Graph API Version

ThreatExchange API Reference

The comprehensive list of the ThreatExchange APIs and the related end points.

Objects

ParameterDescription

Malware

A sample of the malware.

MalwareFamily

A group, cluster or similar type grouping of Malware.

ThreatDescriptor

The subjective context provided by a ThreatExchangeMember for a ThreatIndicator

ThreatExchangeMember

A participant within ThreatExchange.

ThreatIndicator

An indicator of compromise.

ThreatTags

A label to group threat objects together.

Types

ParameterDescription

AttackType

The kind of attack a ThreatIndicator object was associated with.

IndicatorType

The kind of indicator being described by a ThreatIndicator object.

MalwareAnalysisType

A description of the type of malware, see MalwareAnalysisType.

MalwareFamilyType

A description of the type of logic or automation used to create a MalwareFamily object.

PrecisionType

Defines how accurately the threat intelligence detects its intended target, victim or actor.

PrivacyType

Defines who can access the threat intelligence.

ReviewStatusType

A description of how the threat intelligence was vetted.

SeverityType

A description of the dangerousness of the threat associated with a ThreatIndicator object. The order of the values below are ordered from least severe to most severe.

SignatureType

The kind or format of signature described by a ThreatIndicator object with ThreatType of SIGNATURE.

ShareLevelType (aka Traffic Light Protocol or TLP)

A designation of how any object in ThreatExchange may be re-shared both within and outside of ThreatExchange, based on the US-CERT's Traffic Light Protocol.

StatusType

A description of the maliciousness of any object within ThreatExchange.

ThreatType

The kind of threat a ThreatIndicator object is expressing.

Search Endpoints

ParameterDescription

/malware_analyses

Search for malware samples by hash and other metadata

/malware_families

Search for malware families by name and other metadata

/threat_descriptors

Enables searching for indicators of compromise descriptors

/threat_indicators

Enables searching for indicators of compromise

/threat_tags

Enables searching for threat tags

Miscellaneous Endpoints

ParameterDescription

/threat_exchange_members

Returns a list of current members of the ThreatExchange