Get specific report

The publications/get_one endpoint is used to display specific information for a publication, identified by publication_id. For each publication, a set of reports can be requested, such as: PDF report, summary report, YARA Rules, IOCs, Suricata rules. If request is successful, the requested publication ID will be returned, alongside with the publication metadata and reports to which the API user has access to. For example, if publication ID 1337 is requested with the following reports: PDF, Summary, YARA & IOCs, but the API user has access only to YARA Rules, it will receive only the rules and nothing else. The request will have status ok.

Request

Request method: POST

Endpoint: https://tip.kaspersky.com/api/publications/get_one

Query parameters:

Expected parameters

Parameter	Description
publication_id	Report ID: the `id` parameter (a string) returned by the `get_list` endpoint.
include_info	List of the optional parameters separated by comma: `all`—All available formats. `pdf`—Report in PDF format. `execsum`—Brief report summary for business purposes (executive summary) in PDF format. `yara`—Report in YARA Rules format. `iocs`—OpenIOC file that includes description of indicators of compromise. `suricata`—File that contains Suricata rules associated with the report.
lang	Language for a report or an executive summary. The value can be one of the following: `ru` (Russian), `en` (English), `pt` (Portuguese), or `es` (Spanish). A list of available languages for a report or an executive summary is returned by the `pdfs` or the `exec_sums` parameters in the `get_list` endpoint. If the `lang` parameter is not specified, the first available Industrial Threat Intelligence report in PDF format is returned. The language depends on the report and its artifacts.

Parameter

Description

publication_id

Report ID: the id parameter (a string) returned by the get_list endpoint.

include_info

List of the optional parameters separated by comma:

all—All available formats.

pdf—Report in PDF format.

execsum—Brief report summary for business purposes (executive summary) in PDF format.

yara—Report in YARA Rules format.

iocs—OpenIOC file that includes description of indicators of compromise.

suricata—File that contains Suricata rules associated with the report.

lang

Language for a report or an executive summary. The value can be one of the following: ru (Russian), en (English), pt (Portuguese), or es (Spanish). A list of available languages for a report or an executive summary is returned by the pdfs or the exec_sums parameters in the get_list endpoint. If the lang parameter is not specified, the first available Industrial Threat Intelligence report in PDF format is returned. The language depends on the report and its artifacts.

Request examples:

Get specific information about publication ID ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt, requesting all formats:

curl -u <user_name> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST 'https://tip.kaspersky.com/api/publications/get_one?publication_id=ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt&include_info=all'

Get specific information about publication ID ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt, requesting IoC and YARA Rules files:

Responses

Click the links below for information about possible responses.

Expand all | Collapse all

200 OK

Request processed successfully.

The endpoint returns a JSON object that contains information about the specific report.

200 OK response parameters

Parameter	Description
publications	Array with the keys described in this table.
id	Report ID.
updated	Time stamp when a report was updated.
published	Time stamp when a report was published.
name	Report name.
desc	Report description.
exec_sum_text	Text of the executive summary (only for APT Threat Intelligence reports). If the executive summary is not available, this field is not included in the return data.
report_group	Report group. For example: "`apt`", "`fin`".
tags	Array of all tags associated with the report. For example: `["turla", "epic turla"]`.
tags_industry	Array of industry tags associated with the report: industries that are involved in APT attacks or mentioned in Crimeware Threat Intelligence reports. For example: `["Activists", "Zoo"]`.
tags_geo	Array of geography tags associated with the report: countries and regions that are targeted by APTs or mentioned in Crimeware Threat Intelligence reports. For example: `["Egypt", "Iran", "Jordan"]`.
tags_actors	Array of actor tags associated with the report: personalities or companies that are involved in APT attacks or mentioned in Crimeware Threat Intelligence reports. For example: `["APT28"]`.
report_pdf	Optional element if available, base64 gzip encoded PDF report.
report_yara	Optional element if available, base64 gzip encoded YARA Rules.
report_suricata	Optional element if available, base64 gzip encoded file containing Suricata rules associated with the report.
report_iocs	Optional element if available, base64 gzip encoded IoCs.
report_execsum	Optional element if available, base64 gzip encoded executive summary report.

Tag values can contain UTF-8 (Unicode Transformation Format 8-bit) symbols. The list of values is not limited, and tags can be added or deleted without prior notification.

See result examples

Get information about publication ID ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt, requesting all formats:

curl -u <user_name> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST 'https://tip.kaspersky.com/api/publications/get_one?publication_id=ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt&include_info=all'

See result example

Get specific information about publication ID ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt, requesting IoC and YARA Rules files:

curl -u <user_name> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST

'https://tip.kaspersky.com/api/publications/get_one?publication_id=ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt&include_info=iocs,yara'

See result example

Get information about publication ID ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt, not specifying the include_info parameter:

See result example

Get specific information about publication ID ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt, inputting an invalid include_info value:

If fetching the specific information about the report using an invalid include_info value, an incorrect value will be ignored.

See result example

401 Unauthorized

403 Forbidden

451 Unavailable For Legal Reasons