Malware Intelligence: Query by IOCs

post

https://api.recordedfuture.com/malware-intelligence/v1/query_iocs

Find sandbox artifacts by matching against lists of known IOCs instead of query expressions.

Body Params

sha256_list

array of strings

Lists of indicators of compromise (IOCs) grouped by type.

sha256_list

ip_list

array of strings

Lists of indicators of compromise (IOCs) grouped by type.

ip_list

domain_list

array of strings

Lists of indicators of compromise (IOCs) grouped by type.

domain_list

url_list

array of strings

Lists of indicators of compromise (IOCs) grouped by type.

url_list

field

string

enum

required

Field of Malware Intelligence data to return data for

operator

string

enum

Defaults to and

Query operator for building malware intelligence search expressions.

Allowed:

start_date

date

required

Earliest date to include in the query (cannot be before 2023-11-01)

end_date

date

Latest date to include in the query, defaults to today in UTC

my_enterprise

boolean

Only include samples submitted by your enterprise in the query (defaults to false)

page

integer

Page number to return. Pages are zero-indexed. (Defaults to 0)

sandbox_score

boolean

Include sandbox score in the response

links

boolean

Include universal report and intelligence card URLs in the response

sanitize

boolean

Whether to sanitize returned results. When omitted the service will default to false.

Response

Language

Credentials

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200List of 'field' values matching the query with given lists