This section explains how to investigate objects by using the Kaspersky Threat Intelligence Portal API methods.
You can use the Threat Lookup API without a certificate, but by using an API token if it is allowed by your organization.
Before working with the Kaspersky Threat Intelligence Portal API, you must accept the Terms and Conditions online in your browser at https://tip.kaspersky.com.
To run a request by using Kaspersky Threat Intelligence Portal API:
https://tip.kaspersky.com/api/<request type>/<request>?count=<records count>[§ions=<sections names>][&format=<result format>]
<request type>—Type of the object that you want to investigate.
hash—Specify this value to investigate a hash.
ip—Specify this value to investigate an IP address. If you want an IP address to be processed as a web address, add the http:// or https:// prefix to the IP address in your request. For example, 188.8.131.52 is processed as an IP address, and http://184.108.40.206 is processed as a web address.
domain—Specify this value to investigate a domain.
url—Specify this value to investigate a web address. Use percent-encoding (URL encoding) to convert certain characters into a valid ASCII format.
<request>—Object that you want to investigate.
For a web address, it's length is limited to a maximum of 2000 characters. If the requested web address length exceeds the limit, an HTTP error 414 (URI Too Long) is returned.
<records count>—Maximum number of records in each data group to display.
If this parameter is not specified, up to 1000 records will be displayed. This restriction does not apply to
FileParentCertificates groups. For these groups all records are displayed regardless of the number of records.
<sections names>—Sections that you want to investigate for the requested object. Use the comma to specify several sections.
Use the question mark (?) to separate the first parameter from the request. Use the ampersand (&) to separate parameters from each other. The parameters can be specified in any order.
Dates in all sections are displayed in Coordinated Universal Time (UTC) format.
<result format>—Investigation result format.
This is an optional parameter.
json—Investigation results are returned in JSON format.
stix—Investigation results are returned in STIX format. If this value is specified, the
<sections names>parameters are ignored: data from all groups is returned.
<result format> parameter is not specified, investigation results are returned in JSON format.