Please be advised that this documentation applies for the v1.0 version of the API
API calls
Please be advised that this documentation applies for the v1.0 version of the API
/api/health
GET
- Get the health of the api server
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/health
- Returns:
{ "status":"OK" }
/api/version
GET
- Get the version of the api server
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/version
- Returns:
{ "version":"1.0" }
/api/stats
GET
- Get the statistics for data in the server
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/stats
- Returns:
{ "events":"5","indicators":8,"enrichments"2,"firsteventtime":"","lasteventtime":"" }
/api/version
GET
- Get the version of the api server
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/version
- Returns:
{ "version":"1.0" }
/api/indicators/:indicatorType
GET
- Description: view the list of indicators by indicator type at the time of the query
- Method: GET
- Parameters: none
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/indicators/ipv4_address
- Returns: a list of indicators separated by a newline
/api/indicators/:indicatorType/:indicator
GET
- Description: view if an indcator is in the blacklist
- Method: GET
- Parameters: none
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/indicators/ipv4_address/1.24.223.138
- Returns: a
200
response code, and, if the IP is in the blacklist,a JSON in the format:{"ip": 18407306, "ipint": "1.24.223.138", "score": 4.090909004211426}
/api/indicators/id/:indicatorid
GET
- Description: query the indicator data based on specific id
- Method: GET
- Parameters: none
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/indicators/id/100
- Returns: a
200
response code, and an indicator with a specific ID
/api/events/query
GET
- Description: query the events data
- Method: GET
- Parameters:
from - a "from" timestamp in RFC3339 format
to - a "to" timestamp in RFC3339 format
q - query
offset - optional - an ID from which to start the query
count - optional - number of results to return
regex - optional - if the query contains regex
format - optional - output format: raw_json, json, xml, stix, bind, snort, cybox - CURL example:
curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" \ -d " {"q":"score=5", "from":"2018-05-07T16:46:44.947Z", "to": "2018-06-06T16:46:44.948Z", "offset": "0", "format": "rows_json", "count": 50, "regex": true } " http://127.0.0.1:7500/api/events/query
- Returns: a
200
response code, and a list of descriptors with their respective threat information
/api/groups/:groupid
GET
- Description: View the details of a group
- Method: GET
- Parameters: the ID of the group
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1
- Returns: information about the group
{"id": 1, "name": "fancy name", "description": "fancy description", "visibleToMembers" : true}
/api/user/new
POST
- Description: Create a new user
- Method: POST
- Parameters: no parameters
- Body: name - name of the group description - description of the group visibleToMembers - if the group is visible to it's members
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
- Returns: a success message if the group has been created
/api/updatepi
POST
- Description: Update an existing user
- Method: POST
- Parameters: no parameters
- Body: name - name of the user description - description of the group visibleToMembers - if the group is visible to it's members
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
- Returns: a success message if the group has been updated
/api/changeapikey
POST
- Description: Update an existing user
- Method: POST
- Parameters: no parameters
- Body: name - name of the user description - description of the group visibleToMembers - if the group is visible to it's members
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
- Returns: a success message if the group has been updated
/api/user/new
POST
- Description: Create a new group
- Method: POST
- Parameters: no parameters
- Body: name - name of the group description - description of the group visibleToMembers - if the group is visible to it's members
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
- Returns: a success message if the group has been created
/api/groups/:groupid
PUT
- Description: Update an existing group
- Method: PUT
- Parameters: no parameters
- Body: name - name of the group description - description of the group visibleToMembers - if the group is visible to it's members
- CURL example:
$ curl -H "X-Envoy-User: YOURUSER" -H "X-Envoy-Key: YOURAPIKEY" http://127.0.0.1:7500/api/groups/1{"name": "fancy name", "description": "fancy description", "visibleToMembers": true}
- Returns: a success message if the group has been updated