The actor_profiles/get_one endpoint is used to display specific information for an actor, identified by id.
Request
Request method: POST
Endpoint: https://tip.kaspersky.com/api/actor_profiles/get_one
Query parameters:
Expected parameters
Parameter |
Description |
|---|---|
id |
Actor's ID: the |
Request example: Get a specific actor profile:
|
Responses
Click the links below for information about possible responses.
Request processed successfully.
The endpoint returns the following parameters.
200 OK response parameters
Parameter |
Description |
|---|---|
id |
Actor's ID. For example, |
name |
Actor's name. For example, |
actor_group |
Group the actor belongs to. Available values:
|
aliases |
Aliases for the actor (array of unique strings). Aliases are used as alternative actor identifiers. For example, |
description |
Actor's description, which contains several sections. The heading of each section begins with a sequence of characters |
publications |
APT reports related to the actor that are available according to your license. For each APT report, the following data is available:
|
geo |
Array that contains a list of countries in which an actor's activity was detected. For each country, the following data is available:
|
last_updated |
Date and time when the actor profile was last updated (in the Coordinated Universal Time (UTC) format). For example, |
descriptive_ttps |
Array of the actor’s tactics, techniques, and procedures (TTPs), including
|
mitre_ttps |
Array that contains TTPs descriptions, including
|
{
"status": "ok",
"status_msg": "",
"return_data": {
"id":"1",
"name":"PLATINUM",
"actor_group": "apt",
"aliases":["PT", "PLAT"],
"description":"Actor's description",
"publications":[
{
"tip_id":"1501-apt",
"name":"Sofacy targeting embassies with Gamefish"
}
]
"geo":[
{
"country":"ru",
"reports":"3"
}
]
"last_updated":"2018-11-28 15:20",
"descriptive_ttps":[
{
"type":"Infrastructure",
"name":"Use of Dropbox in hosting infrastructure.",
"mitre_mapping":[
{
"id":"PRE-T1084",
"stage":"Recon",
"mitre_source":"mitre-attack",
"name":"Acquire and/or use 3rd party infrastructure services (undefined)",
"url":"https://attack.mitre.org/mitigations/T1084/"
}
]
}
]
"mitre_ttps":[
{
"id":"PRE-T1084",
"stage":"Recon",
"mitre_source":"mitre-attack",
"name":"Acquire and/or use 3rd party infrastructure services (undefined)",
"url":"https://attack.mitre.org/mitigations/T1084/"
}
]
}
}
Request not processed: user authentication failed.
Make sure you enter the correct credentials, and then try to run the query again. If the problem recurs, please contact your dedicated Kaspersky Technical Account Manager.
Request not processed.
This error is returned if you do not have access to the APT Intelligence Reporting Service.
Purchase an APT Intelligence Reporting Service license and try again.
This error is also returned if you try to run a request by using an API token, not specifying your credentials. You can use an API token only for running Threat Lookup API requests.
Requested ID not found.
Make sure the specified id value is correct, and then run the query again.
451 Unavailable For Legal Reasons
Request not processed: Terms and Conditions for Kaspersky Threat Intelligence Portal service are not accepted.
Kaspersky Threat Intelligence Portal API is not available if you have not accepted the Terms and Conditions for the service by using the Kaspersky Threat Intelligence Portal web interface.
Please go to https//tip.kaspersky.com and accept the service Terms and Conditions before using this API.
|
See also: |