How Do I Search All My Data?

All Python examples provided in this guide were scripted using Python 3.0.

How do I search all my data?

To search all data shared with you use the Info API provided by the Admin Service. Do note that this API call includes historical threat data in addition to current threats.

python

#note: install the 'requests' library first:
#pip install -U requests
import requests

#note: replace this api_key value with your api key!
api_key = 'INSERT_YOUR_API_KEY_HERE'
api_endpoint = 'https://csp.infoblox.com'
api_path = '/tide/api/data/threats/'
batch_id = 'cebf7300-9e1f-11eb-8943-6962d4bdf9de'
url = '%s%s%s' % (api_endpoint,api_path)
parameters = {‘rlimit’: 10, ‘property’: ‘phishing_generic’, ‘type’: ‘host’}

r = requests.get(url, headers={"Authorization": "Token "+api_key}, 
params=parameters, verify=True)
print(r.status_code)
print(r.json())

Sample result

200

{u'status': u'success', u'code': 0, u'data': [u'Infoblox']}

curl

curl -X GET 'https://csp.infoblox.com/tide/api/data/threats?rlimit=2' -H 'Authorization: Token <CSP API key>'

Sample result

{ 
    "threat": [
    { 
    "id": "2e2dc131-f68e-11e9-a628-679f316f9ffd", 
    "type": "HOST", 
    "host": "go0gie.com", 
    "domain": "go0gie.com", 
    "tld": "com", 
    "profile": "IID",
    "property": "APT_MalwareC2", 
    "class": "APT", 
    "threat_level": 100, 
    "detected": "2019-04-17T21:02:54.385Z", 
    "received": "2019-10-24T18:43:33.204Z", 
    "imported": "2019-10-24T18:43:33.204Z",
    "expiration": "2021-04-17T21:02:54.385Z", 
    "dga": false, 
    "up": true, 
    "batch_id": "2e2d9a20-f68e-11e9-a628-679f316f9ffd", 
    "threat_score": 10, 
    "threat_score_rating": "Critical", 
    "threat_score_vector":
"TSIS:1.0/AV:N/AC:L/PR:L/UI:N/EX:H/MOD:H/AVL:L/CI:H/ASN:H/TLD:N/DOP:N/P:T",
    "confidence_score": 0.1, 
    "confidence_score_rating": "Unconfirmed", 
    "confidence_score_vector": "COSIS:1.0/SR:N/POP:N/TLD:N/CP:T", 
    "risk_score": 9.9, 
    "risk_score_rating": "Critical", 
    "risk_score_vector": 
"RSIS:1.0/TSS:C/TLD:N/CVSS:C/EX:H/MOD:H/AVL:L/T:H/DT:H",
    "extended": { 
          "cyberint_guid": "047126240eb5908a422ac1b916b1fda4", 
          "notes": "DNS tunneling domains", 
          "threat_actor": "OilRig", 
          "threat_actor_vector":
"STARS:1.0/NAME:OILRIG/AKA:[APT34,CHRYSENE,COBALT_GYPSY,CRAMBUS,HELIX_KITTEN,HELIX_KITTEN,TWISTED_KITTEN]
/OPS:N/OVLP:N/REGN:IRAN/DESC:Y/TACT:N/TRGT:N/TOOL:[ALMA_COMMUNICATOR,BONDUPDATER,CVE-2017-0199,CVE-2017-11882,
CLAYSLIDE,DARKSEAGREENSHELL,ELVENDOOR,HELMINTH,ISMDOOR,INVOKE-OBFUSCATION,LITTLEFACE),OOPSIE,PLINK,POWBAT,
POWRUNER_(PS_BACKDOOR),PSEXEC,QUADAGENT,SSH_TUNNELS_TO_WINDOWS_SERVERS,WEBSHELLS_(TWOFACE,CUSTOMIZED_MIMIKATZ,
MALICIOUS_RTF_FILES_CVE-2017-0199_AND_CVE-2017-11882]/REFS:Y"
    }
    },
    {
    "id": "11891e90-83f0-11ea-94fe-ededbc8e1ec7", 
    "type": "HOST", 
    "host": "eicar.co", 
    "domain": "eicar.co", 
    "tld": "co", 
    "profile": "IID", 
    "property": "MaliciousNameserver_Generic", 
    "class": "MaliciousNameserver", 
    "threat_level": 0, 
    "confidence": 100, 
    "detected": "2020-02-11T10:36:44.000Z", 
    "received": "2020-04-21T16:49:29.780Z", 
    "imported": "2020-04-21T16:49:29.780Z",
    "expiration": "2040-02-11T10:36:44.000Z", 
    "dga": false,
    "batch_id": "1188d06f-83f0-11ea-94fe-ededbc8e1ec7", 
    "extended": {
           "rpz": "base"
    }
    }
    ],
    "record_count": 2
}

Back