This page has various API examples in Python, Java, PHP, and using cURL.
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
import requests import json import ast import urllib app_id = '555' # Replace this with your app ID app_secret = '1234' # Replace this with your app secret type_ = 'IP_ADDRESS' text = 'proxy' query_params = urllib.urlencode({ 'access_token' : app_id + '|' + app_secret, 'type' : type_, 'text' : text }) r = requests.get('https://graph.facebook.com/v2.4/threat_indicators?' + query_params) print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))
Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
import requests import json import ast import urllib app_id = '555' # Replace this with your app ID app_secret = '1234' # Replace this with your app secret type_ = 'IP_ADDRESS' owner_app_id = 820763734618599 text = 'proxy' query_params = urllib.urlencode({ 'access_token' : app_id + '|' + app_secret, 'type' : type_, 'owner' : owner_app_id, 'text' : text }) r = requests.get('https://graph.facebook.com/v2.4/threat_descriptors?' + query_params) print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))
Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
import requests import json import ast import urllib app_id = '5555' # Replace this with your app ID app_secret = '1234' # Replace this with your app secret start_time = 1391813489 end_time = 1391856689 query_params = urllib.urlencode({ 'access_token' : app_id + '|' + app_secret, 'since' : start_time, 'until' : end_time }) r = requests.get('https://graph.facebook.com/v2.4/malware_analyses?' + query_params) print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))
Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
import requests import json import ast import urllib app_id = '555' # Replace this with your app ID app_secret = '1234' # Replace this with your app secret start_time = 'yesterday' end_time = 'now' query_params = urllib.urlencode({ 'access_token' : app_id + '|' + app_secret, 'since' : start_time, 'until' : end_time }) r = requests.get('https://graph.facebook.com/v2.4/malware_families?' + query_params) print json.dumps(ast.literal_eval(r.text), sort_keys=True,indent=4,separators=(',', ': '))
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
import java.io.InputStream; import java.net.URL; import java.net.URLConnection; import java.util.Scanner; public class ThreatIndicators { public final static void main(String[] args) throws Exception { String url = "https://graph.facebook.com/v2.4/threat_indicators?"; String appID = "5555"; // Replace this with your app ID String appSecret = "12345"; // Replace this with your app secret String type = "IP_ADDRESS"; String text = "proxy"; String query = String.format("access_token=%s&type=%s&text=%s", appID + "|" + appSecret, type, text ); URLConnection connection = new URL(url + query).openConnection(); InputStream response = connection.getInputStream(); System.out.print(convertStreamToString(response)); response.close(); } static String convertStreamToString(InputStream inputStream){ Scanner scanner = new Scanner(inputStream).useDelimiter("\\A"); return scanner.hasNext() ? scanner.next() : ""; } }
Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
import java.io.InputStream; import java.net.URL; import java.net.URLConnection; import java.util.Scanner; public class ThreatDescriptors { public final static void main(String[] args) throws Exception { String url = "https://graph.facebook.com/v2.4/threat_descriptors?"; String appID = "555"; // Replace this with your app ID String appSecret = "12345"; // Replace this with your app secret String type = "IP_ADDRESS"; String ownerAppID = "820763734618599"; String text = "proxy"; String query = String.format("access_token=%s&type=%s&owner=%s&text=%s", appID + "|" + appSecret, type, ownerAppID, text ); URLConnection connection = new URL(url + query).openConnection(); InputStream response = connection.getInputStream(); System.out.print(convertStreamToString(response)); response.close(); } static String convertStreamToString(InputStream inputStream){ Scanner scanner = new Scanner(inputStream).useDelimiter("\\A"); return scanner.hasNext() ? scanner.next() : ""; } }
Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
import java.io.InputStream; import java.net.URL; import java.net.URLConnection; import java.util.Scanner; public class MalwareAnalyses { public final static void main(String[] args) throws Exception { String url = "https://graph.facebook.com/v2.4/malware_analyses?"; String appID = "555"; // Replace this with your app ID String appSecret = "1234"; // Replace this with your app secret String since = "1391813489"; String until = "1391856689"; String query = String.format("access_token=%s&since=%s&until=%s", appID + "|" + appSecret, since, until ); URLConnection connection = new URL(url + query).openConnection(); InputStream response = connection.getInputStream(); System.out.print(convertStreamToString(response)); response.close(); } static String convertStreamToString(InputStream inputStream){ Scanner scanner = new Scanner(inputStream).useDelimiter("\\A"); return scanner.hasNext() ? scanner.next() : ""; } }
Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
import java.io.InputStream; import java.net.URL; import java.net.URLConnection; import java.util.Scanner; public class MalwareFamilies { public final static void main(String[] args) throws Exception { String url = "https://graph.facebook.com/v2.4/malware_families?"; String appID = "555"; // Replace this with your app ID String appSecret = "1234"; // Replace this with your app secret String since = "yesterday"; String until = "now"; String query = String.format("access_token=%s&since=%s&until=%s", appID + "|" + appSecret, since, until ); URLConnection connection = new URL(url + query).openConnection(); InputStream response = connection.getInputStream(); System.out.print(convertStreamToString(response)); response.close(); } static String convertStreamToString(InputStream inputStream){ Scanner scanner = new Scanner(inputStream).useDelimiter("\\A"); return scanner.hasNext() ? scanner.next() : ""; } }
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $type = 'IP_ADDRESS'; $text = 'proxy'; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/threat_indicators?" . "access_token=" . $access_token . "&type=" . $type . "&text=" . $text); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $type = 'IP_ADDRESS'; $text = 'proxy'; $ownerAppID = "820763734618599"; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/threat_descriptors?" . "access_token=" . $access_token . "&type=" . $type . "&owner=" . $ownerAppID . "&text=" . $text); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $since = '1391813489'; $until = '1391856689'; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/malware_analyses?" . "access_token=" . $access_token . "&since=" . $since . "&until=" . $until); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
<?php $appID = "555"; // Replace this with your AppID $appSecret = "1234"; // Replace this with your App Secret $since = 'yesterday'; $until = 'now'; $access_token = $appID . "|" . $appSecret; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/v2.5/malware_families?" . "access_token=" . $access_token . "&since=" . $since . "&until=" . $until); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); $json = json_encode(json_decode($response), JSON_PRETTY_PRINT); print($json . PHP_EOL); curl_close($ch); ?>
Example 1: A query to get all threat indicators which are IP Addresses of proxies in ThreatExchange.
curl -i -X GET \ "https://graph.facebook.com/v2.4/threat_indicators"\ "?type=IP_ADDRESS&text=proxy&access_token=555%7C1234"
Example 2: A query to get all IP Addresses of proxies uploaded by the Facebook Administrator app in ThreatExchange.
curl -i -X GET \ "https://graph.facebook.com/v2.4/threat_descriptors"\ "?type=IP_ADDRESS&owner=820763734618599&text=proxy&access_token=555%7C1234"
Example 3: A query to get all malware analyses uploaded to ThreatExchange uploaded between Fri, 07 Feb 2014 22:51:29 GMT and Sat, 08 Feb 2014 10:51:29 GMT.
curl -i -X GET \ "https://graph.facebook.com/v2.4/malware_analyses"\ "?since=1391813489&until=1391856689&access_token=5555%7C1234"
Example 4: A query to get all malware families uploaded to ThreatExchange between yesterday and today.
curl -i -X GET \ "https://graph.facebook.com/v2.5/malware_families"\ "?since=yesterday&until=now&access_token=555%7C1234"