API Reference

Google Threat Intelligence API Overview

🚧

Commonly missed

Looking for more API quota and additional threat context?
Contact us to learn more.

Looking for your Google Threat Intelligence API key?
Jump to your personal API key view while signed in to Google TI.

Do you want to integrate into Splunk, Cortex XSOAR or other technologies?
Enrich your security events, automatically triage alerts and boost detection confidence leveraging our ubiquitous integrations in 3rd-party platforms such as Splunk SIEM, Cortex XSOAR Google Threat Intelligence, Cortex XSOAR Google Threat Intelligence IoC Stream Feed, MISP Google Threat Intelligence and others (see more).

Our API was designed with ease of use and uniformity in mind and it is inspired in the http://jsonapi.org/ specification. It follows the REST principles and has predictable, resource-oriented URLs. It uses JSON for requests and responses, including errors.

API exposes rich data in terms of: IoC relationships, sandbox dynamic analysis information, static information for files, YARA Livehunt & Retrohunt management, crowdsourced detection details, etc.

Most popular API endpoints

  • Upload a file for scanning: analysis your file with 70+ antivirus products, 10+ dynamic analysis sandboxes and a myriad of other security tools to produce a threat score and relevant context to understand it.
  • Get a file report by hash: given a {md5, sha1, sha256} hash, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products, 10+ dynamic analysis sandboxes and a myriad of other security tools and datasets.
  • Scan URL: analysis your URL with 70+ antivirus products/blocklists and a myriad of other security tools to produce a threat score and relevant context to understand it.
  • Get a URL analysis report: given a URL, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products/blocklists and a myriad of other security tools and datasets.
  • Get a domain report: given a domain, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products/blocklists and a myriad of other security tools and datasets.
  • Get an IP address report: given an IP address, retrieves the pertinent analysis report including threat reputation and context produced by 70+ antivirus products/blocklists and a myriad of other security tools and datasets.