This section explains how to request reports by using Kaspersky Threat Intelligence Portal API.
Before working with the Kaspersky Threat Intelligence Portal API, you must accept the Terms and Conditions online in your browser at https://tip.kaspersky.com.
The main purpose of the API is to give automated access for retrieving data from Kaspersky Threat Intelligence Portal. More precisely, the API is used to export reports for further integration using other external services. This documentation is valid for Kaspersky Threat Intelligence Portal API version 1.0.
To request reports by using Kaspersky Threat Intelligence Portal API:
Obtaining certificate, user name, and password
A certificate, user name, and password are required to work with Kaspersky Threat Intelligence Portal.
You must obtain a certificate, user name, and password from Kaspersky. The user name and password are used to refer to the service through Kaspersky Threat Intelligence Portal API.
Converting certificate to PEM format
You must convert the certificate received from your dedicated Kaspersky Technical Account Manager to PEM format before working with Kaspersky Threat Intelligence Portal API.
Unless otherwise instructed, you will access Kaspersky Threat Intelligence Portal API at the following location:
Access to the API is obtained by two authentication methods:
Authentication error message
For invalid user login details, the server will return a
401 Unauthorized HTTP error message.
Endpoint return data
Each endpoint will return a JSON encoded array that has three entries:
statusentry can be:
status_msgentry will describe the error string (a text part according to section 10 of RFC 2616) in case
return_dataentry will be documented accordingly by each endpoint.
APT and Crimeware Threat Intelligence reporting API methods
Obtains the list of reports published on Kaspersky Threat Intelligence Portal.
Obtains specific information for a publication.
Obtains a Master IOC file, that contains indicators of compromise in CSV file format.
Obtains a Master YARA file.