Overview

The Abusix Guardian Intel Enterprise API provides real-time threat intelligence to help security teams identify and mitigate malicious activity on the internet. By querying this API, users can retrieve detailed information about IP addresses and their indicators of compromise (IOCs), enabling proactive security measures.

API Information

Authentication

To access the API, you need an API key. Please contact the Abusix Sales team at [email protected].

Authentication Header

Include your API key in the x-api-key header of every request:

Endpoints

The API provides multiple endpoints to retrieve intelligence data.

Query

Retrieve threat intelligence on a specific IP address.

Endpoint:

GET https://threat-intel-api.dev-abusix.io/beta/query/:item

Example Request:

curl --location 'https://threat-intel-api.dev-abusix.io/beta//query/:item' \
--header 'Accept: application/json'

Example Response:

{
  "status": "success",
  "statusCode": "<number>",
  "result": {
    "item": "<string>",
    "abusixMailBlocklist": "ACTIVE",
    "type": "IP",
    "bogon": false,
    "tags": [
      "<string>",
      "<string>"
    ],
    "firstSeen": "<dateTime>",
    "lastSeen": "<dateTime>",
    "intent": "malicious",
    "reverseDns": {
      "current": [
        {
          "entry": "<string>"
        },
        {
          "entry": "<string>"
        }
      ]
    },
    "abuseContact": {
      "email": "<email>",
      "status": "RECIPIENT_FAILED",
      "lastVerification": "<dateTime>"
    },
    "asn": {
      "countryCode": "<string>",
      "asn": "<string>",
      "name": "<string>"
    },
    "observedActivity": {
      "honeypotInteractions": {
        "firstSeen": "<dateTime>",
        "lastSeen": "<dateTime>",
        "observations": [
          {
            "firstSeen": "<dateTime>",
            "lastSeen": "<dateTime>",
            "service": "<string>",
            "type": "<string>"
          },
          {
            "firstSeen": "<dateTime>",
            "lastSeen": "<dateTime>",
            "service": "<string>",
            "type": "<string>"
          }
        ]
      },
      "spamtrapInteractions": {
        "firstSeen": "<dateTime>",
        "lastSeen": "<dateTime>",
        "observations": [
          {
            "firstSeen": "<dateTime>",
            "lastSeen": "<dateTime>",
            "type": "<string>"
          },
          {
            "firstSeen": "<dateTime>",
            "lastSeen": "<dateTime>",
            "type": "<string>"
          }
        ]
      }
    }
  }
}

Health

Retrieve intelligence for the status of Abusix Guardian Intel.

Endpoint:

GET https://threat-intel-api.dev-abusix.io/beta/health

Example Request:

curl --location 'https://threat-intel-api.dev-abusix.io/beta/health' \
--header 'Accept: application/json'

Example Response:

{
  "status": "success",
  "statusCode": "<number>",
  "result": {
    "healthy": "<boolean>"
  }
}

Tags

Retrieve intelligence related to a tag.

Endpoint:

GET https://threat-intel-api.dev-abusix.io/beta/tags?includeDescriptions=<boolean>

Example Request:

curl --location 'https://threat-intel-api.dev-abusix.io/beta/tags?includeDescriptions=%3Cboolean%3E' \
--header 'Accept: application/json'

Example Response:

{
  "status": "success",
  "statusCode": "<number>",
  "result": [
    {
      "name": "<string>",
      "intent": "suspicious",
      "category": "tool",
      "description": "<string>"
    },
    {
      "name": "<string>",
      "intent": "malicious",
      "category": "tool",
      "description": "<string>"
    }
  ]
}

Quick Check

Retrieve intelligence on a random IP to understand the response.

Endpoint:

GET https://threat-intel-api.dev-abusix.io/beta/tags?includeDescriptions=<boolean>

Example Request:

curl --location 'https://threat-intel-api.dev-abusix.io/beta/quick-check/:item' \
--header 'Accept: application/json'

Example Response:

{
  "status": "success",
  "statusCode": "<number>",
  "result": {
    "item": "<string>",
    "abusixMailBlocklist": "INFORMATIONAL",
    "type": "IP",
    "bogon": false,
    "intent": "unknown",
    "activity": "<boolean>"
  }
}

Support

For support, visit abusix.com and chat with us using the lower right Intercom button, or contact us via email at [email protected].