Network Threat Intelligence API — Spectra Intelligence
The Network Threat Intelligence APIs provide comprehensive capabilities for investigating and analyzing network-based indicators of compromise (IOCs), including URLs, domains, and IP addresses. These APIs enable security teams to assess threats, retrieve reputation data, and correlate network indicators with malicious files.
Common Use Cases
Check and manage network reputation
Quick reputation lookups for URLs, domains, and IP addresses to get an immediate assessment of whether a network location is associated with malicious activity.
- Network reputation (TCA-0407) - Query reputation data for URLs, domains, and IP addresses in single or bulk requests. Returns ReversingLabs classification, third-party detections, and malware association indicators.
- Network reputation (user override) (TCA-0408) - Override URL classifications within your organization. Useful for marking false positives as known or flagging internal threats as malicious.
Investigate a suspicious URL
Use TCA-0404 Analyze URL to submit URLs for analysis and get detailed reports through TCA-0403 URL threat intelligence. TCA-0403 can also retrieve intelligence reports for any URL in our database.
- Analyze URL (TCA-0404) - Submit URLs for analysis. Downloads and analyzes content, captures screenshots, and resolves infrastructure details.
- URL threat intelligence (TCA-0403) - Retrieve comprehensive threat intelligence reports for URLs in single or bulk requests, including classification, analysis metadata (site categorization, threat type details, site availability, DOM, redirect paths..etc.), screenshots, downloaded files, and third-party reputation data.
Investigate a domain or IP address
Understand threat profiles, associated files, DNS records, and relationships with other network indicators.
- Domain threat intelligence (TCA-0405) - Retrieve domain reports in single or bulk requests, including reputation data, downloaded file statistics, DNS records, SSL certificates, related URLs, subdomains, and domain resolutions.
- IP threat intelligence (TCA-0406) - Retrieve IP address reports in single or bulk requests, including reputation data, downloaded file statistics, WHOIS information, GeoIP data, related URLs, and domain resolutions.
Find malware samples associated with a network indicator
Correlate network indicators with file samples. These APIs help identify which files contain references to specific URIs, enabling threat hunting and malware analysis workflows.
- URI-to-hash search (TCA-0401) - Find file hashes that contain references to a specific URI (email, URL, IPv4 address, or domain) discovered during static analysis.
- URI statistics (TCA-0402) - Get statistical counts of known, malicious, and suspicious files associated with a specific URI.
All Networking APIs
📄️ Network reputation (TCA-0407)
Query TCA-0407 for reputation data on URLs, domains, and IP addresses with third-party detections from Spectra Intelligence.
📄️ Network reputation (user override) (TCA-0408)
Use TCA-0408 to override URL classifications within your organization and manage existing overrides in Spectra Intelligence.
📄️ URL threat intelligence (TCA-0403)
Submit a URL to TCA-0403 and receive a threat report including ReversingLabs classification, third-party reputation, analysis history, and associated malicious files.
📄️ Analyze URL (TCA-0404)
Submit URLs to TCA-0404 for analysis including content download, screenshots, and dynamic analysis in Spectra Intelligence.
📄️ Domain threat intelligence (TCA-0405)
Query TCA-0405 for domain reports with reputation, DNS records, certificates, related URLs, and subdomains from Spectra Intelligence.
📄️ IP threat intelligence (TCA-0406)
Query TCA-0406 for IP address reports with reputation, WHOIS, GeoIP, hosted files, and domain resolutions from Spectra Intelligence.
📄️ URI-to-hash search (TCA-0401)
Submit a URI SHA1 or plain-text value to TCA-0401 and receive SHA1 hashes of files that referenced the URI (email, URL, IPv4, or domain) during static analysis.
📄️ URI statistics (TCA-0402)
Submit a URI SHA1 to TCA-0402 and receive counts of known, malicious, and suspicious files associated with that URI (email, URL, IPv4, or domain) from static analysis.