ThreatBook API supports all these core use cases for security integration
Enrichment for incident artifacts, security alerts and vulnerability scans
Lookup threat intelligence context for a specific observable, indicator of compromise (IOC), vulnerability, or malware family; to provide supporting evidence for analysts in responding security incidents and/or alerts.
Monitoring for risks and threats
Search for threat intelligence that meets specific filter criteria on a defined watchlist. SOC dashboards can display the latest matches for these monitoring searches. Automated scripts can poll and load matches into workflow and ticketing systems.
Correlation with logs and alerts
Correlate with logs and alerts, automatically raise or lower review priority based on external threat intelligence context, to support fast and accurate verdicts when analysts review an alert or potential incident.
ThreatBook API Functions
Upload and scan files or URLs, obtain scan results and reports based on multi-engine scanning and dynamic sandbox analysis.
Access to samples, scan results and/or reports by providing Hash (MD5, SHA1 or SHA256).
For a given domain name, get a collection of its IP address, Whois and subdomain information, current threat list inclusions, related threat entities and recent activities.
Input an IP address to find out its geolocation, Autonomous System Number (ASN), associated domain, correlated security incidents, threat type and attacker group/organization, etc.