Contents
Dossier (Legacy) Data Provider Returns
Dossier (Legacy) aggregates threat data from multiple partners in order to generate a full report.
The following sections will provide a brief description of what information is retrieved, and display the expected return data from each Dossier (Legacy) provider in JSON format. Key names are what can be expected in request response, and the key’s value is the data type that can be expected.
GET /api/services/intel/lookup/targets
Returns a list of indicator types.
Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/targets”
Response:
[ "ip", "host", "url", "hash", "email" ]
GET /api/services/intel/lookup/sources
Returns a list of Dossier sources.
Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/sources”
Response:
{
"alexa": true,
"atp": true,
"atp_ps": false,
"dns": true,
"gcs": true,
"geo": true,
"gsb": true,
"isight": true,
"malware_analysis": true,
"pdns": true,
"ptr": true,
"rlabs": true,
"rwhois": true,
"whois": true
}
GET /api/services/intel/lookup/sources/target/{target_type}
Returns sources that support queries for an indicator type.
Ex: curl –u :”https://api.activetrust.net:8000/api/services/intel/lookup/sources/target/ip”
Response:
{
"atp": true,
"atp_ps": true,
"gcs": true,
"geo": true,
"gsb": true,
"isight": true,
"malware_analysis": true,
"pdns": true,
"ptr": true,
"whois": true
}
GET /api/services/intel/lookup/source/{source}/targets
Return a list of indicator types supported by a given source. Ex: curl –u <api_key>:
“https://api.activetrust.net:8000/api/services/intel/lookup/source/atp/targets”
Response:
[
“ip”,
“host”, “url”
]
GET /api/services/intel/lookup/indicator/{target_type}
Required parameters:
Value: indicator to search for, Source: source to search.
Optional parameters:
Wait: whether to wait for the lookup to complete – true or false [defaults to false] Start a new Dossier lookup job for a specified indicator and source(s).
Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/indicator/host?value=google.com&sour ce=alexa&source=dns&wait=false”
Response:
{
"status": "pending",
"job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "job": {
"id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "state": "created",
"status": "pending", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664186262Z",
"pending_tasks": [
"8e4d8ac5-9772-42f6-8644-0a23fb509870", "6c19c40f-c5c6-4d89-b099-e92b036e92d5"
],
"org": "org",
"user": "user@test.com"
},
"tasks": {
"6c19c40f-c5c6-4d89-b099-e92b036e92d5": { "id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
"state": "created",
"status": "pending", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664186262Z",
"params": { "type": "host",
"target": "google.com",
"source": "dns"
}
},
"8e4d8ac5-9772-42f6-8644-0a23fb509870": {
<status>
}
}
}
GET /api/services/intel/lookup/jobs/{job_id}
Returns status of a Dossier lookup job.
Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4”
Response:
{
"status": "success",
"job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "job": {
"id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "state": "completed",
"status": "success", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664Z",
"completed_tasks": [
"8e4d8ac5-9772-42f6-8644-0a23fb509870", "6c19c40f-c5c6-4d89-b099-e92b036e92d5"
],
"org": "org",
"user": "user@test.com"
},
"tasks": {
"6c19c40f-c5c6-4d89-b099-e92b036e92d5": { "id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
"state": "completed", "status": "success", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664Z",
"start_ts": 1501802999908,
"start_time": "2017-08-03T23:29:59.908Z", "end_ts": 1501802999960,
"end_time": "2017-08-03T23:29:59.96Z",
"params": { "type": "host",
"target": "google.com",
"source": "dns"
}
},
"8e4d8ac5-9772-42f6-8644-0a23fb509870": {
<status>
}
}
}
}
GET /api/services/intel/lookup/jobs/{job_id}/results
Returns results of a Dossier lookup job.
Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/results”
Response:
{
"state": "completed", "status": "success",
"job_id": "aef7e05a-42c6-45f2-9be4-02139caf31a4", "results": [
{
"task_id": "8e4d8ac5-9772-42f6-8644-0a23fb509870", "params": {
"type": "host",
"target": "google.com",
"source": "alexa"
},
"v": "2.0.1",
"status": "success", "data": {
<data>
}
},
{
"task_id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5", "params": {
"type": "host",
"target": "google.com",
"source": "dns"
},
"v": "2.0.0",
"status": "success", "time": 25,
"data": {
<data>
}
}
]
}
GET /api/services/intel/lookup/jobs/{job_id}/tasks/{task_id}
Returns status of a single task in a Dossier lookup job.
Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/tasks/6c19c40f-c5c6-4d89-b099-e92b036e92d5”
Response:
{
"state": "completed", "status": "success", "task": {
"id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5",
"state": "completed", "status": "success", "create_ts": 1501802999664,
"create_time": "2017-08-03T23:29:59.664Z",
"start_ts": 1501802999908,
"start_time": "2017-08-03T23:29:59.908Z", "end_ts": 1501802999960,
"end_time": "2017-08-03T23:29:59.96Z",
"params": { "type": "host",
"target": "google.com",
"source": "dns"
}
}
}
GET /api/services/intel/lookup/jobs/{job_id}/tasks/{task_id}/results
Returns results of a single task in a Dossier lookup job.
Ex: curl –u <api_key>: “https://api.activetrust.net:8000/api/services/intel/lookup/jobs/aef7e05a- 42c6-45f2-9be4-02139caf31a4/tasks/6c19c40f-c5c6-4d89-b099-e92b036e92d5/results”
Response:
{
"state": "completed", "status": "success", "results": {
"task_id": "6c19c40f-c5c6-4d89-b099-e92b036e92d5", "params": {
"type": "host",
"target": "google.com",
"source": "dns"
},
"v": "2.0.0",
"status": "success", "time": 25,
"data": {
<data>
}
}
}
This page has no comments.