Get Master IOC
The ics/get_master_ioc
endpoint is used to display a Master IOC file that contains indicators of compromise, which are reported in the CSV file format.
Request
Request method: POST
Endpoint: https://tip.kaspersky.com/api/ics/get_master_ioc
Query parameters: The endpoint does not expect any parameters.
Request example:
Request a Master IOC:
curl -u <user_name> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST 'https://tip.kaspersky.com/api/ics/get_master_ioc'
|
Responses
Click the links below for information about possible responses.
Expand all | Collapse all
200 OK
Request processed successfully.
Endpoint returns the following parameters. Results are provided in the base64 gzip format, and must be decoded.
The first string in the file contains columns names:
UID
—ID of the report.Publication
—Name of the report.Indicator
—Object's type: md5-hash
, domain
, or IP
.DetectionDate
—Detection date in YYYY-MM-DD
format.IndicatorType
—Type of indicator: md5Hash
or networkActivity
.
Starting from the third string, each string contains a description of a separate indicator of compromise.
See result example
'UID','Publication','Indicator','DetectionDate','IndicatorType';
'5810843a-e310-4f63-acb8-6697c0a85a10','Sofacy - New AZZY backdoor','1de63702283745f442b554273f122f9e','2016-10-26','md5Hash'
'5810843a-f174-43c0-af15-6697c0a85a10','Sofacy - New AZZY backdoor','soft-storage.com','2016-10-26','networkActivity'
401 Unauthorized
Request not processed: user authentication failed.
Make sure you enter the correct credentials, and then try to run the query again. If the problem recurs, please contact your dedicated Kaspersky Technical Account Manager.
403 Forbidden
Request not processed: running requests by using an API token is forbidden for this service.
You can use an API token only for running Threat Lookup API requests.
For other Kaspersky Threat Intelligence Portal services, a certificate is required, an API token usage is not available.
451 Unavailable For Legal Reasons
Page top