Cymon API v2

Open Threat Intelligence API by eSentire.

You can play with the live API over at docs.cymon.apiary.io.

The focus of the new release is to create a platform for collecting and distributing IOC feeds. We hope it will lower the barrier for using threat intel data, by offering many export formats for various security and network devices.

New features include:

  • Users can create their own feeds

  • Feeds can be public or only shared with specific users

  • Feeds can have any number of Guests, Members and Admins

    • Guests have read-only access
    • Members can submit IoCs
    • Admins can change feed settings
  • IoC and Feed objects can have any number of tags

  • Bulk write and export API

  • Multiple export formats, such as Carbon Black

  • Powerful search API powered by Elasticsearch

The API is available for early adopters. Get in touch if you have comments: yo@cymon.io

Documentation for version 1 of the API is available here

Authentication

  • This API uses JWT for authentication,

  • Every token MUST be refreshed before its expiration time,

  • Token MUST be provided in Authorization header,

  • Toke MUST be provided for each request that requires authentication,

Example Header

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhNnZoQW8zRkc3dDEiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE0NzA1OTg5NzIsImV4cCI6MTQ3MDY4NTM3Mn0.ltA9zZmJKszBJuuV7pTWtY7LzLXrRUfebJDhy_jGMeM

Claims

  • exp - The exp ( expiration time ) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.

  • iat - The iat ( issued at ) claim identifies the time at which the JWT was issued.

Pagination

Cymon API uses “Limit-Offset” pagination. The client includes both a size and from query parameters. The size indicates the maximum number of items to return. The minimum size is 3; max limit size is 10 for unauthoenticated user, and 100 for authenticated users. The from indicates the starting position of the query in relation to the complete set of unpaginated items.

The API will not return results beyond ?from=1000 to help maintain the service’s health (bulk API access is available to partners).

Auth

Login

Authenticate with username and password to get a JSON Web Token.

POST https://api.cymon.io/v2/auth/login
Requestsexample 1
Headers
Content-Type: application/json
Body
{
  "username": "myuser",
  "password": "mypass"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "username": {
      "type": "string",
      "description": "User email address"
    },
    "password": {
      "type": "string",
      "description": "User password"
    }
  },
  "required": [
    "username",
    "password"
  ]
}
Responses200
Headers
Content-Type: application/json
Body
{
  "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9....",
  "message": "token granted"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "jwt": {
      "type": "string",
      "description": "JSON Web Token."
    },
    "message": {
      "type": "string",
      "description": "Success message."
    }
  }
}

Create Session
POST/auth/login


Search by IP

Search threat reports by IP address (IPv4 and IPv6).

GET https://api.cymon.io/v2/ioc/search/ip/209.90.88.140?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by IP
GET/ioc/search/ip/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: 209.90.88.140

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by Domain

Search threat reports by domain name.

GET https://api.cymon.io/v2/ioc/search/domain/5gbfree.com?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by Domain
GET/ioc/search/domain/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: 5gbfree.com

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by Hostname

Search threat reports by hostname.

GET https://api.cymon.io/v2/ioc/search/hostname/kamadenlai.5gbfree.com?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by Hostname
GET/ioc/search/hostname/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: kamadenlai.5gbfree.com

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by MD5

Search threat reports by MD5 hash.

GET https://api.cymon.io/v2/ioc/search/md5/86845ea1079ea26ecac6115ba6f4a66e?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by MD5
GET/ioc/search/md5/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: 86845ea1079ea26ecac6115ba6f4a66e

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by SHA1

Search threat reports by SHA1 hash.

GET https://api.cymon.io/v2/ioc/search/sha1/736a602300a0476b738a53ee7feb5f9bfabca1b0?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by SHA1
GET/ioc/search/sha1/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: 736a602300a0476b738a53ee7feb5f9bfabca1b0

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by SHA256

Search threat reports by SHA256 hash.

GET https://api.cymon.io/v2/ioc/search/sha256/91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by SHA256
GET/ioc/search/sha256/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: 91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by SSDEEP

Search threat reports by SSDEEP hash.

GET https://api.cymon.io/v2/ioc/search/ssdeep/393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by SSDEEP
GET/ioc/search/ssdeep/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: 393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by Term

Search threat reports by a term.

GET https://api.cymon.io/v2/ioc/search/term/facebook?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by term
GET/ioc/search/term/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: facebook

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Search by Feed ID

Get threat reports in a feed.

GET https://api.cymon.io/v2/ioc/search/feed/AVsGgHRIVjrVcoBZyoiV?startDate=2017-03-25&endDate=2017-03-29&from=0&size=3
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 3,
  "hits": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "hits": {
      "type": "array"
    }
  }
}

Search by Feed ID
GET/ioc/search/feed/{value}{?startDate,endDate,from,size}

URI Parameters
HideShow
value
string (required) Example: AVsGgHRIVjrVcoBZyoiV

The query value to search for.

startDate
string (optional) Example: 2017-03-25

The start date for searching.

endDate
string (optional) Example: 2017-03-29

The end date for searching.

from
number (optional) Example: 0

The offset to use for pagination.

size
number (optional) Example: 3

The limit to use for pagination.


Feeds

List

Get paginated list of feeds.

GET https://api.cymon.io/v2/feeds?from=0&privacy=public
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 10,
  "feeds": [
    {
      "id": "AVsGgJR4VjrVcoBZyoiZ",
      "name": "feodotracker.abuse.ch",
      "slug": "feodotracker.abuse.ch",
      "description": "Hello, world!",
      "link": "https://feodotracker.abuse.ch",
      "tos": "Hello, world!",
      "logo": "Hello, world!",
      "privacy": "public",
      "tags": [],
      "is_owner": false,
      "is_admin": false,
      "is_member": false,
      "is_guest": false
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "feeds": {
      "type": "array"
    }
  }
}

List All Feeds
GET/feeds{?from,privacy}

URI Parameters
HideShow
from
number (optional) Example: 0

The offset to use for pagination

privacy
string (optional) Example: public

Return list of private or public feeds


List User Feeds

Get paginated list of feeds that user has access to.

GET https://api.cymon.io/v2/feeds/me
Requestsexample 1
Headers
Content-Type: application/json
Authorization: Bearer <token>
Responses200
Headers
Content-Type: application/json
Body
{
  "total": 1,
  "from": 0,
  "size": 10,
  "feeds": [
    {
      "id": "AVsGgJR4VjrVcoBZyoiZ",
      "name": "feodotracker.abuse.ch",
      "slug": "feodotracker.abuse.ch",
      "description": "Hello, world!",
      "link": "https://feodotracker.abuse.ch",
      "tos": "Hello, world!",
      "logo": "Hello, world!",
      "privacy": "public",
      "tags": [],
      "is_owner": false,
      "is_admin": false,
      "is_member": false,
      "is_guest": false
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "total": {
      "type": "number",
      "description": "Total number of objects in database for query"
    },
    "from": {
      "type": "number",
      "description": "The query offset value"
    },
    "size": {
      "type": "number",
      "description": "The query limit value for how many objects to return"
    },
    "feeds": {
      "type": "array"
    }
  }
}

User Feeds
GET/feeds/me


Get Feed

Get feed object.

GET https://api.cymon.io/v2/feeds/AVsGgJR4VjrVcoBZyoiZ
Responses200404
Headers
Content-Type: application/json
Body
{
  "id": "AVsGgJR4VjrVcoBZyoiZ",
  "name": "feodotracker.abuse.ch",
  "slug": "feodotracker.abuse.ch",
  "description": "Hello, world!",
  "link": "https://feodotracker.abuse.ch",
  "tos": "Hello, world!",
  "logo": "Hello, world!",
  "privacy": "public",
  "tags": [],
  "is_owner": false,
  "is_admin": false,
  "is_member": false,
  "is_guest": false
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Feed ID"
    },
    "name": {
      "type": "string",
      "description": "Feed name"
    },
    "slug": {
      "type": "string",
      "description": "URL-friendly slug"
    },
    "description": {
      "type": "string",
      "description": "Feed description text"
    },
    "link": {
      "type": "string",
      "description": "URL for blog or website where users can learn more about this feed"
    },
    "tos": {
      "type": "string",
      "description": "Terms of Use for this feed"
    },
    "logo": {
      "type": "string",
      "description": "URL for small thumbnail for this feed (must be hosted on imgur CDN: `https://i.imgur.com/img-id`)"
    },
    "privacy": {
      "type": "string",
      "description": "Can be set to either `private` or `public` (default)"
    },
    "tags": {
      "description": "List of tags to categorize and help others find this feed"
    },
    "is_owner": {
      "type": "boolean",
      "description": "Boolean indicating if current user owns this feed"
    },
    "is_admin": {
      "type": "boolean",
      "description": "Boolean indicating if current user can administer this feed"
    },
    "is_member": {
      "type": "boolean",
      "description": "Boolean indicating if current user can contribute to this feed"
    },
    "is_guest": {
      "type": "boolean",
      "description": "Boolean indicating if current user can read from this feed"
    }
  }
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[404] resource not found"
}

Get Feed Details
GET/feeds/{feed_id}

URI Parameters
HideShow
feed_id
string (required) Example: AVsGgJR4VjrVcoBZyoiZ

ID of the feed


Get Report

Get threat report from feed.

GET https://api.cymon.io/v2/feeds/AVsGXwEZVjrVcoBZyoh3/7ad90fec880e914e2f92f677c9f2f9ca644267178f50e2610781fb6693341997
Responses200404
Headers
Content-Type: application/json
Body
{
  "feed": {
    "id": "AVsGgJR4VjrVcoBZyoiZ",
    "name": "feodotracker.abuse.ch",
    "slug": "feodotracker.abuse.ch",
    "description": "Hello, world!",
    "link": "https://feodotracker.abuse.ch",
    "tos": "Hello, world!",
    "logo": "Hello, world!",
    "privacy": "public",
    "tags": [],
    "is_owner": false,
    "is_admin": false,
    "is_member": false,
    "is_guest": false
  },
  "report": {
    "feed_id": "AVsGgHRIVjrVcoBZyoiV",
    "feed": "OpenPhish",
    "title": "Phishing campaign targeting Facebook, Inc.",
    "description": "Hello, world!",
    "tags": [],
    "timestamp": "2017-06-10T17:56:57.000Z",
    "ioc": {
      "ip": "209.90.88.140",
      "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
      "hostname": "kamadenlai.5gbfree.com",
      "domain": "5gbfree.com",
      "md5": "86845ea1079ea26ecac6115ba6f4a66e",
      "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
      "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
      "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
    },
    "reported_by": "cymon",
    "location": {
      "country": "US",
      "city": "Orem",
      "point": {
        "lat": 40.2968,
        "lon": -111.6761
      }
    }
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "feed": {
      "type": "object",
      "properties": {
        "id": {
          "type": "string",
          "description": "Feed ID"
        },
        "name": {
          "type": "string",
          "description": "Feed name"
        },
        "slug": {
          "type": "string",
          "description": "URL-friendly slug"
        },
        "description": {
          "type": "string",
          "description": "Feed description text"
        },
        "link": {
          "type": "string",
          "description": "URL for blog or website where users can learn more about this feed"
        },
        "tos": {
          "type": "string",
          "description": "Terms of Use for this feed"
        },
        "logo": {
          "type": "string",
          "description": "URL for small thumbnail for this feed (must be hosted on imgur CDN: `https://i.imgur.com/img-id`)"
        },
        "privacy": {
          "type": "string",
          "description": "Can be set to either `private` or `public` (default)"
        },
        "tags": {
          "description": "List of tags to categorize and help others find this feed"
        },
        "is_owner": {
          "type": "boolean",
          "description": "Boolean indicating if current user owns this feed"
        },
        "is_admin": {
          "type": "boolean",
          "description": "Boolean indicating if current user can administer this feed"
        },
        "is_member": {
          "type": "boolean",
          "description": "Boolean indicating if current user can contribute to this feed"
        },
        "is_guest": {
          "type": "boolean",
          "description": "Boolean indicating if current user can read from this feed"
        }
      }
    },
    "report": {
      "type": "object",
      "properties": {
        "feed_id": {
          "type": "string",
          "description": "The Feed ID"
        },
        "feed": {
          "type": "string",
          "description": "The Feed name"
        },
        "title": {
          "type": "string",
          "description": "Short report title"
        },
        "description": {
          "type": "string",
          "description": "Long technical description"
        },
        "tags": {
          "description": "List of tags to categorize and help others find this report"
        },
        "timestamp": {
          "type": "string",
          "description": "An ISO8601 date string for when this IoC was observed"
        },
        "ioc": {
          "type": "object",
          "properties": {
            "ip": {
              "type": "string",
              "description": "IPv4 or IPv6"
            },
            "url": {
              "type": "string",
              "description": "Malicious URL indicator"
            },
            "hostname": {
              "type": "string",
              "description": "Domain with all subdomains"
            },
            "domain": {
              "type": "string",
              "description": "Root domain"
            },
            "md5": {
              "type": "string",
              "description": "MD5 hash of a malicious binary"
            },
            "sha1": {
              "type": "string",
              "description": "SHA1 hash of a malicious binary"
            },
            "sha256": {
              "type": "string",
              "description": "SHA256 hash of a malicious binary"
            },
            "ssdeep": {
              "type": "string",
              "description": "SSDEEP hash of a malicious binary"
            }
          },
          "description": "Object with observables. The following keys are supported: `ip`, `hostname`, `domain`, `url`, `md5`, `sha1`, `sha256`, `ssdeep`."
        },
        "reported_by": {
          "type": "string",
          "description": "The username of the person who submitted the report"
        },
        "location": {
          "type": "object",
          "properties": {
            "country": {
              "type": "string",
              "description": "Country code"
            },
            "city": {
              "type": "string",
              "description": "City name"
            },
            "point": {
              "type": "object",
              "properties": {
                "lat": {
                  "type": "number",
                  "description": "Latitude"
                },
                "lon": {
                  "type": "number",
                  "description": "Longitude"
                }
              },
              "required": [
                "lat",
                "lon"
              ],
              "description": "Longitude and Latitude coordinates"
            }
          },
          "required": [
            "country",
            "city",
            "point"
          ],
          "description": "Geo IP location"
        }
      }
    }
  }
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[404] resource not found"
}

Get Report Document
GET/feeds/{feed_id}/{report_id}

URI Parameters
HideShow
feed_id
string (required) Example: AVsGXwEZVjrVcoBZyoh3

ID of the feed

report_id
string (required) Example: 7ad90fec880e914e2f92f677c9f2f9ca644267178f50e2610781fb6693341997

ID of the report


Create Feed

Create a new feed for threat reports.

POST https://api.cymon.io/v2/feeds
Requestsexample 1
Headers
Content-Type: application/json
Authorization: Bearer <token>
Body
{
  "name": "my-automated-malware-sandbox-feed",
  "description": "Hello, world!",
  "link": "https://my-blog.example.com",
  "tos": "Creative Common (CC) License",
  "logo": "https://i.imgur.com/img-id",
  "privacy": "public",
  "tags": [
    "malware"
  ],
  "admins": [],
  "members": [],
  "guests": []
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "Feed name"
    },
    "description": {
      "type": "string",
      "description": "Feed description text"
    },
    "link": {
      "type": "string",
      "description": "URL for blog or website where users can learn more about this feed"
    },
    "tos": {
      "type": "string",
      "description": "Terms of Use for this feed"
    },
    "logo": {
      "type": "string",
      "description": "URL for small thumbnail for this feed (must be hosted on imgur CDN)"
    },
    "privacy": {
      "type": "string",
      "description": "Can be set to either `private` or `public` (default)"
    },
    "tags": {
      "type": "array",
      "description": "List of tags to categorize and help others find this feed"
    },
    "admins": {
      "description": "List of usernames that have `update`, `post`, and `read` permissions to this feed"
    },
    "members": {
      "description": "List of usernames that have `post` and `read` permissions to this feed"
    },
    "guests": {
      "description": "List of usernames that have `read` permission to this feed"
    }
  },
  "required": [
    "name",
    "privacy",
    "tags"
  ]
}
Responses200400
Headers
Content-Type: application/json
Body
{
  "message": "feed created",
  "feed": {
    "name": "my-automated-malware-sandbox-feed",
    "description": "Hello, world!",
    "link": "https://my-blog.example.com",
    "tos": "Creative Common (CC) License",
    "logo": "https://i.imgur.com/img-id",
    "privacy": "public",
    "tags": [
      "malware"
    ],
    "admins": [],
    "members": [],
    "guests": []
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "message": {
      "type": "string"
    },
    "feed": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string"
        },
        "description": {
          "type": "string"
        },
        "link": {
          "type": "string"
        },
        "tos": {
          "type": "string"
        },
        "logo": {
          "type": "string"
        },
        "privacy": {
          "type": "string"
        },
        "tags": {
          "type": "array"
        },
        "admins": {},
        "members": {},
        "guests": {}
      },
      "required": [
        "name",
        "privacy",
        "tags"
      ]
    }
  }
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[404] feed object is not valid"
}

Create
POST/feeds


Update Feed

Update details of an existing feed.

Note that you cannot update the name attribute of a feed.

PUT https://api.cymon.io/v2/feeds/AVsGXwEZVjrVcoBZyoh3
Requestsexample 1
Headers
Content-Type: application/json
Authorization: Bearer <token>
Body
{
  "description": "Hello, world!",
  "link": "https://my-blog.example.com",
  "tos": "Creative Common (CC) License",
  "logo": "https://i.imgur.com/img-id",
  "privacy": "private",
  "tags": [
    "malware",
    "ransomware"
  ],
  "admins": [
    "user1",
    "user2"
  ],
  "members": [
    "user3"
  ],
  "guests": [
    "user4",
    "user5",
    "user6"
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "description": {
      "type": "string",
      "description": "Feed description text"
    },
    "link": {
      "type": "string",
      "description": "URL for blog or website where users can learn more about this feed"
    },
    "tos": {
      "type": "string",
      "description": "Terms of Use for this feed"
    },
    "logo": {
      "type": "string",
      "description": "URL for small thumbnail for this feed (must be hosted on imgur CDN: `https://i.imgur.com/img-id`)"
    },
    "privacy": {
      "type": "string",
      "description": "Can be set to either `private` or `public` (default)"
    },
    "tags": {
      "type": "array",
      "description": "List of tags to categorize and help others find this feed"
    },
    "admins": {
      "type": "array",
      "description": "List of usernames that have `update`, `post`, and `read` permissions to this feed"
    },
    "members": {
      "type": "array",
      "description": "List of usernames that have `post` and `read` permissions to this feed"
    },
    "guests": {
      "type": "array",
      "description": "List of usernames that have `read` permission to this feed"
    }
  },
  "required": [
    "privacy",
    "tags"
  ]
}
Responses200404403400
Headers
Content-Type: application/json
Body
{
  "message": "feed updated",
  "feed": {
    "name": "my-automated-malware-sandbox-feed",
    "link": "https://my-blog.example.com",
    "tos": "Creative Common (CC) License",
    "logo": "https://i.imgur.com/img-id",
    "privacy": "public",
    "tags": [
      "malware",
      "ransomware"
    ],
    "admins": [
      "user1",
      "user2"
    ],
    "members": [
      "user3"
    ],
    "guests": [
      "user4",
      "user5",
      "user6"
    ]
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "message": {
      "type": "string"
    },
    "feed": {
      "type": "object",
      "properties": {
        "name": {
          "type": "string"
        },
        "description": {
          "type": "string"
        },
        "link": {
          "type": "string"
        },
        "tos": {
          "type": "string"
        },
        "logo": {
          "type": "string"
        },
        "privacy": {
          "type": "string"
        },
        "tags": {
          "type": "array"
        },
        "admins": {
          "type": "array"
        },
        "members": {
          "type": "array"
        },
        "guests": {
          "type": "array"
        }
      },
      "required": [
        "name",
        "privacy",
        "tags"
      ]
    }
  }
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[404] resource not found"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[403] you cannot update this feed"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[400] feed object is not valid"
}

Update
PUT/feeds/{id}

URI Parameters
HideShow
id
string (required) Example: AVsGXwEZVjrVcoBZyoh3

ID of the feed to update


Reports

Submit Report

Upload a threat report with observables.

POST https://api.cymon.io/v2/ioc/submit
Requestsexample 1
Headers
Content-Type: application/json
Authorization: Bearer <token>
Body
{
  "feed_id": "AVsGgJR4VjrVcoBZyoiZ",
  "title": "Ransomware activity detected using Cuckoo Sandbox on a sample obtained from an email attachment",
  "description": "[INSERT CUCKOO LOG HERE]",
  "tags": [
    "malware",
    "sandbox",
    "ransomware"
  ],
  "timestamp": "2017-06-10T17:56:57.000Z",
  "ioc": {
    "ip": "209.90.88.140",
    "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
    "hostname": "kamadenlai.5gbfree.com",
    "domain": "5gbfree.com",
    "md5": "86845ea1079ea26ecac6115ba6f4a66e",
    "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
    "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
    "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "feed_id": {
      "type": "string",
      "description": "The Feed ID to post this report in"
    },
    "title": {
      "type": "string",
      "description": "Short report title"
    },
    "description": {
      "type": "string",
      "description": "Long technical description"
    },
    "tags": {
      "type": "array",
      "description": "List of tags to categorize and help others find this report"
    },
    "timestamp": {
      "type": "string",
      "description": "An ISO8601 date string for when this IoC was observed"
    },
    "ioc": {
      "type": "object",
      "properties": {
        "ip": {
          "type": "string",
          "description": "IPv4 or IPv6"
        },
        "url": {
          "type": "string",
          "description": "Malicious URL indicator"
        },
        "hostname": {
          "type": "string",
          "description": "Domain with all subdomains"
        },
        "domain": {
          "type": "string",
          "description": "Root domain"
        },
        "md5": {
          "type": "string",
          "description": "MD5 hash of a malicious binary"
        },
        "sha1": {
          "type": "string",
          "description": "SHA1 hash of a malicious binary"
        },
        "sha256": {
          "type": "string",
          "description": "SHA256 hash of a malicious binary"
        },
        "ssdeep": {
          "type": "string",
          "description": "SSDEEP hash of a malicious binary"
        }
      },
      "description": "Object with observables. The following keys are supported: `ip`, `hostname`, `domain`, `url`, `md5`, `sha1`, `sha256`, `ssdeep`."
    }
  },
  "required": [
    "feed_id",
    "title",
    "tags",
    "ioc"
  ]
}
Responses200404403400400
Headers
Content-Type: application/json
Body
{
  "message": "object created",
  "report": {
    "feed_id": "AVsGgHRIVjrVcoBZyoiV",
    "feed": "OpenPhish",
    "title": "Phishing campaign targeting Facebook, Inc.",
    "description": "Hello, world!",
    "tags": [],
    "timestamp": "2017-06-10T17:56:57.000Z",
    "ioc": {
      "ip": "209.90.88.140",
      "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
      "hostname": "kamadenlai.5gbfree.com",
      "domain": "5gbfree.com",
      "md5": "86845ea1079ea26ecac6115ba6f4a66e",
      "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
      "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
      "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
    },
    "reported_by": "cymon",
    "location": {
      "country": "US",
      "city": "Orem",
      "point": {
        "lat": 40.2968,
        "lon": -111.6761
      }
    }
  }
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "message": {
      "type": "string"
    },
    "report": {
      "type": "object",
      "properties": {
        "feed_id": {
          "type": "string",
          "description": "The Feed ID"
        },
        "feed": {
          "type": "string",
          "description": "The Feed name"
        },
        "title": {
          "type": "string",
          "description": "Short report title"
        },
        "description": {
          "type": "string",
          "description": "Long technical description"
        },
        "tags": {
          "description": "List of tags to categorize and help others find this report"
        },
        "timestamp": {
          "type": "string",
          "description": "An ISO8601 date string for when this IoC was observed"
        },
        "ioc": {
          "type": "object",
          "properties": {
            "ip": {
              "type": "string",
              "description": "IPv4 or IPv6"
            },
            "url": {
              "type": "string",
              "description": "Malicious URL indicator"
            },
            "hostname": {
              "type": "string",
              "description": "Domain with all subdomains"
            },
            "domain": {
              "type": "string",
              "description": "Root domain"
            },
            "md5": {
              "type": "string",
              "description": "MD5 hash of a malicious binary"
            },
            "sha1": {
              "type": "string",
              "description": "SHA1 hash of a malicious binary"
            },
            "sha256": {
              "type": "string",
              "description": "SHA256 hash of a malicious binary"
            },
            "ssdeep": {
              "type": "string",
              "description": "SSDEEP hash of a malicious binary"
            }
          },
          "description": "Object with observables. The following keys are supported: `ip`, `hostname`, `domain`, `url`, `md5`, `sha1`, `sha256`, `ssdeep`."
        },
        "reported_by": {
          "type": "string",
          "description": "The username of the person who submitted the report"
        },
        "location": {
          "type": "object",
          "properties": {
            "country": {
              "type": "string",
              "description": "Country code"
            },
            "city": {
              "type": "string",
              "description": "City name"
            },
            "point": {
              "type": "object",
              "properties": {
                "lat": {
                  "type": "number",
                  "description": "Latitude"
                },
                "lon": {
                  "type": "number",
                  "description": "Longitude"
                }
              },
              "required": [
                "lat",
                "lon"
              ],
              "description": "Longitude and Latitude coordinates"
            }
          },
          "required": [
            "country",
            "city",
            "point"
          ],
          "description": "Geo IP location"
        }
      }
    }
  }
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[404] resource not found"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[403] you cannot write to this feed"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[400] report is not valid"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[400] ioc object is not valid"
}

Submit
POST/ioc/submit


Submit Reports in Bulk

Upload multiple threat reports in one request. Each bulk request can support up to 500 records. Each record in the request can be as large as 1 MB, up to a limit of 5 MB for the entire request, including feed IDs.

POST https://api.cymon.io/v2/ioc/submit/bulk
Requestsexample 1
Headers
Content-Type: application/json
Authorization: Bearer <token>
Body
[
  {
    "feed_id": "AVsGgJR4VjrVcoBZyoiZ",
    "title": "Ransomware activity detected using Cuckoo Sandbox on a sample obtained from an email attachment",
    "description": "[INSERT CUCKOO LOG HERE]",
    "tags": [
      "malware",
      "sandbox",
      "ransomware"
    ],
    "timestamp": "2017-06-10T17:56:57.000Z",
    "ioc": {
      "ip": "209.90.88.140",
      "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
      "hostname": "kamadenlai.5gbfree.com",
      "domain": "5gbfree.com",
      "md5": "86845ea1079ea26ecac6115ba6f4a66e",
      "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
      "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
      "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
    }
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array"
}
Responses200403400400400400
Headers
Content-Type: application/json
Body
{
  "message": "objects created",
  "reports": [
    {
      "feed_id": "AVsGgHRIVjrVcoBZyoiV",
      "feed": "OpenPhish",
      "title": "Phishing campaign targeting Facebook, Inc.",
      "description": "Hello, world!",
      "tags": [],
      "timestamp": "2017-06-10T17:56:57.000Z",
      "ioc": {
        "ip": "209.90.88.140",
        "url": "http://kamadenlai.5gbfree.com/protec-id-pages/question.html",
        "hostname": "kamadenlai.5gbfree.com",
        "domain": "5gbfree.com",
        "md5": "86845ea1079ea26ecac6115ba6f4a66e",
        "sha1": "736a602300a0476b738a53ee7feb5f9bfabca1b0",
        "sha256": "91bcefdea13e64ac5b55f1f92e58f8ff236611de3255b483cc54ee4a572017cb",
        "ssdeep": "393216:tN4puJFRkmcvLV9xEGdpHSwCc6t+r5+qzQF22gKq1Ml7lw0lxldrU:Ip4FRklZ9FdLH6Dqal7l1lxlpU"
      },
      "reported_by": "cymon",
      "location": {
        "country": "US",
        "city": "Orem",
        "point": {
          "lat": 40.2968,
          "lon": -111.6761
        }
      }
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "message": {
      "type": "string"
    },
    "reports": {
      "type": "array"
    }
  }
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[403] you cannot write to this feed"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[400] expecting an array"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[400] feed does not exist"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[400] report is not valid"
}
Headers
Content-Type: application/json
Body
{
  "errorMessage": "[400] ioc object is not valid"
}

Bulk Submit
POST/ioc/submit/bulk


Generated by aglio on 17 Jun 2017