Message Image

Skip main navigation (Press Enter).

Email Security.cloud

View Only

Back to discussions

Expand all | Collapse all

IOC Blacklist API help

Tim McColganAug 19, 2019 02:17 PM

I am looking to enable the IOC blacklist, so it can dynamically update ATP with bad IOCs, such as URLs, ...

Sym_YAug 19, 2019 06:06 PM

Hi Tim, The IOC blacklist is only available to our customers, the IOC blacklist API URL is specified ...

1. IOC Blacklist API help

0 Recommend
Tim McColgan
Posted Aug 19, 2019 02:17 PM

Reply Reply Privately
I am looking to enable the IOC blacklist, so it can dynamically update ATP with bad IOCs, such as URLs, domains, hashes, etc.

I've downloaded the API guide, with many command examples - but I do not understand:

1. WHERE to get these data feeeds from? I've found a few online such as IBM X.Force and Abuse.CH - but not sure if these are correct?

IBM: https://exchange.xforce.ibmcloud.com/

Abuse.Ch: https://abuse.ch/#projects

2. HOW am I running these commands (what programming language am I using?

3. And from WHERE do I run these commands (my work laptop, running a schedule task!?!?

Any help would be appreciated.
2. RE: IOC Blacklist API help

0 Recommend
Broadcom Employee

Sym_Y
Posted Aug 19, 2019 06:06 PM

Reply Reply Privately
Hi Tim,

The IOC blacklist is only available to our customers, the IOC blacklist API URL is specified on page 6 of the guide:

https://support.symantec.com/us/en/article.DOC11327.html

It uses RESTful interface, and the commands are made in cURL.

A commonly used third-party app for API calls is Postman: https://www.getpostman.com/

Regards,

Yamma

Copyright 2019. All rights reserved.

Powered by Higher Logic