/
How Do I Search All My Data?
Document toolboxDocument toolbox

How Do I Search All My Data?

Owned by Gary Leicht
Last updated: Nov 29, 2024

All Python examples provided in this guide were scripted using Python 3.0.

How do I search all my data? 

To search all data shared with you use the Info API provided by the Admin Service. Do note that this API call includes historical threat data in addition to current threats.

python

#note: install the 'requests' library first:
#pip install -U requests
import requests

#note: replace this api_key value with your api key!
api_key = 'INSERT_YOUR_API_KEY_HERE'
api_endpoint = 'https://csp.infoblox.com'
api_path = '/tide/api/data/threats/'
batch_id = 'feaf7y40-9e1e-1evd-8723-6961d4beg9xn'
url = '%s%s%s' % (api_endpoint,api_path)
parameters = {‘rlimit’: 10, ‘property’: ‘phishing_generic’, ‘type’: ‘host’}

r = requests.get(url, headers={"Authorization": "Token "+api_key}, 
params=parameters, verify=True)
print(r.status_code)
print(r.json())

Sample result

200

{u'status': u'success', u'code': 0, u'data': [u'YourOrganization']}

curl

curl -X GET 'https://csp.infoblox.com/tide/api/data/threats?rlimit=2' -H 'Authorization: Token <CSP API key>'

Sample result

{ 
    "threat": [
    { 
    "id": "7esdx131-fxie-1157-a66w-679wr16f7ghd9", 
    "type": "HOST", 
    "host": "go0gie.com", 
    "domain": "go0gie.com", 
    "tld": "com", 
    "profile": "IID",
    "property": "APT_MalwareC2", 
    "class": "APT", 
    "threat_level": 100, 
    "detected": "2019-04-17T21:02:54.385Z", 
    "received": "2019-10-24T18:43:33.204Z", 
    "imported": "2019-10-24T18:43:33.204Z",
    "expiration": "2021-04-17T21:02:54.385Z", 
    "dga": false, 
    "up": true, 
    "batch_id": "2e7d8c2c-fcse-11et-ah54-666j316fk87d", 
    "threat_score": 10, 
    "threat_score_rating": "Critical", 
    "threat_score_vector":
"TSIS:1.0/AV:N/AC:L/PR:L/UI:N/EX:H/MOD:H/AVL:L/CI:H/ASN:H/TLD:N/DOP:N/P:T",
    "confidence_score": 0.1, 
    "confidence_score_rating": "Unconfirmed", 
    "confidence_score_vector": "COSIS:1.0/SR:N/POP:N/TLD:N/CP:T", 
    "risk_score": 9.9, 
    "risk_score_rating": "Critical", 
    "risk_score_vector": 
"RSIS:1.0/TSS:C/TLD:N/CVSS:C/EX:H/MOD:H/AVL:L/T:H/DT:H",
    "extended": { 
          "cyberint_guid": "047126240eb5908a422ac1b916b1fda4", 
          "notes": "DNS tunneling domains", 
          "threat_actor": "OilRig", 
          "threat_actor_vector":
"STARS:1.0/NAME:OILRIG/AKA:[APT34,CHRYSENE,COBALT_GYPSY,CRAMBUS,HELIX_KITTEN,HELIX_KITTEN,TWISTED_KITTEN]
/OPS:N/OVLP:N/REGN:IRAN/DESC:Y/TACT:N/TRGT:N/TOOL:[ALMA_COMMUNICATOR,BONDUPDATER,CVE-2017-0199,CVE-2017-11882,
CLAYSLIDE,DARKSEAGREENSHELL,ELVENDOOR,HELMINTH,ISMDOOR,INVOKE-OBFUSCATION,LITTLEFACE),OOPSIE,PLINK,POWBAT,
POWRUNER_(PS_BACKDOOR),PSEXEC,QUADAGENT,SSH_TUNNELS_TO_WINDOWS_SERVERS,WEBSHELLS_(TWOFACE,CUSTOMIZED_MIMIKATZ,
MALICIOUS_RTF_FILES_CVE-2017-0199_AND_CVE-2017-11882]/REFS:Y"
    }
    },
    {
    "id": "7esdx131-fxie-1157-a66w-679wr16f7ghd9", 
    "type": "HOST", 
    "host": "exampledomain.co", 
    "domain": "exampledomain.co", 
    "tld": "co", 
    "profile": "IID", 
    "property": "MaliciousNameserver_Generic", 
    "class": "MaliciousNameserver", 
    "threat_level": 0, 
    "confidence": 100, 
    "detected": "2020-02-11T10:36:44.000Z", 
    "received": "2020-04-21T16:49:29.780Z", 
    "imported": "2020-04-21T16:49:29.780Z",
    "expiration": "2040-02-11T10:36:44.000Z", 
    "dga": false,
    "batch_id": "2e7d8c2c-fcse-11et-ah54-666j316fk87d", 
    "extended": {
           "rpz": "base"
    }
    }
    ],
    "record_count": 2
}

Back


Related content