GET STARTED

API Overview

Authentication

COMMUNITY API

GET/POST

IP Report

PREMIUM API

GET/POST

Compromise Detection

GET/POST

IP Intelligence

GET/POST

Domain Intelligence

APPENDIX

Intelligence Type

Code and Messages

API Overview

ThreatBook intelligence API relies on the powerful data collection capabilities of the ThreatBook Security Cloud, combined with independently developed core intelligence production systems, including dozens of different extraction methods, to quickly and automatically produce high-coverage, high-fidelity, and context-rich intelligence data.

Currently, ThreatBook Security Cloud has accumulated many kinds of data, including:

  • Basic data for hundreds of billions of domain names, including millions of new domain names added daily.
  • Billions of malicious samples, including millions of new malicious samples are added daily.
  • Real-time detection and analysis of all IPv4 and IPv6 addresses on the Internet.
  • Globally active hacker C&C (command and control) intelligence tracked, etc.

We also track over 200 APT (advanced persistent threat) organizations, as well as large-scale black market organizations, monitored for the latest attack activities related to them.

ThreatBook Intelligence APIs can provide the following unique value for various types of businesses:

  • Compromise Detection

    Accurately detecting the threats of office terminals and servers in production network or DMZ that may have been compromised due to coin mining, ransomware, backdoor, and APT attacks,etc. ThreatBook intelligence can help enterprises to quickly respond to threats.

  • Security Alert Noise Reduction

    Reducing false alerts and discovering real security incidents by extracting domains or IP addresses from logs collected by SOC or SIEM, etc., to detect or investigate them. One of the main benefits of threat intelligence is its ability to help organizations prioritize their security efforts. With so many potential threats to monitor, it can be difficult for SOC teams to know where to focus their attention. By providing insight into the most pressing threats and up to 99.9% high-fidelity intelligence, it enables organizations to allocate their resources more efficiently, and respond more quickly and effectively to security incidents. This can help minimize the impact of a security breach and reduce the risk of data loss or other damage.

  • IP Reputation Identification

    Not only providing the capability to accurately identify whether the suspicious IP is a risk of scanning, vulnerability exploitation, botnet, etc. but also provides further attributes such as gateway, IDC, CDN, etc., which better conform to your business needs to respond to external threats.

ContactUs