Vai al contenuto principale
GET
/
api
/
v1
/
perimeter-protection
/
threat-intelligence
/
ip
/
{ip}
/
intel
Get IP intelligence
curl --request GET \
  --url https://app.aegister.com/api/v1/perimeter-protection/threat-intelligence/ip/{ip}/intel \
  --header 'X-Aegister-Token: <api-key>'
{
  "error": 0,
  "messages": [],
  "data": {
    "type": "ip",
    "request": "XXX.YYY.WWW.ZZZ",
    "timestamp": 1783085207,
    "timestamp_readable": "2026-07-03T13:26:47.322Z",
    "request_id": "UoqBNvjvOYj9",
    "body": {
      "gid": "OFA-RULE-GID-XXXXXXXXXXXX",
      "ip": "XXX.YYY.WWW.ZZZ",
      "ts": 1783084960,
      "entry_ts": 1716963374,
      "is_network": false,
      "score": 589,
      "start_score": 589,
      "reports": 73777,
      "info": {
        "members": 27,
        "events": 213,
        "sources": [
          "blocklist.de",
          "dataplane.org sshpwauth"
        ],
        "notes": [
          "Invalid SSH Login",
          "SSH Login"
        ]
      }
    },
    "events": [],
    "traffic": [],
    "ip_info": {
      "as_domain": "sample.com",
      "as_name": "Sample LLC",
      "asn": "ASXXXXX",
      "continent": "Europe",
      "continent_code": "EU",
      "country": "The Netherlands",
      "country_code": "NL"
    },
    "history": [
      {
        "ip": "XXX.YYY.WWW.ZZZ",
        "ts": 1775257202,
        "score": 691,
        "members": 27,
        "events": 160
      }
    ],
    "sectors": [
      "Financial Service IT",
      "Cloud Provider IT"
    ],
    "countries": [
      "IT",
      "GB",
      "NL"
    ],
    "reports": [
      "Brute Force on SSH Service",
      "Port Scan Detected"
    ],
    "members": [
      "OneFirewall Alliance LTD - Global Cyber Security Platform"
    ],
    "mitre_ids": [
      "T1110",
      "T1046",
      "T1595"
    ],
    "stix": [
      {
        "id": "indicator--566873ba-09af-4bff-97eb-96ee17fc24d8",
        "type": "indicator",
        "pattern": "[ipv4-addr:value = 'XXX.YYY.WWW.ZZZ']",
        "indicator_types": [
          "malicious-activity"
        ],
        "kill_chain_phases": [
          {
            "kill_chain_name": "mitre-attack",
            "phase_name": "credential-access"
          }
        ],
        "spec_version": "2.1",
        "valid_from": "2026-01-20T01:52:33.000Z"
      }
    ],
    "intel": [
      {
        "type": "course-of-action",
        "name": "Brute Force Mitigation",
        "description": "Set account lockout policies after a certain number of failed login attempts...",
        "external_id": "T1110"
      }
    ]
  }
}

Autorizzazioni

X-Aegister-Token
string
header
obbligatorio

Parametri del percorso

ip
string
obbligatorio

Risposta

{key}
any