Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

To query data from a specified organization, use the state (active threats) or threats by age API.

For example, if you wanted to get a list of all active IP threats from OrgA, you would use the API:

     /tide/api/data/threats/state/ip?profile=OrgA

If you wanted all IP threats submitted by OrgA in the last day, you would use the API:

     /tide/api/data/threats/state/ip/daily?profile=OrgA

You must specify the name of the provider organization using the "profile" query string parameter. You can specify multiple provider organizations by having multiple "profile" parameters.

Python

#note: install the 'requests' library first:
#pip install -U requests import requests
from pprint import pprint

#note: replace this api_key value with your api key! api_key = 'YOUR_API_KEY'
api_endpoint = 'https://csp.infoblox.com'
api_path = '/tide/api/data/threats/ip/daily'
url = '%s%s' % (api_endpoint,api_path)
params = {'profile': ['OrgA','IID'],'rlimit': 2}

token = '<MY TOKEN>'

r = requests.get(url,headers={'Content-Type':'application/json','Authorization':'token {}'.format(token)})
print (r.status_code)
print (r.json())
# OR
#print (r.content)

Sample result

200
{u'dropped': False, 
 u'dropped_record_count': 0,
 u'filtered_record_count': 2,
 u'record_count': 2,
 u'threat': [{u'batch_id': u'fefefefe-f343-11e3-897c-55530a829c6f', 
              u'class': u'ExploitKit',
              u'detected': u'2017-06-13T17:24:26.000Z',
              u'dga': u'false',
              u'domain': u'another-bad-host.info', 
              u'host': u'drawer.another-bad-host.info',
              u'id': u'fefefefe-f343-11e3-fefe-55530a829c6f', 
              u'imported': u'2017-06-13T21:42:54.429Z',
              u'ip': u'',
              u'origin': u'',
              u'profile': u'OrgA',
              u'property': u'ExploitKit_Nuclear', 
              u'target': u'',
              u'threat_level': 100, 
              u'tld': u'info',
              u'tlp': u'',
              u'type': u'HOST',
              u'up': u'true',
              u'url': u''},
             {u'batch_id': u'ad1798f7-fefe-11e3-fefe-55530a829c6f', u'class': u'ExploitKit',
              u'detected': u'2017-06-13T17:24:26.000Z',
              u'dga': u'false',
              u'domain': u'programrealty.info', 
              u'host': u'draw.programrealty.info',
              u'id': u'ad257baa-f343-11e3-897c-fefefefefefe', 
              u'imported': u'2017-06-13T21:42:54.429Z',
              u'ip': u'',
              u'origin': u'IID',
              u'profile': u'IID',
              u'property': u'ExploitKit_Nuclear', 
              u'target': u'',
              u'threat_level': 100, 
              u'tld': u'info',
              u'tlp': u'',
              u'type': u'HOST',
              u'up': u'true',
              u'url': u''}]}

Curl

curl ‘https://csp.infoblox.com/tide/api/data/threats?profile=OrgB&profile=II D&rlimit=2' -H 'Authorization:Token token=<MYTOKEN>' | python -mjson.tool

Sample result

{
     "threat": [
        {
          "id": "ad257ba9-f343-11e3-897c-55530a829c6f", 
          "type": "HOST",
          "host": "drawer.programrealty.info", 
          "ip": "",
          "url": "",
          "domain": "programrealty.info", 
          "tld": "info",
          "profile": "IID
          "origin": "IID",
          "property": "ExploitKit_Nuclear", 
          "class": "ExploitKit", 
          "threat_level": 100,
          "target": "",
          "detected": "2017-06-03T17:24:26.000Z", 
          "imported": "2017-06-13T21:42:54.429Z",
          "dga": "false",
          "up": "true",
          "tlp": "",
          "batch_id": "ad1798f7-f343-11e3-897c-55530a829c6f"
        },
        {
          "id": "ad257baa-f343-11e3-897c-55530a829c6f", 
          "type": "HOST",
          "host": "draw.programrealty.info", 
          "ip": "",
          "url": "",
          "domain": "programrealty.info", 
          "tld": "info",
          "profile": "IID",
          "origin": "IID",
          "property": "ExploitKit_Nuclear", 
          "class": "ExploitKit", 
          "threat_level": 100,
          "target": "",
          "detected": "2017-06-03T17:24:26.000Z", 
          "imported": "2017-06-13T21:42:54.429Z",
          "dga": "false",
          "up": "true",
          "tlp": "",
          "batch_id": "ad1798f7-f343-11e3-897c-55530a829c6f"
       }
     ],
     "record_count": 2,
     "filtered_record_count": 2,
     "dropped_record_count": 0, 
     "dropped": false
}
  • No labels