using the entity lookups /domains/, /urls/, /paths/, and
so on.
The Sample API allows developers to submit and retrieve
data for analysis. You can get the raw observable feeds by
using the /samples/feeds/ endpoint. The data is usually
harvested from all sample activity, suspicious or not, and
therefore has a very large footprint. You can use this API
to query feeds to look at the sample for your organization
only.
The Indicator of Compromise (IOC) API feeds can be
accessed via the /iocs/feeds endpoint. With this API, you
can see observables in conjunction with behavior
indicators. Usually, if an item shows up in this feed, it
means that there is at least some degree of suspicious
behavior associated with the item. Also, filters can be
applied to see only samples from your organization.
Let’s look at an example. In this example, we will search
for all records that have a sha1 value equal to
"8fbb3bd96b80e28ea41107728ce8c073cbadb0dd
". To do so, we use the GET method and the API
https://panacea.threatgrid.com/api/v2/search/submissi
ons, and we need to pass the API key as a query
parameter. Example 11-20 shows the Python requests
scripts to use in this case.
Example 11-20 Threat Grid: Searching SubmissionsClick here to view code image
""" Threat Grid - search submissions API """
import requests
url =
"https://panacea.threatgrid.com/api/v2/search/submissions"
querystring = {
"q":
"8fbb3bd96b80e28ea41107728ce8c073cbadb0dd",
"api_key": "deadbeefelcpgib9ec0909"
}
headers = {
'cache-control': "no-cache",