ThreatExchange API Reference
The comprehensive list of the ThreatExchange APIs and the related end points.
Objects
| Parameter | Description |
|---|---|
A sample of the malware. | |
A group, cluster or similar type grouping of Malware. | |
The subjective context provided by a ThreatExchangeMember for a ThreatIndicator | |
A participant within ThreatExchange. | |
An indicator of compromise. | |
A label to group threat objects together. |
Types
| Parameter | Description |
|---|---|
The kind of indicator being described by a ThreatIndicator object. | |
A description of the type of malware, see MalwareAnalysisType. | |
A description of the type of logic or automation used to create a MalwareFamily object. | |
Defines how accurately the threat intelligence detects its intended target, victim or actor. | |
Defines who can access the threat intelligence. | |
A description of how the threat intelligence was vetted. | |
A description of the dangerousness of the threat associated with a ThreatIndicator object. The order of the values below are ordered from least severe to most severe. | |
The kind or format of signature described by a ThreatIndicator object. | |
ShareLevelType (aka Traffic Light Protocol or TLP) | A designation of how any object in ThreatExchange may be re-shared both within and outside of ThreatExchange, based on the US-CERT's Traffic Light Protocol. |
A description of the maliciousness of any object within ThreatExchange. |
Search Endpoints
| Parameter | Description |
|---|---|
Search for malware samples by hash and other metadata | |
Search for malware families by name and other metadata | |
Enables searching for indicators of compromise descriptors | |
Enables searching for indicators of compromise | |
Enables searching for threat tags |
Miscellaneous Endpoints
| Parameter | Description |
|---|---|
Returns a list of current members of the ThreatExchange |