Graph API Version

Examples

This page has various examples in Python, Java, PHP, and using cURL.

Python

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

import requests
import json
import ast
import urllib

app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
type_ = 'IP_ADDRESS'
text = 'proxy'

query_params = urllib.urlencode({
    'access_token' : app_id + '|' + app_secret,
    'type' : type_,
    'text' : text
    })

r = requests.get('https://graph.facebook.com/v2.8/threat_indicators?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

import requests
import json
import ast
import urllib

app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
type_ = 'IP_ADDRESS'
owner_app_id = 820763734618599
text = 'proxy'

query_params = urllib.urlencode({
    'access_token' : app_id + '|' + app_secret,
    'type' : type_,
    'owner' : owner_app_id,
    'text' : text
    })

r = requests.get('https://graph.facebook.com/v2.8/threat_descriptors?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

import requests
import json
import ast
import urllib

app_id = '5555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
start_time = 1391813489
end_time = 1391856689

query_params = urllib.urlencode({
    'access_token' : app_id + '|' + app_secret,
    'since' : start_time,
    'until' : end_time
    })

r = requests.get('https://graph.facebook.com/v2.8/malware_analyses?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

import requests
import json
import ast
import urllib

app_id = '555' # Replace this with your app ID
app_secret = '1234' # Replace this with your app secret
start_time = 'yesterday'
end_time = 'now'

query_params = urllib.urlencode({
    'access_token' : app_id + '|' + app_secret,
    'since' : start_time,
    'until' : end_time
    })

r = requests.get('https://graph.facebook.com/v2.8/malware_families?' + query_params)

print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))

Java

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class ThreatIndicators {

    public final static void main(String[] args) throws Exception {
        String url = "https://graph.facebook.com/v2.8/threat_indicators?";
        String appID = "5555"; // Replace this with your app ID
        String appSecret = "12345"; // Replace this with your app secret
        String type = "IP_ADDRESS";
        String text = "proxy";

        String query = String.format("access_token=%s&type=%s&text=%s",
                appID + "|" + appSecret,
                type,
                text
                );
        URLConnection connection = new URL(url + query).openConnection();
        InputStream response = connection.getInputStream();
        System.out.print(convertStreamToString(response));
        response.close();
    }

    static String convertStreamToString(InputStream inputStream){
        Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
        return scanner.hasNext() ? scanner.next() : "";
    }

}

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class ThreatDescriptors {

    public final static void main(String[] args) throws Exception {
        String url = "https://graph.facebook.com/v2.8/threat_descriptors?";
        String appID = "555"; // Replace this with your app ID
        String appSecret = "12345"; // Replace this with your app secret
        String type = "IP_ADDRESS";
        String ownerAppID = "820763734618599";
        String text = "proxy";

        String query = String.format("access_token=%s&type=%s&owner=%s&text=%s",
                appID + "|" + appSecret,
                type,
                ownerAppID,
                text
                );
        URLConnection connection = new URL(url + query).openConnection();
        InputStream response = connection.getInputStream();
        System.out.print(convertStreamToString(response));
        response.close();
    }

    static String convertStreamToString(InputStream inputStream){
        Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
        return scanner.hasNext() ? scanner.next() : "";
    }

}

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class MalwareAnalyses {

    public final static void main(String[] args) throws Exception {
        String url = "https://graph.facebook.com/v2.8/malware_analyses?";
        String appID = "555"; // Replace this with your app ID
        String appSecret = "1234"; // Replace this with your app secret
        String since = "1391813489";
        String until = "1391856689";

        String query = String.format("access_token=%s&since=%s&until=%s",
                appID + "|" + appSecret,
                since,
                until
                );
        URLConnection connection = new URL(url + query).openConnection();
        InputStream response = connection.getInputStream();
        System.out.print(convertStreamToString(response));
        response.close();
    }

    static String convertStreamToString(InputStream inputStream){
        Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
        return scanner.hasNext() ? scanner.next() : "";
    }

}

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Scanner;

public class MalwareFamilies {

    public final static void main(String[] args) throws Exception {
        String url = "https://graph.facebook.com/v2.8/malware_families?";
        String appID = "555"; // Replace this with your app ID
        String appSecret = "1234"; // Replace this with your app secret
        String since = "yesterday";
        String until = "now";

        String query = String.format("access_token=%s&since=%s&until=%s",
                appID + "|" + appSecret,
                since,
                until
                );
        URLConnection connection = new URL(url + query).openConnection();
        InputStream response = connection.getInputStream();
        System.out.print(convertStreamToString(response));
        response.close();
    }

    static String convertStreamToString(InputStream inputStream){
        Scanner scanner = new Scanner(inputStream).useDelimiter("\\A");
        return scanner.hasNext() ? scanner.next() : "";
    }

}

PHP

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

<?php
  $appID = "555"; // Replace this with your AppID
  $appSecret = "1234"; // Replace this with your App Secret
  $type = 'IP_ADDRESS';
  $text = 'proxy';
  $access_token = $appID . "|" . $appSecret;

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL,
    "https://graph.facebook.com/v2.8/threat_indicators?" .
    "access_token=" . $access_token .
    "&type=" . $type .
    "&text=" . $text);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  $response = curl_exec($ch);
  $json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
  print($json . PHP_EOL);
  curl_close($ch);
?>

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

<?php
  $appID = "555"; // Replace this with your AppID
  $appSecret = "1234"; // Replace this with your App Secret
  $type = 'IP_ADDRESS';
  $text = 'proxy';
  $ownerAppID = "820763734618599";
  $access_token = $appID . "|" . $appSecret;

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL,
    "https://graph.facebook.com/v2.8/threat_descriptors?" .
    "access_token=" . $access_token .
    "&type=" . $type .
    "&owner=" . $ownerAppID .
    "&text=" . $text);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  $response = curl_exec($ch);
  $json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
  print($json . PHP_EOL);
  curl_close($ch);
?>

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

<?php
  $appID = "555"; // Replace this with your AppID
  $appSecret = "1234"; // Replace this with your App Secret
  $since = '1391813489';
  $until = '1391856689';
  $access_token = $appID . "|" . $appSecret;

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL,
    "https://graph.facebook.com/v2.8/malware_analyses?" .
    "access_token=" . $access_token .
    "&since=" . $since .
    "&until=" . $until);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  $response = curl_exec($ch);
  $json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
  print($json . PHP_EOL);
  curl_close($ch);
?>

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

<?php
  $appID = "555"; // Replace this with your AppID
  $appSecret = "1234"; // Replace this with your App Secret
  $since = 'yesterday';
  $until = 'now';
  $access_token = $appID . "|" . $appSecret;

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL,
    "https://graph.facebook.com/v2.8/malware_families?" .
    "access_token=" . $access_token .
    "&since=" . $since .
    "&until=" . $until);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  $response = curl_exec($ch);
  $json = json_encode(json_decode($response), JSON_PRETTY_PRINT);
  print($json . PHP_EOL);
  curl_close($ch);
?>

cURL

Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.

curl -i -X GET \
 "https://graph.facebook.com/v2.8/threat_indicators?type=IP_ADDRESS&text=proxy&access_token=555%7C1234"

Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.

curl -i -X GET \
 "https://graph.facebook.com/v2.8/threat_descriptors?type=IP_ADDRESS&owner=820763734618599&text=proxy&access_token=555%7C1234"

Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.

curl -i -X GET \
 "https://graph.facebook.com/v2.8/malware_analyses?since=1391813489&until=1391856689&access_token=5555%7C1234"

Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.

curl -i -X GET \
 "https://graph.facebook.com/v2.8/malware_families?since=yesterday&until=now&access_token=555%7C1234"