Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

API

Jump to bottom
wesyoung edited this page Dec 1, 2014 · 29 revisions

Overview

This describes the resources that make up the official CIF API v2. If you have any problems or requests please log an issue

Current Version

By default, all requests receive the v2 of the API. We encourage you to explicitly request this version via the Accept header.

Accept: application/vnd.cif.v2+json

Authorization

curl -H "Accept: application/vnd.cif.v2+json" -H "Authorization: token=8b66f1594f40fc81d907860f2e89b76aeaab6f78941f7a2001f092135421366a" https://localhost

Schema

All data is sent and received as JSON.

Blank fields are can be included as 'null' or omitted.

curl -i http://localhost:5000/observables -H "Authorization: Token token=8b66f1594f40fc81d907860f2e89b76aeaab6f78941f7a2001f092135421366a"

HTTP/1.0 200 OK
Date: Mon, 01 Dec 2014 13:09:43 GMT
Server: HTTP::Server::PSGI
Content-Length: 2096429
Date: Mon, 01 Dec 2014 13:09:43 GMT
Content-Type: application/json
X-CIF-Media-Type: cif.v2

[]

Root Endpoint

The root endpoint for the API is /observables.

Parameters

Many API methods take optional parameters. For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:

$ curl -i "https://localhost/observables?cc=us

In this example, the ‘observables’ is provided for the :observables parameters in the path while :cc is passed in the query string.

For PUT requests, parameters not included in the URL should be encoded as JSON with a Content-Type of ‘application/x-www-form-urlencoded’.

Current supported parameters include:

Name Type Description
q string The observable to query for
observable string The observable to query for
cc string The country code to filter on
asn int The ASN to filter on
confidence int The confidence (or greater) to filter on
group string The group(s) to filter on (CSV accepted as AND)
tags string The tag(s) to filter on (CSV accepted as AND)
provider string The provider(s) to filter on (CSV accepted as AND)
application string The application(s) to filter on (CSV accepted as AND)

Examples include:

$ curl -H ... -i "https://localhost/observables?cc=us"
$ curl -H ... -i "https://localhost/observables?q=example.com"
$ curl -H ... -i "https://localhost/observables?observable=1.2.3.4&provider=dragonresearchgroup.com"
$ curl -H ... -i "https://localhost/observables?tags=botnet,zeus&confidence=65&cc=us"

SDK Examples

For more examples, be sure to check out the SDK implementations.

Creative Commons License

Clone this wiki locally