Page tree

Contents

Dossier (Legacy) Data Provider Returns

Dossier (Legacy) aggregates threat data from multiple partners in order to generate a full report.

The following sections will provide a brief description of what information is retrieved, and display the expected return data from each Dossier (Legacy) provider in JSON format. Key names are what can be expected in request response, and the key’s value is the data type that can be expected.

GET /api/services/intel/lookup/targets

Returns a list of indicator types.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/targets

Response:

[
"ip",
"host",
"url",
"hash", "email"
]

GET /api/services/intel/lookup/sources

Returns a list of Dossier sources.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/sources

Response:

{
 "alexa": true,
 "atp": true,
 "atp_ps": false,
 "dns": true,
 "gcs": true,
 "geo": true,
 "gsb": true,
 "isight": true,
 "malware_analysis": true,
 "pdns": true,
 "ptr": true,
 "rlabs": true,
 "rwhois": true,
 "sdf": true,
 "whois": true
}

GET /api/services/intel/lookup/sources/target/{target_type}

Returns sources that support queries for an indicator type.

Ex: curl –u :”https://api.activetrust.net:8000/api/services/intel/lookup/sources/target/ip

Response:

{
"atp": true, 
"atp_ps": true, 
"gcs": true,
"geo": true,
"gsb": true, 
"isight": true,
"malware_analysis": true, 
"pdns": true,
"ptr": true,
"sdf": true, 
"whois": true
}

GET /api/services/intel/lookup/source/{source}/targets

Return a list of indicator types supported by a given source. Ex: curl –u <api_key>:

https://api.activetrust.net:8000/api/services/intel/lookup/source/atp/targets

Response:

[
“ip”,
“host”, “url”
]

GET /api/services/intel/lookup/indicator/{target_type}

Required parameters:

Value: indicator to search for, Source: source to search.

Optional parameters:

Wait: whether to wait for the lookup to complete – true or false [defaults to false] Start a new Dossier lookup job for a specified indicator and source(s).

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/indicator/host?value=google.com&sour ce=alexa&source=dns&wait=false”

Response:

{
"status": "pending",
"job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "job": {
"id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "state": "created",
"status": "pending", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664186262Z",
"pending_tasks": [
"8e4d8ac5-9772-42f6-8644-0a23fb509870", "6c19c40f-c5c6-4d89-b099-e92b036e92d5"
],
"org": "org",
"user": "user@test.com"
},
"tasks": {
"6c19c40f-c5c6-4d89-b099-e92b036e92d5": { "id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
"state": "created",
"status": "pending", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664186262Z",
"params": { "type": "host",
"target": "google.com",
"source": "dns"
}
},
"8e4d8ac5-9772-42f6-8644-0a23fb509870": {
<status>
}
}
}

GET /api/services/intel/lookup/jobs/{job_id}

Returns status of a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4”

Response:

{
"status": "success",
 "job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "job": {
 "id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "state": "completed",
 "status": "success", "create_ts": 1501802999664,
 "create_time": "2017-08-03T23:29:59.664Z",
 "completed_tasks": [
 "8e4d8ac5-9772-42f6-8644-0a23fb509870", "6c19c40f-c5c6-4d89-b099-e92b036e92d5"
 ],
 "org": "org",
 "user": "user@test.com"
 },
 "tasks": {
 "6c19c40f-c5c6-4d89-b099-e92b036e92d5": { "id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
 "state": "completed", "status": "success", "create_ts": 1501802999664,
 "create_time": "2017-08-03T23:29:59.664Z",
 "start_ts": 1501802999908,
 "start_time": "2017-08-03T23:29:59.908Z", "end_ts": 1501802999960,
 "end_time": "2017-08-03T23:29:59.96Z",
 "params": { "type": "host",
 "target": "google.com",
 "source": "dns"
 }
 },
 "8e4d8ac5-9772-42f6-8644-0a23fb509870": {
 <status>
 }
 }
 }
 }

GET /api/services/intel/lookup/jobs/{job_id}/results

Returns results of a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/results”

Response:

{
"state": "completed", "status": "success",
"job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "results": [
{
"task_id": "8e4d8ac5-9772-42f6-8644-0a23fb509870", "params": {
"type": "host",
"target": "google.com",
"source": "alexa"
},
"v": "2.0.1",
"status": "success", "data": {
<data>
}
},
{
"task_id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5", "params": {
"type": "host",
"target": "google.com",
"source": "dns"
},
"v": "2.0.0",
"status": "success", "time": 25,
"data": {
<data>
}
}
]
}

GET /api/services/intel/lookup/jobs/{job_id}/tasks/{task_id}

Returns status of a single task in a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/tasks/6c19c40f-c5c6-4d89-b099-e92b036e92d5”

Response:

{
"state": "completed", "status": "success", "task": {
"id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
"state": "completed", "status": "success", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664Z",
"start_ts": 1501802999908,
"start_time": "2017-08-03T23:29:59.908Z", "end_ts": 1501802999960,
"end_time": "2017-08-03T23:29:59.96Z",
"params": { "type": "host",
"target": "google.com",
"source": "dns"
}
}
}

GET /api/services/intel/lookup/jobs/{job_id}/tasks/{task_id}/results

Returns results of a single task in a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/tasks/6c19c40f-c5c6-4d89-b099-e92b036e92d5/results”

Response:

{
"state": "completed", "status": "success", "results": {
"task_id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5", "params": {
"type": "host",
"target": "google.com",
"source": "dns"
},
"v": "2.0.0",
"status": "success", "time": 25,
"data": {
<data>
}
}
}

  • No labels

This page has no comments.