APT and Crimeware Threat Intelligence reporting API

This section explains how to request reports by using Kaspersky Threat Intelligence Portal API.

Before working with the Kaspersky Threat Intelligence Portal API, you must accept the Terms and Conditions online in your browser at https://tip.kaspersky.com.

The main purpose of the API is to give automated access for retrieving data from Kaspersky Threat Intelligence Portal. More precisely, the API is used to export reports for further integration using other external services. This documentation is valid for Kaspersky Threat Intelligence Portal API version 1.0.

To request reports by using Kaspersky Threat Intelligence Portal API:

  1. Make sure that the application you use for working with Kaspersky Threat Intelligence Portal API uses the certificate you received from Kaspersky.
  2. In the Authorization field of the HEADER section, specify the user name and password that you received from Kaspersky or your administrator.
  3. Specify the Basic authentication scheme.
  4. Specify the required HTTP method.
  5. Run your query by using one of the endpoints described below.

Obtaining certificate, user name, and password

A certificate, user name, and password are required to work with Kaspersky Threat Intelligence Portal.

You must obtain a certificate, user name, and password from Kaspersky. The user name and password are used to refer to the service through Kaspersky Threat Intelligence Portal API.

Converting certificate to PEM format

You must convert the certificate received from your dedicated Kaspersky Technical Account Manager to PEM format before working with Kaspersky Threat Intelligence Portal API.

API Location

Unless otherwise instructed, you will access Kaspersky Threat Intelligence Portal API at the following location:

https://tip.kaspersky.com/api/publications/<endpoint>

Authentication

Access to the API is obtained by two authentication methods:

Authentication error message

For invalid user login details, the server will return a 401 Unauthorized HTTP error message.

Request examples:

Successful authentication:

curl -u <user_name> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST 'https://tip.kaspersky.com/api/publications/<endpoint>'

See result example

Invalid authentication:

curl -u <invalid user_name or password> -H 'Content-Length: 0' --cert <full path to the certificate CERT_NAME.pem on your computer> -X POST 'https://tip.kaspersky.com/api/publications/<endpoint>'

See result example

Endpoint return data

Each endpoint will return a JSON encoded array that has three entries: status, status_msg, and return_data.

Methods

APT and Crimeware Threat Intelligence reporting API methods

Method

Description

get_list

Obtains the list of reports published on Kaspersky Threat Intelligence Portal.

get_one

Obtains specific information for a publication.

get_master_ioc

Obtains a Master IOC file, that contains indicators of compromise in CSV file format.

get_master_yara

Obtains a Master YARA file.

See also:

Actor profiles API

In this section

Get report list

Get specific report

Get Master IOC file

Get Master YARA file

Using cURL utility for working with reports

Page top