Versions Compared

Version Old Version 1 New Version 2
Changes made by

Gary Leicht

Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

All Python examples provided in this guide were scripted using Python 3.0.


How do I search all my data? 

To search all data shared with you use the Info API provided by the Admin Service. Do note that this API call includes historical threat data in addition to current threats.

python


#note: install the 'requests' library first:
#pip install -U requests
import requests

#note: replace this api_key value with your api key!
api_key = 'INSERT_YOUR_API_KEY_HERE'
api_endpoint = 'https://csp.infoblox.com'
api_path = '/tide/api/data/threats/'
batch_id = 'cebf7300feaf7y40-9e1f9e1e-11eb1evd-89438723-6962d4bdf9de6961d4beg9xn'
url = '%s%s%s' % (api_endpoint,api_path)
parameters = {‘rlimit’: 10, ‘property’: ‘phishing_generic’, ‘type’: ‘host’}

r = requests.get(url, headers={"Authorization": "Token "+api_key}, 
params=parameters, verify=True)
print(r.status_code)
print(r.json())


Sample result


200

{u'status': u'success', u'code': 0, u'data': [u'InfobloxYourOrganization']}


curl


curl -X GET 'https://csp.infoblox.com/tide/api/data/threats?rlimit=2' -H 'Authorization: Token <CSP API key>'


Sample result


{ 
    "threat": [
    { 
    "id": "2e2dc1317esdx131-f68efxie-11e91157-a628a66w-679f316f9ffd679wr16f7ghd9", 
    "type": "HOST", 
    "host": "go0gie.com", 
    "domain": "go0gie.com", 
    "tld": "com", 
    "profile": "IID",
    "property": "APT_MalwareC2", 
    "class": "APT", 
    "threat_level": 100, 
    "detected": "2019-04-17T21:02:54.385Z", 
    "received": "2019-10-24T18:43:33.204Z", 
    "imported": "2019-10-24T18:43:33.204Z",
    "expiration": "2021-04-17T21:02:54.385Z", 
    "dga": false, 
    "up": true, 
    "batch_id": "2e2d9a202e7d8c2c-f68efcse-11e911et-a628ah54-679f316f9ffd666j316fk87d", 
    "threat_score": 10, 
    "threat_score_rating": "Critical", 
    "threat_score_vector":
"TSIS:1.0/AV:N/AC:L/PR:L/UI:N/EX:H/MOD:H/AVL:L/CI:H/ASN:H/TLD:N/DOP:N/P:T",
    "confidence_score": 0.1, 
    "confidence_score_rating": "Unconfirmed", 
    "confidence_score_vector": "COSIS:1.0/SR:N/POP:N/TLD:N/CP:T", 
    "risk_score": 9.9, 
    "risk_score_rating": "Critical", 
    "risk_score_vector": 
"RSIS:1.0/TSS:C/TLD:N/CVSS:C/EX:H/MOD:H/AVL:L/T:H/DT:H",
    "extended": { 
          "cyberint_guid": "047126240eb5908a422ac1b916b1fda4", 
          "notes": "DNS tunneling domains", 
          "threat_actor": "OilRig", 
          "threat_actor_vector":
"STARS:1.0/NAME:OILRIG/AKA:[APT34,CHRYSENE,COBALT_GYPSY,CRAMBUS,HELIX_KITTEN,HELIX_KITTEN,TWISTED_KITTEN]
/OPS:N/OVLP:N/REGN:IRAN/DESC:Y/TACT:N/TRGT:N/TOOL:[ALMA_COMMUNICATOR,BONDUPDATER,CVE-2017-0199,CVE-2017-11882,
CLAYSLIDE,DARKSEAGREENSHELL,ELVENDOOR,HELMINTH,ISMDOOR,INVOKE-OBFUSCATION,LITTLEFACE),OOPSIE,PLINK,POWBAT,
POWRUNER_(PS_BACKDOOR),PSEXEC,QUADAGENT,SSH_TUNNELS_TO_WINDOWS_SERVERS,WEBSHELLS_(TWOFACE,CUSTOMIZED_MIMIKATZ,
MALICIOUS_RTF_FILES_CVE-2017-0199_AND_CVE-2017-11882]/REFS:Y"
    }
    },
    {
    "id": "11891e907esdx131-83f0fxie-11ea1157-94fea66w-ededbc8e1ec7679wr16f7ghd9", 
    "type": "HOST", 
    "host": "eicar.co", 
    "domain": "eicar.co", 
    "tld": "co", 
    "profile": "IID", 
    "property": "MaliciousNameserver_Generic", 
    "class": "MaliciousNameserver", 
    "threat_level": 0, 
    "confidence": 100, 
    "detected": "2020-02-11T10:36:44.000Z", 
    "received": "2020-04-21T16:49:29.780Z", 
    "imported": "2020-04-21T16:49:29.780Z",
    "expiration": "2040-02-11T10:36:44.000Z", 
    "dga": false,
    "batch_id": "1188d06f2e7d8c2c-83f0fcse-11ea11et-94feah54-ededbc8e1ec7666j316fk87d", 
    "extended": {
           "rpz": "base"
    }
    }
    ],
    "record_count": 2
}


Back