Telemetry & Threat Intel

Submit security events from agents and fetch the global threat intelligence feed.

Telemetry & Threat Intel

Submit security events from agents and fetch the global threat intelligence feed.

POST/v1/telemetryAPI Key

Submit security events (always 202)

GET/v1/threat-intelAPI Key

Fetch global IP blocklist

Submit event

POST /v1/telemetry
Authorization: Bearer navil_live_abc123...

{
  "agent_id": "worker-3",
  "events": [{
    "type": "prompt_injection",
    "data": {
      "action": "blocked",
      "payload": "ignore previous..."
    }
  }]
}

Response (202)

{ "status": "accepted" }

Event Types

The telemetry endpoint accepts any event type. Common types include:

Type	Description
prompt_injection	Detected prompt injection attempt
rate_limit_exceeded	Agent exceeded rate limits
data_exfiltration	Suspected data exfiltration attempt
privilege_escalation	Agent attempted unauthorized access
anomaly_detected	Statistical anomaly in agent behavior

Threat Intelligence Feed

The threat intel endpoint returns the current global IP blocklist, aggregated from all participating Navil nodes. Data is anonymized using HMAC hashing with no PII included.

Fetch threat intel

curl -H "Authorization: Bearer navil_live_abc123..." \
  https://api.navil.ai/v1/threat-intel

Authentication

API Keys

Telemetry & Threat Intel

Submit security events from agents and fetch the global threat intelligence feed.