Get Industrial Threat Intelligence report
The ics/get_one endpoint is used to display specific information for an Industrial Threat Intelligence report, identified by publication_id.
Request
Request method: POST
Endpoint: https://tip.kaspersky.com/api/ics/get_one
Query parameters:
Expected parameters
Parameter
|
Description
|
publication_id
|
Industrial Threat Intelligence report ID: the id parameter (a string) returned by the get_list endpoint.
|
include_info
|
List of the optional parameters separated by comma:
all—All available formats.
pdf—Industrial Threat Intelligence report in PDF format.
execsum—Brief report summary for business purposes (executive summary) in PDF format.
yara—Industrial Threat Intelligence report in YARA Rules format.
iocs—OpenIOC file that includes description of indicators of compromise.
suricata—File that contains Suricata rules associated with the Industrial Threat Intelligence report.
|
lang
|
Language for an Industrial Threat Intelligence report. The value can be one of the following: ru (Russian), en (English), pt (Portuguese), or es (Spanish). A list of available languages for an Industrial Threat Intelligence report is returned by the pdfs in the get_list endpoint. If the lang parameter is not specified, the first available Industrial Threat Intelligence report in PDF format is returned. The language depends on the report and its artifacts.
|
Request example:
Retrieve the executive summary and the PDF report for the specific Industrial report:
curl -u <user_name> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST 'https://tip.kaspersky.com/api/ics/get_one?publication_id={Industrial report ID}&include_info=execsum,pdf'
|
Responses
Click the links below for information about possible responses.
Expand all | Collapse all
200 OK
Request processed successfully.
The endpoint returns the following parameters.
200 OK response parameters
Parameter
|
Description
|
publications
|
Array with the keys described in this table.
|
id
|
Industrial Threat Intelligence report ID.
|
updated
|
Time stamp when the Industrial Threat Intelligence report was updated.
|
published
|
Time stamp when the Industrial Threat Intelligence report was published.
|
name
|
Industrial Threat Intelligence report name.
|
desc
|
Industrial Threat Intelligence report description.
|
report_group
|
Industrial Threat Intelligence report group ("ics").
|
tags
|
Array of all tags associated with the Industrial Threat Intelligence report. For example: ["turla", "epic turla"].
|
tags_industry
|
Array of industry tags associated with the report: industries that are involved in APT attacks or mentioned in Crimeware Threat Intelligence reports. For example: ["Activists", "Zoo"].
|
tags_geo
|
Array of geography tags associated with the report: countries and regions that are targeted by APTs or mentioned in Crimeware Threat Intelligence reports. For example: ["Egypt", "Iran", "Jordan"].
|
tags_actors
|
Array of actor tags associated with the report: personalities or companies that are involved in APT attacks or mentioned in Crimeware Threat Intelligence reports. For example: ["APT28"].
|
report_pdf
|
Optional element if available, base64 gzip-encoded PDF report.
|
report_yara
|
Optional element if available, base64 gzip-encoded YARA Rules.
|
report_suricata
|
Optional element if available, base64 gzip encoded file containing Suricata rules associated with the Industrial Threat Intelligence report.
|
report_iocs
|
Optional element if available, base64 gzip-encoded IoCs.
|
Tag values can contain UTF-8 (Unicode Transformation Format 8-bit) symbols. The list of values is not limited, and tags can be added or deleted without prior notification.
401 Unauthorized
Request not processed: user authentication failed.
Make sure you enter the correct credentials, and then try to run the query again. If the problem recurs, please contact your dedicated Kaspersky Technical Account Manager.
403 Forbidden
Request not processed: running requests by using an API token is forbidden for this service.
You can use an API token only for running Threat Lookup API requests.
For other Kaspersky Threat Intelligence Portal services, a certificate is required, an API token usage is not available.
451 Unavailable For Legal Reasons
Page top