Overview
The Abusix Guardian Intel Enterprise API provides real-time threat intelligence to help security teams identify and mitigate malicious activity on the internet. By querying this API, users can retrieve detailed information about IP addresses and their indicators of compromise (IOCs), enabling proactive security measures.
Authentication
To access the API, you need an API key. Please contact the Abusix Sales team at [email protected].
Include your API key in the x-api-key header of every request:
Endpoints
The API provides multiple endpoints to retrieve intelligence data.
Query
Retrieve threat intelligence on a specific IP address.
Endpoint:
GET https://threat-intel-api.dev-abusix.io/beta/query/:item
Example Request:
curl --location 'https://threat-intel-api.dev-abusix.io/beta//query/:item' \
--header 'Accept: application/json'
Example Response:
{
"status": "success",
"statusCode": "<number>",
"result": {
"item": "<string>",
"abusixMailBlocklist": "ACTIVE",
"type": "IP",
"bogon": false,
"tags": [
"<string>",
"<string>"
],
"firstSeen": "<dateTime>",
"lastSeen": "<dateTime>",
"intent": "malicious",
"reverseDns": {
"current": [
{
"entry": "<string>"
},
{
"entry": "<string>"
}
]
},
"abuseContact": {
"email": "<email>",
"status": "RECIPIENT_FAILED",
"lastVerification": "<dateTime>"
},
"asn": {
"countryCode": "<string>",
"asn": "<string>",
"name": "<string>"
},
"observedActivity": {
"honeypotInteractions": {
"firstSeen": "<dateTime>",
"lastSeen": "<dateTime>",
"observations": [
{
"firstSeen": "<dateTime>",
"lastSeen": "<dateTime>",
"service": "<string>",
"type": "<string>"
},
{
"firstSeen": "<dateTime>",
"lastSeen": "<dateTime>",
"service": "<string>",
"type": "<string>"
}
]
},
"spamtrapInteractions": {
"firstSeen": "<dateTime>",
"lastSeen": "<dateTime>",
"observations": [
{
"firstSeen": "<dateTime>",
"lastSeen": "<dateTime>",
"type": "<string>"
},
{
"firstSeen": "<dateTime>",
"lastSeen": "<dateTime>",
"type": "<string>"
}
]
}
}
}
}
Health
Retrieve intelligence for the status of Abusix Guardian Intel.
Endpoint:
GET https://threat-intel-api.dev-abusix.io/beta/health
Example Request:
curl --location 'https://threat-intel-api.dev-abusix.io/beta/health' \
--header 'Accept: application/json'
Example Response:
{
"status": "success",
"statusCode": "<number>",
"result": {
"healthy": "<boolean>"
}
}
Retrieve intelligence related to a tag.
Endpoint:
GET https://threat-intel-api.dev-abusix.io/beta/tags?includeDescriptions=<boolean>
Example Request:
curl --location 'https://threat-intel-api.dev-abusix.io/beta/tags?includeDescriptions=%3Cboolean%3E' \
--header 'Accept: application/json'
Example Response:
{
"status": "success",
"statusCode": "<number>",
"result": [
{
"name": "<string>",
"intent": "suspicious",
"category": "tool",
"description": "<string>"
},
{
"name": "<string>",
"intent": "malicious",
"category": "tool",
"description": "<string>"
}
]
}
Quick Check
Retrieve intelligence on a random IP to understand the response.
Endpoint:
GET https://threat-intel-api.dev-abusix.io/beta/tags?includeDescriptions=<boolean>
Example Request:
curl --location 'https://threat-intel-api.dev-abusix.io/beta/quick-check/:item' \
--header 'Accept: application/json'
Example Response:
{
"status": "success",
"statusCode": "<number>",
"result": {
"item": "<string>",
"abusixMailBlocklist": "INFORMATIONAL",
"type": "IP",
"bogon": false,
"intent": "unknown",
"activity": "<boolean>"
}
}
Support
For support, visit abusix.com and chat with us using the lower right Intercom button, or contact us via email at [email protected].
