Request processed successfully.

The endpoint returns a report that includes descriptions of indicators of compromise for the following object types: MD5 hashes, domains, and IP addresses in CSV file format. Results are provided in base64 gzip format, and must be decoded.

The first string in the file contains columns names:

• UID—ID of a report.
• Publication—Name of a report.
• Indicator—Object's type: md5-hash, domain, or IP.
• DetectionDate—Detection date in YYYY-MM-DD format.
• IndicatorType—Type of indicator: md5Hash or networkActivity.

Starting from the third string, each string contains a description of a separate indicator of compromise.

See result example

Request not processed: user authentication failed.

Make sure you enter the correct credentials, and then try to run the query again. If the problem recurs, please contact your dedicated Kaspersky Technical Account Manager.

Request not processed: running requests by using an API token is forbidden for this service.

You can use an API token only for running Threat Lookup API requests.

For other Kaspersky Threat Intelligence Portal services, a certificate is required, an API token usage is not available.

Request not processed: Terms and Conditions for Kaspersky Threat Intelligence Portal service are not accepted.

Kaspersky Threat Intelligence Portal API is not available if you have not accepted the Terms and Conditions for the service by using the Kaspersky Threat Intelligence Portal web interface.

Please go to https//tip.kaspersky.com and accept the service Terms and Conditions before using this API.