This section explains how to request reports by using Kaspersky Threat Intelligence Portal API.
Before working with the Kaspersky Threat Intelligence Portal API, you must accept the Terms and Conditions online in your browser at https://tip.kaspersky.com.
The main purpose of the API is to give automated access for retrieving data from Kaspersky Threat Intelligence Portal. More precisely, the API is used to export reports for further integration using other external services. This documentation is valid for Kaspersky Threat Intelligence Portal API version 1.0.
To request reports by using Kaspersky Threat Intelligence Portal API:
Obtaining certificate, user name, and password
A certificate, user name, and password are required to work with Kaspersky Threat Intelligence Portal.
You must obtain a certificate, user name, and password from Kaspersky. The user name and password are used to refer to the service through Kaspersky Threat Intelligence Portal API.
Converting certificate to PEM format
You must convert the certificate received from your dedicated Kaspersky Technical Account Manager to PEM format before working with Kaspersky Threat Intelligence Portal API.
API Location
Unless otherwise instructed, you will access Kaspersky Threat Intelligence Portal API at the following location:
https://tip.kaspersky.com/api/publications/<endpoint>
Authentication
Access to the API is obtained by two authentication methods:
Authentication error message
For invalid user login details, the server will return a 401 Unauthorized
HTTP error message.
Request examples:
Successful authentication:
Invalid authentication:
|
Endpoint return data
Each endpoint will return a JSON encoded array that has three entries: status
, status_msg
, and return_data
.
status
entry can be: ok
or error
.status_msg
entry will describe the error string (a text part according to section 10 of RFC 2616) in case status
is not ok
.return_data
entry will be documented accordingly by each endpoint.Methods
APT and Crimeware Threat Intelligence reporting API methods
Method |
Description |
---|---|
Obtains the list of reports published on Kaspersky Threat Intelligence Portal. |
|
Obtains specific information for a publication. |
|
Obtains a Master IOC file, that contains indicators of compromise in CSV file format. |
|
Obtains a Master YARA file. |