Network threat intelligence
The Network Threat Intelligence APIs provide comprehensive capabilities for investigating and analyzing network-based indicators of compromise (IOCs), including URLs, domains, and IP addresses. These APIs enable security teams to assess threats, retrieve reputation data, and correlate network indicators with malicious files.
Common Use Cases
Check and manage network reputation
Quick reputation lookups for URLs, domains, and IP addresses to get an immediate assessment of whether a network location is associated with malicious activity.
- Network reputation (TCA-0407) - Query reputation data for URLs, domains, and IP addresses in single or bulk requests. Returns ReversingLabs classification, third-party detections, and malware association indicators.
- Network reputation (user override) (TCA-0408) - Override URL classifications within your organization. Useful for marking false positives as known or flagging internal threats as malicious.
Investigate a suspicious URL
Use TCA-0404 Analyze URL to submit URLs for analysis and get detailed reports through TCA-0403 URL threat intelligence. TCA-0403 can also retrieve intelligence reports for any URL in our database.
- Analyze URL (TCA-0404) - Submit URLs for analysis. Downloads and analyzes content, captures screenshots, and resolves infrastructure details.
- URL threat intelligence (TCA-0403) - Retrieve comprehensive threat intelligence reports for URLs in single or bulk requests, including classification, analysis metadata (site categorization, threat type details, site availability, DOM, redirect paths..etc.), screenshots, downloaded files, and third-party reputation data.
Investigate a domain or IP address
Understand threat profiles, associated files, DNS records, and relationships with other network indicators.
- Domain threat intelligence (TCA-0405) - Retrieve domain reports in single or bulk requests, including reputation data, downloaded file statistics, DNS records, SSL certificates, related URLs, subdomains, and domain resolutions.
- IP threat intelligence (TCA-0406) - Retrieve IP address reports in single or bulk requests, including reputation data, downloaded file statistics, WHOIS information, GeoIP data, related URLs, and domain resolutions.
Find malware samples associated with a network indicator
Correlate network indicators with file samples. These APIs help identify which files contain references to specific URIs, enabling threat hunting and malware analysis workflows.
- URI-to-hash search (TCA-0401) - Find file hashes that contain references to a specific URI (email, URL, IPv4 address, or domain) discovered during static analysis.
- URI statistics (TCA-0402) - Get statistical counts of known, malicious, and suspicious files associated with a specific URI.
All Networking APIs
📄️ Network reputation (TCA-0407)
Query reputation data for URLs, domains, and IP addresses with third-party detections.
📄️ Network reputation (user override) (TCA-0408)
Override URL classifications within your organization and manage existing overrides.
📄️ URL threat intelligence (TCA-0403)
Retrieve URL reports with classification, analysis history, downloaded files, and third-party reputation.
📄️ Analyze URL (TCA-0404)
Submit URLs for analysis including content download, screenshots, and dynamic analysis.
📄️ Domain threat intelligence (TCA-0405)
Get domain reports with reputation, DNS records, certificates, related URLs, and subdomains.
📄️ IP threat intelligence (TCA-0406)
Get IP address reports with reputation, WHOIS, GeoIP, hosted files, and domain resolutions.
📄️ URI-to-hash search (TCA-0401)
Find file hashes containing references to a specific URI from static analysis.
📄️ URI statistics (TCA-0402)
Get counts of known, malicious, and suspicious files associated with a URI.