Document toolboxDocument toolbox

iSight API

Owned by Gary Leicht
Jun 21, 2023
4 min read

iSight

The iSight API call provides threat information for a given indicator.


Data Structure:

{
     “match”: bool,
     “response”: [
     {
        “summary”: { “ThreatScape”: [string],
        “publishDate”: integer,
        “reportId”: string,
        “title”: string
        },
        “details”: {
        “abstract”: string,
        “analysis”: string,
        “copyright”: string,
        “execSummary”: string,
        “publishDate”: string,
        “reportId”: string,
        “riskRating”: string,
        “title”: string,
           “version”: string,
           “tagSection”: {
              “networks”: {
              “network”: [
              {
              “domain”: string,
              “identifier”: string,
              “ip”: string,
              “networkType”: string
              },

            ],
            “main”: {
               “affectedIndustry”: [string],
               “affectedSystems”: {
               “affectedSystem”: [string]
               },
               “impacts”: {
                  “impact”: [string]
               },
               “intendedAudiences”: {
               “intendedAudience”: [string]
               },
               “ttps”: {
               “ttp”: [string]
               }
           }
       }
   }
}


Example:

Given an indicator like “"http://moiparks.in/bubu/file.exe” is used, iSight will return the following:

{
     “match”: bool,
     “response”: [
     {
        “details”: {
           “ThreatScape”: {
               "product": [
                   "ThreatScape Cyber Crime"  
            ]
        },
        “abstract”:  "\u003cp\u003eThe Pony (aka Fareit) tool is a generic platfor…", "copyright": "© Copyright 2017 FireEye, Inc. All rights reserved.", 
        “execSummary”: "\u003cp\u003eThe Pony (aka Fareit) tool is a generic …", "publishDate": "June 15, 2016 08:36:00 AM", 
        “reportId”: "16-00009344",
        “riskRating": "LOW", "tagSection": {
            "files": {
            "file": [
        {
         "fileName": "UNAVAILABLE",
          "identifier": "Attacker",
             "md5": "f53631c1641461cbffbd3ca598f3aee7",
             "sha1":
               "3e207d750f0761631db2027dba778e411069c1f2",
             "sha256":
               "c89da29e589f8680486e10ef8ed81b7d3150b0dfacbc8de4ac90fcf43f06d00a"
         }],
        “title": "Indicator Report: Pony Activity Report
        (June 8 to 15, 2016)",
        "version": "1" 
         },
         "summary": {
         "ThreatScape": [
         "Cyber Crime"
         ],
         "publishDate": 1465997760,
         "reportId": "16-00009344", 
         "title": "Indicator Report: Pony Activity Report
         (June 8 to 15, 2016)"
         }
}

Back