ThreatSTOP

14 min

the threatstop connector includes the check ioc feature, allowing users to lookup ip addresses and domains against their extensive database of malware related iocs prerequisites the threatstop asset requires an url and an api key to interact with the api capabilities this connector provides the following capabilities check ioc (multiple) get check ioc (single) notes for more information on threatstop https //apidocs threatstop com/docs/platform api/b8b29dd738531 check ioc configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions check ioc multiple the post version of the check ioc service can check for up to 10 iocs in the same http request endpoint url /v4 0/check ioc method post input argument name type required description iocs array optional parameter for check ioc multiple iocs ioc string optional ip address or domain name input example {"json body" {"iocs" \[{"ioc" "www example com"},{"ioc" "www example net"}]}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data info object response data data info active array response data data info active last used number response data data info active blocker object response data data info active blocker last update number response data data info active blocker description string response data data info active blocker short description string response data data info active blocker name string response data data info active blocker danger level number response data data info active blocker public description string response data data info active blocker match type string response data data info active first identified number response data data info active ioc string response data data info active domain string response data data info active address string response data data info history array response data data info history last used number response data data info history blocker object response data data info history blocker public description string response data data info history blocker last update number response data data info history blocker description string response data data info history blocker short description string response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 08 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {" data" \[{}]," links" {"self" {}}," meta" {"disclaimer" "string","request id" "string"}}} get check ioc (single) this operation retrieve the threat intelligence from threatstop's database for the ioc passed as argument ip address or dns record endpoint url /v4 0/check ioc method get input argument name type required description parameters ioc string required ip address or domain name parameters include related boolean optional include targetas associated with a records resolved from the dns record, if any parameters include subdomains boolean optional include records for subdomains of the requested ioc (domain ioc only) input example {"parameters" {"ioc" "bad threatstop com","include related"\ false,"include subdomains"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase value object value for the parameter value links object value for the parameter value links self object value for the parameter value links self href string value for the parameter value data array response data value data ioc string response data value data info object response data value data info active array response data value data info active blocker object response data value data info active first identified number response data value data info active ioc string response data value data info active last used number response data value data info active domain string response data value data info active expired boolean response data value data info history array response data value data info history blocker object response data value data info history first identified number response data value data info history ioc string response data value data info history last used number response data value data info history domain string response data value data info history expired boolean response data value data info related records array response data value data info related records bad threatstop com array response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 08 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"value" {" links" {}," data" \[]," metadata" {}}}} response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 08 dec 2023 20 37 23 gmt