Full API Documentation Available
Interactive API explorer, code examples, and integration guides
Threat Intelligence API
Export aggregated threat intelligence from 30+ cybersecurity sources directly into your security stack. Compatible with Splunk, Microsoft Sentinel, QRadar, Elastic, and more.
Quick Start
# Get your API key from the "API Keys" tab, then:
curl -H "Authorization: Bearer YOUR_API_KEY" \
"https://socdefenders.ai/api/v1/iocs?type=ipv4&limit=100"
# Response (JSON):
{
"meta": { "total": 1523, "limit": 100 },
"data": [
{
"type": "ipv4",
"value": "192.168.1.100",
"confidence": "high",
"source": { "feed_name": "CISA Alerts", "category": "government" }
}
]
}Supported Formats
JSON / CSV
FreeREST API with pagination and rich filtering
IOC Lookup
FreeSingle-value enrichment with AI risk + hunting queries
News Articles
FreeAggregated articles from 30+ feeds — filter, search, delta-poll
STIX 2.1
ProIndustry-standard threat intel bundles
TAXII 2.1
ProAutomated feed polling protocol for SIEMs
CEF / Syslog
ProCommon Event Format for log pipelines
MISP
ProMalware Information Sharing Platform events
OpenIOC
ProMandiant OpenIOC XML
Sigma rules
ProDeployable YAML detection rules per IOC
Articles NDJSON / CSV
ProBulk news export with cursor pagination
Available API endpoints
full reference at docs.socdefenders.ai ↗| Endpoint | Tier | What it returns |
|---|---|---|
| GET /api/v1/iocs | Free | List IOCs with filtering by type, category, confidence, since, industry. |
| GET /api/v1/iocs/search | Free | Find a specific IOC value across the feed. |
| GET /api/v1/lookupnew | Free | Single-IOC enrichment: AI risk, MITRE techniques, Splunk/KQL hunting queries. |
| GET /api/v1/articlesnew | Free | Aggregated news articles — filters, full-text search, cursor pagination, delta polling, IOC/CVE/threat-actor expansions. NDJSON/CSV bulk export requires Pro. |
| GET /api/v1/articles/{id}new | Free | Single article with all expansions (iocs, cves, threat actors, MITRE techniques) by default. |
| GET /api/v1/iocs/stats | Pro | Totals by type, category, source for analytics dashboards. |
| GET /api/v1/iocs/stix | Pro | STIX 2.1 bundle (indicators + identity). |
| GET /api/v1/iocs/misp | Pro | MISP JSON event. |
| GET /api/v1/iocs/cef | Pro | CEF or Syslog stream for SIEM ingestion. |
| GET /api/v1/iocs/openioc | Pro | OpenIOC XML document. |
| GET /api/v1/iocs/sigmanew | Pro | Multi-document Sigma YAML — deployable detection rules per IOC. |
| GET /api/taxii2/ | Pro | TAXII 2.1 discovery (api_roots + server metadata). |
| GET /api/taxii2/api/collections/ | Pro | List TAXII collections (all, IPs only, hashes only, CVEs, etc.). |
| GET /api/taxii2/api/collections/{id}/objects/ | Pro | Paginated STIX objects from a TAXII collection. |
IOC Types
Pricing
Free
Free
Perfect for getting started and personal projects
- ✓ 10 requests/minute
- ✓ 1,000 requests/day
- ✓ 1 day IOC lookback / 7 day articles lookback
- ✓ JSON IOC export + paginated news articles
- ✓ Up to 100 results per request
- ✓ Up to 3 API keys
- ✓ Community support
Pro
$299/mo
or $2990/yr ($249/mo)
For security teams, SOC analysts, and organizations
- ✓ 1,000 requests/minute
- ✓ 1,000,000 requests/day
- ✓ 365 day lookback period
- ✓ All export formats (STIX, TAXII, MISP, CEF, OpenIOC)
- ✓ Full statistics access
- ✓ Up to 10,000 IOCs per request
- ✓ Up to 50 API keys
- ✓ Priority email support
- ✓ 99.9% uptime SLA
99.9% SLA uptime guarantee
Tier Comparison
| Feature | Free | Pro |
|---|---|---|
| Rate Limit | 10/min, 1K/day | 1,000/min, 1M/day |
| Lookback Period | 1 day | 1 year |
| Results per Request | 100 | 10,000 |
| JSON/CSV Export | ✓ | ✓ |
| STIX 2.1 / TAXII 2.1 | — | ✓ |
| MISP / CEF / OpenIOC | — | ✓ |
| Support | Community | Priority email |
| SLA Uptime | — | 99.9% |