Please be advised that this documentation applies for the v1.0 version of the API

API calls

Please be advised that this documentation applies for the v1.0 version of the API

/api/health

GET
  • Get the health of the api server
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/health
  • Returns: { "status":"OK" }

/api/version

GET
  • Get the version of the api server
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/version
  • Returns: { "version":"1.0" }

/api/stats

GET
  • Get the statistics for data in the server
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/stats
  • Returns: { "events":"5","indicators":8,"enrichments"2,"firsteventtime":"","lasteventtime":"" }

/api/version

GET
  • Get the version of the api server
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/version
  • Returns: { "version":"1.0" }

/api/indicators/:indicatorType

GET
  • Description: view the list of indicators by indicator type at the time of the query
  • Method: GET
  • Parameters: none
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/indicators/ipv4_address
  • Returns: a list of indicators separated by a newline

/api/indicators/:indicatorType/:indicator

GET
  • Description: view if an indcator is in the blacklist
  • Method: GET
  • Parameters: none
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/indicators/ipv4_address/1.24.223.138
  • Returns: a 200response code, and, if the IP is in the blacklist,a JSON in the format:
    {"ip": 18407306, "ipint": "1.24.223.138", "score": 4.090909004211426}

/api/indicators/id/:indicatorid

GET
  • Description: query the indicator data based on specific id
  • Method: GET
  • Parameters: none
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/indicators/id/100
  • Returns: a 200response code, and an indicator with a specific ID

/api/events/query

GET
  • Description: query the events data
  • Method: GET
  • Parameters:
    from - a "from" timestamp in RFC3339 format
    to - a "to" timestamp in RFC3339 format
    q - query
    offset - optional - an ID from which to start the query
    count - optional - number of results to return
    regex - optional - if the query contains regex
    format - optional - output format: raw_json, json, xml, stix, bind, snort, cybox

  • CURL example:
    curl  -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" \ -d " {"q":"score=5", "from":"2018-05-07T16:46:44.947Z", "to": "2018-06-06T16:46:44.948Z", "offset": "0", "format": "rows_json", "count": 50, "regex": true } " http://127.0.0.1:7500/api/events/query
  • Returns: a 200response code, and a list of descriptors with their respective threat information

/api/groups/:groupid

GET
  • Description: View the details of a group
  • Method: GET
  • Parameters: the ID of the group
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1
  • Returns: information about the group
    {"id": 1, "name": "fancy name", "description": "fancy description", "visibleToMembers" : true}

/api/user/new

POST
  • Description: Create a new user
  • Method: POST
  • Parameters: no parameters
  • Body: name - name of the group description - description of the group visibleToMembers - if the group is visible to it's members
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
  • Returns: a success message if the group has been created

/api/updatepi

POST
  • Description: Update an existing user
  • Method: POST
  • Parameters: no parameters
  • Body: name - name of the user description - description of the group visibleToMembers - if the group is visible to it's members
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
  • Returns: a success message if the group has been updated

/api/changeapikey

POST
  • Description: Update an existing user
  • Method: POST
  • Parameters: no parameters
  • Body: name - name of the user description - description of the group visibleToMembers - if the group is visible to it's members
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
  • Returns: a success message if the group has been updated

/api/user/new

POST
  • Description: Create a new group
  • Method: POST
  • Parameters: no parameters
  • Body: name - name of the group description - description of the group visibleToMembers - if the group is visible to it's members
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
  • Returns: a success message if the group has been created

/api/groups/:groupid

PUT
  • Description: Update an existing group
  • Method: PUT
  • Parameters: no parameters
  • Body: name - name of the group description - description of the group visibleToMembers - if the group is visible to it's members
  • CURL example:
    $ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
  • Returns: a success message if the group has been updated