Supply Chain Security Feed (TCF-0701) — Spectra Intelligence
The ReversingLabs Supply Chain Indicators of Compromise (IoC) Feed delivers structured threat intelligence data for malicious Open Source Software (OSS) packages and subsequent reclassifications. It provides all historical data (since 2011-03-29) and maintains a continuous stream.
The service includes the following primary event types:
- New Malicious Samples (
NEW_MALICIOUS): represents confirmed malicious OSS packages or files. - False Positives (
FP): marks previously flagged samples that have been reclassified as non-malicious. - New Threats (
NEW_THREAT_NAME): represents malware packages reclassified with a new threat name after additional analysis.
The service supports time-based querying (for example, retrieving data after a specified timestamp) and maintains user-specific cursors for reliable incremental consumption.
The default response format is XML. Supported formats are JSON and XML.
For complete request and response specifications, including parameters, schemas, status codes, and code samples, see the OpenAPI reference for each endpoint linked below.
Endpoints
Start
Starts the Supply Chain Indicators of Compromise (IoC) feed session and initializes access to the data stream.
PUT /api/feed/supply_chain/ioc/v1/query/start
Pull
Retrieves the next set of feed entries from the user-specific cursor position.
GET /api/feed/supply_chain/ioc/v1/query/pull
Time range
Retrieves feed entries starting from a specific time, identified either as a UTC date or as a Unix timestamp.
GET /api/feed/supply_chain/ioc/v1/query/{time_format}/{time_value}