Document toolboxDocument toolbox

ATP (Active Trust Platform) API

Owned by Gary Leicht
Last updated: Jun 21, 2023
2 min read

ATP (Active Trust Platform)

ATP provides a list of reported threats associated with the indicator from the Active Trust Platform.


Data Structure:


{
  “dropped_count”: integer, 
  “max_request_count”: integer, 
  “record_count”: integer, 
  “threat”: [
    {
      “batch_id”: string, 
      “class”: string, 
      “detected”: string, 
      “domain”: string, 
      “host”: string,
      “id”: string, 
      “imported”: string, 
      “ip”: string, 
      “origin”: string, 
      “profile”: string, 
      “property”: string, 
      “received”: string, 
      “target”: string,
      “threat_level”: integer, 
      “tld”: string,
      “tlp”: string, 
      “type”: string, 
      “up”: string,
      “url”: string,
      “extended”: { 
        “url_hash”: string
      }
    },

  ]
}


Example:

Given an indicator of “moiparks.in”, ATP will return the following:


{
  "record_count": 6, 
  "threat": [
    {
      "batch_id": "c60fb776-a5f8-11e6-898a-95226fae6af8", 
      "class": "Policy",
      "detected": "2016-11-03T22:17:26.000Z",
      "dga": "false",
      "domain": "moiparks.in",
      "expiration": "2016-12-03T22:17:26.000Z",
      "host": "moiparks.in",
      "id": "c6129e0b-a5f8-11e6-898a-95226fae6af8", 
      "imported": "2016-11-08T21:17:37.479Z",
      "ip": "",
      "origin": "",
      "profile": "AIS-FEDGOV",
      "property": "Policy_NCCICwatchlist", 
      "received": "2016-11-08T21:17:37.479Z",
      "target": "", "
      threat_level": 100, 
      "tld": "in",
      "tlp": "",
      "type": "HOST",
      "up": "true",
      "url": ""
    }, …
  ]
}
Back