BloxOne Threat Defense
Page tree

Contents

Expand all   Collapse all

GET /api/services/intel/lookup/targets

Returns a list of indicator types.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/targets

Response:

[
"ip",
"host",
"url",
"hash", 
"email"
]

GET /api/services/intel/lookup/sources

Returns a list of Dossier sources.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/sources

Response:

{
 "alexa": true,
 "atp": true,
 "atp_ps": false,
 "dns": true,
 "gcs": true,
 "geo": true,
 "gsb": true,
 "isight": true,
 "malware_analysis": true,
 "pdns": true,
 "ptr": true,
 "rlabs": true,
 "rwhois": true,
 "whois": true
}

GET /api/services/intel/lookup/sources/target/{target_type}

Returns sources that support queries for an indicator type.

Ex: curl –u :”https://api.activetrust.net:8000/api/services/intel/lookup/sources/target/ip

Response:

{
"atp": true, 
"atp_ps": true, 
"gcs": true,
"geo": true,
"gsb": true, 
"isight": true,
"malware_analysis": true, 
"pdns": true,
"ptr": true,
"whois": true
}

GET /api/services/intel/lookup/source/{source}/targets

Returns a list of indicator types supported by a given source. Ex: curl –u <api_key>:

https://api.activetrust.net:8000/api/services/intel/lookup/source/atp/targets

Response:

[
 “ip”,
 “host”, 
 “url”
]

GET /api/services/intel/lookup/indicator/{target_type}

Required parameters:

Value: indicator to search for, Source: source to search.

Optional parameters:

Wait: whether to wait for the lookup to complete – true or false [defaults to false] Start a new Dossier lookup job for a specified indicator and source(s).

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/indicator/host?value=google.com&sour ce=alexa&source=dns&wait=false”

Response:

{
 "status": "pending",
 "job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "job": {
  "id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "state": "created",
  "status": "pending", "create_ts": 1501802999664,
  "create_time": "2017-08-03T23:29:59.664186262Z",
  "pending_tasks": [
   "8e4d8ac5-9772-42f6-8644-0a23fb509870", 
   "6c19c40f-c5c6-4d89-b099-e92b036e92d5"
 ],
 "org": "org",
 "user": "user@test.com"
},
"tasks": {
 "6c19c40f-c5c6-4d89-b099-e92b036e92d5": { 
  "id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
  "state": "created",
  "status": "pending", 
  "create_ts": 1501802999664,
  "create_time": "2017-08-03T23:29:59.664186262Z",
  "params": { 
   "type": "host",
   "target": "google.com",
   "source": "dns"
  }
 },
"8e4d8ac5-9772-42f6-8644-0a23fb509870": {
<status>
  }
 }
}

GET /api/services/intel/lookup/jobs/{job_id}

Returns status of a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4”

Response:

{
 "status": "success",
 "job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", 
 "job": {
  "id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", 
  "state": "completed",
  "status": "success", 
  "create_ts": 1501802999664,
  "create_time": "2017-08-03T23:29:59.664Z",
  "completed_tasks": [
   "8e4d8ac5-9772-42f6-8644-0a23fb509870", 
   "6c19c40f-c5c6-4d89-b099-e92b036e92d5"
 ],
 "org": "org",
 "user": "user@test.com"
},
"tasks": {
 "6c19c40f-c5c6-4d89-b099-e92b036e92d5": { 
  "id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
  "state": "completed", 
  "status": "success", 
  "create_ts": 1501802999664,
  "create_time": "2017-08-03T23:29:59.664Z",
  "start_ts": 1501802999908,
  "start_time": "2017-08-03T23:29:59.908Z", "end_ts": 1501802999960,
  "end_time": "2017-08-03T23:29:59.96Z",
  "params": { "type": "host",
   "target": "google.com",
   "source": "dns"
  }
 },
 "8e4d8ac5-9772-42f6-8644-0a23fb509870": {
  <status>
   }
  }
 }
}

GET /api/services/intel/lookup/jobs/{job_id}/results

Returns results of a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/results”

Response:

  {
   "state": "completed", 
   "status": "success",
   "job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", 
   "results": [
    {
    "task_id": "8e4d8ac5-9772-42f6-8644-0a23fb509870", "params": {
    "type": "host",
    "target": "google.com",
    "source": "alexa"
    },
    "v": "2.0.1",
    "status": "success", 
    "data": {
    <data>
    }
   },
   {
    "task_id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5", 
    "params": {
     "type": "host",
     "target": "google.com",
     "source": "dns"
   },
   "v": "2.0.0",
   "status": "success", 
   "time": 25,
   "data": {
   <data>
   }
  }
 ]
}

 

GET /api/services/intel/lookup/jobs/{job_id}/tasks/{task_id}

Returns status of a single task in a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/tasks/6c19c40f-c5c6-4d89-b099-e92b036e92d5”

Response:

{
"state": "completed", "status": "success", "task": {
"id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
"state": "completed", "status": "success", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664Z",
"start_ts": 1501802999908,
"start_time": "2017-08-03T23:29:59.908Z", "end_ts": 1501802999960,
"end_time": "2017-08-03T23:29:59.96Z",
"params": { "type": "host",
"target": "google.com",
"source": "dns"
}
}
}

GET /api/services/intel/lookup/jobs/{job_id}/tasks/{task_id}/results

Returns results of a single task in a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/tasks/6c19c40f-c5c6-4d89-b099-e92b036e92d5/results”

Response:

{
 "state": "completed", 
 "status": "success",  
 "task": {
  "id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
  "state": "completed", 
  "status": "success", 
  "create_ts": 1501802999664,
  "create_time": "2017-08-03T23:29:59.664Z",
  "start_ts": 1501802999908,
  "start_time": "2017-08-03T23:29:59.908Z", 
  "end_ts": 1501802999960,
  "end_time": "2017-08-03T23:29:59.96Z",
  "params": { 
   "type": "host",
   "target": "google.com",
   "source": "dns"
  }
 }
}

GET /api/services/intel/lookup/jobs/{job_id}/tasks/{task_id}/results

Returns results of a single task in a Dossier lookup job.

Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/tasks/6c19c40f-c5c6-4d89-b099-e92b036e92d5/results”

Response:

 {
  "state": "completed", 
  "status": "success", 
  "results": {
   "task_id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5", 
   "params": {
    "type": "host",
    "target": "google.com",
    "source": "dns"
  },
  "v": "2.0.0",
  "status": "success", "time": 25,
  "data": {
  <data>
  }
 }
}

POST /api/services/intel/lookup/jobs

Optional: "wait" boolean parameter (ie /api/services/intel/lookup/jobs?wait=true)

The "list" call is essentially able to create many dossier calls in a single API call. All the target/source pairs will receive a unique task ID, but they will all fall under a single job ID.

 Ex: curl -u <api_key> -x POST "https://api.activetrust.net:8000/api/services/intel/lookup/jobs- d


'{
   "target":
   {
     "list":
     [
     { "type": "host",
       "target": "google.com",
       "sources":["dns", "alexa"]
     },
     { "type": "host",
       "target": "facebook.com",
       "sources":["alexa"]
     }
     ]
   }
 }'


Response:

{
  "status": "pending",
  "job_id": "f910c608-f82f-4942-8cd1-c38f8f2e71ae",
  "job": {
    "id": "f910c608-f82f-4942-8cd1-c38f8f2e71ae",
    "state": "created",
    "status": "pending",
    "create_ts": 1549494579199,
    "create_time": "2019-02-06T23:09:39.199492581Z",
    "start_ts": 1549494579199,
    "start_time": "2019-02-06T23:09:39.199492581Z",
    "request_ttl": 0,
    "result_ttl": 3600,
    "pending_tasks": [
      "b8cfcfee-37e2-44df-9bc1-cd8cfe261ac7",
      "4af000e6-4b32-439d-8aa5-a0f39c924c4b",
      "71c90b83-8056-4e8d-979b-dfafc9ff4441"
    ],
    "org": "org",
    "user": "user@test.com",
    "tasks_tbc": 0
  },
  "tasks": {
    "4af000e6-4b32-439d-8aa5-a0f39c924c4b": {
      "id": "4af000e6-4b32-439d-8aa5-a0f39c924c4b",
      "state": "created",
      "status": "pending",
      "create_ts": 1549494579199,
      "create_time": "2019-02-06T23:09:39.199492581Z",
      "params": {
        "type": "host",
        "target": "google.com",
        "source": "alexa"
      },
      "results": null
    },
    "71c90b83-8056-4e8d-979b-dfafc9ff4441": {
      "id": "71c90b83-8056-4e8d-979b-dfafc9ff4441",
      "state": "created",
      "status": "pending",
      "create_ts": 1549494579199,
      "create_time": "2019-02-06T23:09:39.199492581Z",
      "params": {
        "type": "host",
        "target": "facebook.com",
        "source": "alexa"
      },
      "results": null
    },
    "b8cfcfee-37e2-44df-9bc1-cd8cfe261ac7": {
      "id": "b8cfcfee-37e2-44df-9bc1-cd8cfe261ac7",
      "state": "created",
      "status": "pending",
      "create_ts": 1549494579199,
      "create_time": "2019-02-06T23:09:39.199492581Z",
      "params": {
        "type": "host",
        "target": "google.com",
        "source": "dns"
      },
      "results": null
    }
  }
}

POST /api/services/intel/lookup/jobs

Optional:  "wait" boolean parameter (ie /api/services/intel/lookup/jobs?wait=true)

The "group" call is used to specify an array of targets in a single API call with a single source list. Each target/source pair will receive its own task ID (the same as how a single target with many sources will create a list of tasks) but it will still fall under a single job ID.

 Ex: curl -u <api_key> -x POST "https://api.activetrust.net:8000/api/services/intel/lookup/jobs -d

'{
  "target":
  { "group":
    { "type": "host",
      "targets": [
        "youtube.com",
        "reddit.com"
      ],
      "sources":["alexa", "dns"]
    }
  }
}'


Response:

{
  "status": "pending",
  "job_id": "98333283-db35-4e3d-b1d3-a5f389afdca2",
  "job": {
    "id": "98333283-db35-4e3d-b1d3-a5f389afdca2",
    "state": "created",
    "status": "pending",
    "create_ts": 1549494557426,
    "create_time": "2019-02-06T23:09:17.426577405Z",
    "start_ts": 1549494557426,
    "start_time": "2019-02-06T23:09:17.426577405Z",
    "request_ttl": 0,
    "result_ttl": 3600,
    "pending_tasks": [
      "41e2207e-8965-4e8f-9489-b318f2cdbc89",
      "b062fa5d-8b90-4b6e-bb85-d6dd14c64a3a",
      "9ed07d83-e929-4088-97e5-91d2c6e9cd0c",
      "866e95e6-f0a9-4bf7-8740-868c13ae7b6a"
    ],
    "org": "org",
    "user": "user@test.com",
    "tasks_tbc": 0
  },
  "tasks": {
    "41e2207e-8965-4e8f-9489-b318f2cdbc89": {
      "id": "41e2207e-8965-4e8f-9489-b318f2cdbc89",
      "state": "created",
      "status": "pending",
      "create_ts": 1549494557426,
      "create_time": "2019-02-06T23:09:17.426577405Z",
      "params": {
        "type": "host",
        "target": "youtube.com",
        "source": "alexa"
      },
      "results": null
    },
    "866e95e6-f0a9-4bf7-8740-868c13ae7b6a": {
      "id": "866e95e6-f0a9-4bf7-8740-868c13ae7b6a",
      "state": "created",
      "status": "pending",
      "create_ts": 1549494557426,
      "create_time": "2019-02-06T23:09:17.426577405Z",
      "params": {
        "type": "host",
        "target": "reddit.com",
        "source": "gcs"
      },
      "results": null
    },
    "9ed07d83-e929-4088-97e5-91d2c6e9cd0c": {
      "id": "9ed07d83-e929-4088-97e5-91d2c6e9cd0c",
      "state": "created",
      "status": "pending",
      "create_ts": 1549494557426,
      "create_time": "2019-02-06T23:09:17.426577405Z",
      "params": {
        "type": "host",
        "target": "reddit.com",
        "source": "alexa"
      },
      "results": null
    },
    "b062fa5d-8b90-4b6e-bb85-d6dd14c64a3a": {
      "id": "b062fa5d-8b90-4b6e-bb85-d6dd14c64a3a",
      "state": "created",
      "status": "pending",
      "create_ts": 1549494557426,
      "create_time": "2019-02-06T23:09:17.426577405Z",
      "params": {
        "type": "host",
        "target": "youtube.com",
        "source": "gcs"
      },
      "results": null
    }
  }
}



  • No labels

This page has no comments.

© 2020 Infoblox. All rights reserved.        Feedback        Terms & Conditions        Legal        Privacy Policy