSV Export”CSV is useful for spreadsheets, reporting, and simple ingestion jobs. It contains the core dashboard fields in tabular form.
Daily CSV Report by Email
Section titled “Daily CSV Report by Email”The API returns event data but does not send email directly. A scheduled script can:
- request events first seen during the last 24 hours
- convert the returned event objects to CSV
- send the CSV as an attachment through your SMTP server
The script is available in the public eCrime.ch API examples repository:
See API Examples for all published examples and the repository support policy.
The script reads its API and mail settings from environment variables:
export ECRIME_API_KEY="your-api-key"export SMTP_HOST="smtp.example.com"export SMTP_PORT="587"export SMTP_USER="reports@example.com"export SMTP_PASSWORD="your-smtp-password"export MAIL_FROM="reports@example.com"export MAIL_TO="recipient@example.com"Test the API request and CSV generation without sending email:
python3 ecrime_daily_csv_email.py --dry-run report.csvSend the report:
python3 ecrime_daily_csv_email.pyFor daily delivery at 08:00, add a cron entry such as:
0 8 * * * /usr/bin/python3 /path/to/ecrime_daily_csv_email.pyKeep the API key and SMTP credentials outside the script and restrict access to the environment or configuration that contains them.
If your integration needs richer intelligence, use the API endpoints for search, file search, torrent intelligence, or event detail records where available.