ThreatSTOP

the threatstop connector includes the check ioc feature, allowing users to lookup ip addresses and domains against their extensive database of malware related iocs prerequisites the threatstop asset requires an url and an api key to interact with the api capabilities this connector provides the following capabilities check ioc (multiple) get check ioc (single) configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions check ioc multiple the post version of the check ioc service can check for up to 10 iocs in the same http request endpoint url /v4 0/check ioc method post input argument name type required description iocs array optional parameter for check ioc multiple ioc string optional ip address or domain name output parameter type description status code number http status code of the response reason string response reason phrase data array response data info object output field info active array output field active last used number output field last used blocker object output field blocker last update number date value description string output field description short description string output field short description name string name of the resource danger level number output field danger level public description string output field public description match type string type of the resource first identified number unique identifier ioc string output field ioc domain string output field domain address string output field address history array output field history last used number output field last used blocker object output field blocker public description string output field public description last update number date value description string output field description short description string output field short description example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 08 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { " data" \[], " links" {}, " meta" {} } } ] get check ioc (single) this operation retrieve the threat intelligence from threatstop's database for the ioc passed as argument ip address or dns record endpoint url /v4 0/check ioc method get input argument name type required description ioc string required ip address or domain name include related boolean optional include targetas associated with a records resolved from the dns record, if any include subdomains boolean optional include records for subdomains of the requested ioc (domain ioc only) output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter links object output field links self object output field self href string output field href data array response data ioc string output field ioc info object output field info active array output field active blocker object output field blocker first identified number unique identifier ioc string output field ioc last used number output field last used domain string output field domain expired boolean output field expired history array output field history blocker object output field blocker first identified number unique identifier ioc string output field ioc last used number output field last used domain string output field domain expired boolean output field expired related records array output field related records bad threatstop com array output field bad threatstop com example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 08 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "value" {} } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 08 dec 2023 20 37 23 gmt notes for more information on threatstop threatstop api documentation https //apidocs threatstop com/docs/platform api/b8b29dd738531 check ioc