Upload Private IoCs via API
This feature is only available for the Platform plan users.
The Maltiverse API provides a structured way for users to upload and manage Indicators of Compromise (IoCs) such as IPv4 addresses, hostnames, URLs, and samples (identified by hashes like MD5, SHA1, SHA256, SHA512). This article details how to use the Maltiverse API, specifically focusing on uploading IoCs, based on the OpenAPI specification version 3.0.0.
Prerequisites
To use the Maltiverse API, you need:
- API access with a valid bearer token for authentication. You can get your API Key in the user profile
- Familiarity with HTTP methods (GET, PUT, POST, DELETE).
- Knowledge of IoC types and their respective formats.
Authentication
All API requests must be authenticated using your API key. Include the token in the Authorization header of your HTTP request. To fetch you API key, follow these steps:
API Endpoints for Uploading IoCs
1. IPv4 Address
- Endpoint:
/ip/{ipv4} - Method: PUT
- Description: Uploads an IPv4 address IoC to the system.
- Parameter: IPv4 address in the path.
- Request Body: An
IpItemobject containing details about the IPv4 IoC.
2. Hostname
- Endpoint:
/hostname/{hostname} - Method: PUT
- Description: Adds a hostname IoC to the system.
- Parameter: Hostname in the path.
- Request Body: A
HostnameItemobject containing details about the hostname IoC.
3. URL
- Endpoint:
/url/{urlchecksum} - Method: PUT
- Description: Uploads a URL IoC, identified by its SHA256 checksum.
- Parameter: URL checksum in the path.
- Request Body: A
UrlItemobject containing URL IoC details.
4. Sample (File Hash)
- Endpoint:
/sample/{sha256} - Method: PUT
- Description: Uploads a sample IoC, identified by its SHA256 hash.
- Parameter: SHA256 hash in the path.
- Request Body: A
SampleItemobject with details about the sample.
JSON Construction
The JSON you upload needs to be compliant with the structure defined in the API specification. You can review and try out the JSON structure in our API documentation.
It is required you always add the field blacklist.source with your team name, as you only can publish IoCs under your attribution.
Response Handling
Upon successful upload, the API typically returns a status code of 200 (OK) or 201 (Created). If there are issues with the request, such as invalid IoC format or authentication problems, the API will respond with appropriate HTTP status codes (e.g., 400 Bad Request, 401 Unauthorized, 500 Internal Server Error).
Example Request (Uploading an IPv4 Address)
You can find a working script example in Maltiverse Github repository.
Related Articles
Upload Private IoCs via Maltiverse Portal
This feature is only available for the Platform plan users. Maltiverse allows users to upload and manage IoCs directly through the platform. This feature streamlines the process of parsing IoCs from raw text, associating them with relevant metadata, ...Use Case: Upload private IoCs
In today’s complex cybersecurity landscape, organizations should not only rely on consuming global threat intelligence. Generating your own threat intelligence also plays a huge role in keeping your organization safe. Internal research, incident ...Maltiverse Plans
Maltiverse offers three different subscription plans designed to fit a wide range of security needs, from individuals and small teams just starting with threat intelligence, to large enterprises requiring advanced integrations and full platform ...Use Case: IoC Dissemination
When talking about securing your operations, speed and coverage are two critical aspects in keeping your data safe. Having access to private or global IoCs is valuable, but their real power comes when they are distributed across your security stack. ...Maltiverse Datasets
Maltiverse processes threat intelligence from multiple sources and classifies it so it can be easily consumed and understood. Each Indicator of Compromise (IoC) is run by the Maltiverse Algorithm to be categorized not only by its type, but also by ...