Qodex.ai

API Workflow

Number of APIs: 11

  1. 1.) Find all events where Malware Executed GET https://{{amp4e_client_id}}:{{amp4e_api_key}}@{{amp4e_host}}/v1/events?connector_guid[]={{amp4e_computer}}&event_type[]=1107296272

  2. 2.) Find Endpoint Details for Remediation GET https://{{amp4e_client_id}}:{{amp4e_api_key}}@{{amp4e_host}}/v1/computers

  3. 4.) Find samples in Threat Grid GET https://{{threatgrid_host}}/api/v2/samples/search?checksum_sample={{threatgrid_sha}}&api_key={{threatgrid_key}}

  4. 5.) Get all sample domains to analyze GET https://{{threatgrid_host}}/api/v2/samples/feeds/domains?sample={{threatgrid_sample_id}}&after=2017-02-01&api_key={{threatgrid_key}}

  5. 6.) Check all domains against Investigate POST https://investigate.api.umbrella.com/domains/categorization/

  6. 8.) Enforce on bad Domains in Umbrella POST https://{{umbrella_host}}/1.0/events?customerKey={{umbrella_key}}

  7. 9.) Research other Ransomware Domains to protect GET https://{{threatgrid_host}}/api/v3/feeds/ransomware-dns_2017-12-08.stix?api_key={{threatgrid_key}}

  8. Generate Authentication Token Copy POST https://{{fmc_hostname}}/api/fmc_platform/v1/auth/generatetoken

  9. 10.) Add custom intelligence Feed into FMC POST https://{{fmc_hostname}}/api/fmc_tid/v1/domain/{{fmc_domain}}/tid/source

  10. 7.) For suspect domains get more details GET https://investigate.api.umbrella.com/security/name/{{umbrella_suspect}}.json