Dossier API Basic is commonly used by customers. It provides access to all information available on the portal. The Dossier API Calls Reference located under the Resource options tab on the Dossier™ Threat Research Portal page describes all available filters and options. When using the API, the same authentication method as used by other features in the Cloud Services Infoblox Portal, applies when using the Dossier API.
When you execute a test query, the API returns a CURL command to request the data, response body and a response code. The following example contains a sample CURL command which retrieves information about the “eicar.top” domain in JSON format, which is the only supported export format for API based indicator searches.
| Code Block |
|---|
curl -X POST
'https://csp.infoblox.com/tide/api/services/intel/lookup/jobs?wait=true' \
-H 'Authorization: Token token=<CSP Auth Token>' \
-H 'Content-Type: application/json' \
-d '{"target": {"one": {"type": "host", "target": "1.1.1.1",
"sources":["acs","activity","atp","ccb","custom_lists","dns","gcs","geo","gsb","infoblox_web_cat","inforank","isight","malware_analysis","malware_analysis_v3","pdns","ptr","rlabs","rpz_feeds","rwhois","whitelist","whois","ssl_cert","urlhaus","nameserver","threatfox"]}}}' |
|
It may take some time to retrieve data depending on the quantity of data being requested. If the data is not required immediately, then a search can be executed with a “wait” parameter set to “false” and retrieved later. In this case, the first search will return “job_id”. The status of the job and results can be retrieved using a “lookup_jobs_management” call. The URL below retrieves results of a job with the “job_id” parameter.
| Code Block |
|---|
"https://csp.infoblox.com/tide/api/services/intel/lookup/jobs/job_id/results" |
|
