Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

Version 1 Next »

All Python examples provided in this guide were scripted using Python 3.0.

How do I search all my data? 

To search all data shared with you use the Info API provided by the Admin Service. Do note that this API call includes historical threat data in addition to current threats.

python

#note: install the 'requests' library first:
#pip install -U requests
import requests

#note: replace this api_key value with your api key!
api_key = 'INSERT_YOUR_API_KEY_HERE'
api_endpoint = 'https://csp.infoblox.com'
api_path = '/tide/api/data/threats/'
batch_id = 'cebf7300-9e1f-11eb-8943-6962d4bdf9de'
url = '%s%s%s' % (api_endpoint,api_path)
parameters = {‘rlimit’: 10, ‘property’: ‘phishing_generic’, ‘type’: ‘host’}

r = requests.get(url, headers={"Authorization": "Token "+api_key}, 
params=parameters, verify=True)
print(r.status_code)
print(r.json())

Sample result

200

{u'status': u'success', u'code': 0, u'data': [u'Infoblox']}

curl

curl -X GET 'https://csp.infoblox.com/tide/api/data/threats?rlimit=2' -H 'Authorization: Token <CSP API key>'

Sample result

{ 
    "threat": [
    { 
    "id": "2e2dc131-f68e-11e9-a628-679f316f9ffd", 
    "type": "HOST", 
    "host": "go0gie.com", 
    "domain": "go0gie.com", 
    "tld": "com", 
    "profile": "IID",
    "property": "APT_MalwareC2", 
    "class": "APT", 
    "threat_level": 100, 
    "detected": "2019-04-17T21:02:54.385Z", 
    "received": "2019-10-24T18:43:33.204Z", 
    "imported": "2019-10-24T18:43:33.204Z",
    "expiration": "2021-04-17T21:02:54.385Z", 
    "dga": false, 
    "up": true, 
    "batch_id": "2e2d9a20-f68e-11e9-a628-679f316f9ffd", 
    "threat_score": 10, 
    "threat_score_rating": "Critical", 
    "threat_score_vector":
"TSIS:1.0/AV:N/AC:L/PR:L/UI:N/EX:H/MOD:H/AVL:L/CI:H/ASN:H/TLD:N/DOP:N/P:T",
    "confidence_score": 0.1, 
    "confidence_score_rating": "Unconfirmed", 
    "confidence_score_vector": "COSIS:1.0/SR:N/POP:N/TLD:N/CP:T", 
    "risk_score": 9.9, 
    "risk_score_rating": "Critical", 
    "risk_score_vector": 
"RSIS:1.0/TSS:C/TLD:N/CVSS:C/EX:H/MOD:H/AVL:L/T:H/DT:H",
    "extended": { 
          "cyberint_guid": "047126240eb5908a422ac1b916b1fda4", 
          "notes": "DNS tunneling domains", 
          "threat_actor": "OilRig", 
          "threat_actor_vector":
"STARS:1.0/NAME:OILRIG/AKA:[APT34,CHRYSENE,COBALT_GYPSY,CRAMBUS,HELIX_KITTEN,HELIX_KITTEN,TWISTED_KITTEN]
/OPS:N/OVLP:N/REGN:IRAN/DESC:Y/TACT:N/TRGT:N/TOOL:[ALMA_COMMUNICATOR,BONDUPDATER,CVE-2017-0199,CVE-2017-11882,
CLAYSLIDE,DARKSEAGREENSHELL,ELVENDOOR,HELMINTH,ISMDOOR,INVOKE-OBFUSCATION,LITTLEFACE),OOPSIE,PLINK,POWBAT,
POWRUNER_(PS_BACKDOOR),PSEXEC,QUADAGENT,SSH_TUNNELS_TO_WINDOWS_SERVERS,WEBSHELLS_(TWOFACE,CUSTOMIZED_MIMIKATZ,
MALICIOUS_RTF_FILES_CVE-2017-0199_AND_CVE-2017-11882]/REFS:Y"
    }
    },
    {
    "id": "11891e90-83f0-11ea-94fe-ededbc8e1ec7", 
    "type": "HOST", 
    "host": "eicar.co", 
    "domain": "eicar.co", 
    "tld": "co", 
    "profile": "IID", 
    "property": "MaliciousNameserver_Generic", 
    "class": "MaliciousNameserver", 
    "threat_level": 0, 
    "confidence": 100, 
    "detected": "2020-02-11T10:36:44.000Z", 
    "received": "2020-04-21T16:49:29.780Z", 
    "imported": "2020-04-21T16:49:29.780Z",
    "expiration": "2040-02-11T10:36:44.000Z", 
    "dga": false,
    "batch_id": "1188d06f-83f0-11ea-94fe-ededbc8e1ec7", 
    "extended": {
           "rpz": "base"
    }
    }
    ],
    "record_count": 2
}

Back


  • No labels