Get Master IOC file
The publications/get_master_ioc
endpoint is used to display a Master IOC file, that contains indicators of compromise in CSV file format.
Request
Request method: POST
Endpoint: https://tip.kaspersky.com/api/publications/get_master_ioc
Query parameters:
Expected parameters
Parameter
|
Description
|
report_group
|
Report group. Required parameter.
Available values:
fin —Master file will contain indicators of compromise only from Crimeware Threat Intelligence reports.
apt —Master file will contain indicators of compromise only from APT Intelligence reports.
|
Request example:
curl -u <user_name> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST 'https://tip.kaspersky.com/api/publications/get_master_ioc?report_group=apt'
|
Responses
Click the links below for information about possible responses.
Expand all | Collapse all
200 OK
Request processed successfully.
The endpoint returns a report that includes descriptions of indicators of compromise for the following object types: MD5 hashes, domains, and IP addresses in CSV file format. Results are provided in base64 gzip format, and must be decoded.
The first string in the file contains columns names:
UID
—ID of a report.Publication
—Name of a report.Indicator
—Object's type: md5-hash
, domain
, or IP
.DetectionDate
—Detection date in YYYY-MM-DD
format.IndicatorType
—Type of indicator: md5Hash
or networkActivity
.
Starting from the third string, each string contains a description of a separate indicator of compromise.
See result example
'UID','Publication','Indicator','DetectionDate','IndicatorType';
'5810843a-e310-4f63-acb8-6697c0a85a10','Sofacy - New AZZY backdoor','1de63702283745f442b554273f122f9e','2016-10-26','md5Hash'
'5810843a-f174-43c0-af15-6697c0a85a10','Sofacy - New AZZY backdoor','soft-storage.com','2016-10-26','networkActivity'
401 Unauthorized
Request not processed: user authentication failed.
Make sure you enter the correct credentials, and then try to run the query again. If the problem recurs, please contact your dedicated Kaspersky Technical Account Manager.
403 Forbidden
Request not processed: running requests by using an API token is forbidden for this service.
You can use an API token only for running Threat Lookup API requests.
For other Kaspersky Threat Intelligence Portal services, a certificate is required, an API token usage is not available.
451 Unavailable For Legal Reasons
Page top