Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The TIDE API consists of the Data API. The Data API is used to submit and retrieve threat indicators. The Cloud Services Platform provides API Guides, which describe all available filters and options when running API calls. Before using any of the API guides, you need to verify your account using the Cloud Services Platform’s token authentication service. 

The TIDE API leverages the Basic Auth method in HTTP/HTTPS to transport the API key. The API key  is passed in the username field. The password field should be set to an empty string. All data fields (including filter) represented in ISO 8601 format.

The Data API consist of the following:

  • Threat Batch APIs (batch): Used to submit threat indicators and retrieve details about uploaded batches.  

  • Property APIs (property): Used to retrieve registered threat properties .

  • Threat APIs (threat): Used to search threat indicators on the Cloud Services Platform. 

  • Threat Class APIs (threat_class): Used to retrieve threat classes registered on the Infoblox Cloud Services platform.

All Python examples provided in this guide were scripted using Python 3.0.

Infoblox TIDE leverages highly accurate machine-readable threat intelligence data via a flexible TIDE (Threat Intelligence Data Exchange) to aggregate, curate, and enable distribution of data across a broad range of infrastructure. TIDE enables organizations to ease consumption of threat intelligence from various internal and external sources, and to effectively defend against and quickly respond to cyber threats. TIDE threat indicators are enriched with threat classification, scoring, TTL and  is backed by the Infoblox threat intelligence team that normalizes and refines high-quality threat intelligence data feeds.

TIDE collects and manages curated threat intelligence from internal and external sources in a single platform. It enables security operations to remediate threats more rapidly by sharing normalized TIDE data in real time with third-party security systems such as firewalls, SIEM, XDR, TIP, SOAR, etc. By leveraging highly accurate machine-readable threat intelligence (MRTI) data to aggregate and selectively distribute data across a broad range of security infrastructure, the end result is a highly refined feed with a very low historical false-positive rate.

Before using the TIDE API, you must verify your account using the Cloud Services Platform’s token authentication service.

The original version of Malware Analysis is being replaced with Malware Analysis Version 3. Infoblox highly recommends customers begin using Malware Analysis Version 3 going forward. 

How do I use the API Guides?
How do I create an API key? 
What is a data profile?
How do I create a data profile?
How do I format data for submission?
How do I check my data submission status?
How do I search all my data?
How do I view all of my organization's data profiles?
How do I see what RPZ feeds I have access to with my Cloud Services Portal License?
How do I see what data profiles I have access to with my Cloud Services Portal License?
How do I search data in the last X time units?
How Do I Get Infoblox's Current Active Threat Data?

  • No labels