Threat intelligence feed
With a Renseignement sur les menaces Plus license, you can leverage the Renseignement sur les menaces feed API within your security tools. Developers can use this API to access information that is also available in the IoC lists, in a format suitable for automated ingestion setup.
The Renseignement sur les menaces feed uses the industry standard TAXII (Trusted Automated eXchange of Intelligence Information) and STIX (Structured Threat Information eXpression) to share indicators of compromise (IoCs) and metadata.
For more information about TAXII, see Introduction to TAXII. For more information about STIX, see Introduction to STIX.
You can use the Renseignement sur les menaces feed to receive IoCs such as malicious IP addresses, domains, file hashes, and URLs. The feed also provides additional metadata such as the age of the indicator, when it was last seen, its source. Use the feed to automatically ingest indicators into your security tools that support STIX and TAXII standards. Some tools let you import indicators. For example, you can import malicious IP addresses into firewalls to block malicious activity or file hashes into endpoint protection platforms to block known malicious files.
You can also use the Renseignement sur les menaces feed within other control points, like intrusion detection or prevention systems, or web proxies to enable more comprehensive and up-to-date protection across your entire security ecosystem.
Arctic Wolf also offers the Blocklist API, which allows you to automatically add ASCII text-based entries from the Renseignement sur les menaces feed into your security tools that do not support STIX format.
For more information, see Threat Intelligence API specifications.
Create a Threat Intelligence token
You must create a token to access the Renseignement sur les menaces feed. The token works with both basic and API token authentication methods.
- Integrate the API into your third-party tool of choice. Consult the documentation from the third-party application for further information.
Test the API
Test the Renseignement sur les menaces feed API in the Portail unifié Arctic Wolf to confirm that the API is working as expected, understand how requests and responses are structured, and experiment safely before making any API calls.
Sample API call
Use your preferred API tool to authenticate and make API calls to the Renseignement sur les menaces feed. These steps use Postman to call the API.