-
Notifications
You must be signed in to change notification settings - Fork 0
/
adctd-api-spec-v1.yaml
142 lines (134 loc) · 3.67 KB
/
adctd-api-spec-v1.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
swagger: "3.0"
info:
description: "Look up Malicious URI in Cyber Tactical Database"
version: "1.0.0"
title: "Cyber Tactical Database API"
termsOfService: ""
contact:
email: "ctd@activedefense.co.jp"
url: https://github.com/activedefense/adctd-api-spec
license:
name: "Commercial"
url: ""
host: api.ctd.activedefense.co.jp
basePath: /v1
schemes:
- http
- https
consumes:
- application/json
produces:
- application/json
definitions:
MaliciousUri:
type: object
properties:
id:
type: string
format: uuid
description: Unique id of ADCTD
# readOnly: true
# example: dd01da19-ef8a-4583-adbc-d7a47c76adcb
type:
type: string
description: type of Indicator
# readOnly: true
# example: url
is_infected:
type: boolean
description: estimate source subject infection status before uri access
# readOnly: true
# example: false
url:
type: string
format: uri
description: Malicious URL
# readOnly: true
# example: http://worth.lobelqq.sample/hummingbird.htm
domain:
type: string
format: hostname
description: Malicious resource contained domain
# readOnly: true
# example: worth.lobelqq.sample
ip:
type: string
format: ipv4
description: Malicious resource containted IP address
# readOnly: true
# example: 1.1.1.1
description:
type: string
description: Campaign, Tool Kit, or Species if indentified
# readOnly: true
# example: TIG Exploit Kit
confidence:
type: string
description: high, medium, low
# example: high
created_at:
type: string
format: date-time
description: created datetime of this entry
# readOnly: true
# example: 2018-06-01T00:00:00Z
updated_at:
type: string
format: date-time
description: updated datetime of this entry
# readOnly: true
# example: 2018-06-01T00:00:00Z
expire_at:
type: string
format: date-time
description: expire datetime of this entry
# readOnly: true
# example: 2018-06-01T10:00:00Z
securityDefinitions:
# X-API-Key: abcdef12345
APIKeyHeader:
type: apiKey
in: header
name: x-api-key
security:
- APIKeyHeader: []
paths:
# /malicious/uri/{id}:
# parameters:
# - name: id
# in: path
# description: Malicious Entry URI id
# required: true
# type: string
# format: uuid
# get:
# tags: [MaliciousUri]
# summary: Detail of Malicious Entry URI
# description:
# operationId: GetMaliciousURIById
# responses:
# '200':
# description: Malicious Entry URI
# schema:
# "$ref": '#/definitions/MaliciousUri'
/malicious/uri:
get:
tags: [MaliciousUri]
summary: List of Malicious Entry URI in Cyber Tactical Database
description: Return list of Malicious Entry URI in Cyber Tactical Database
produces:
- application/json
operationId: GetMaliciousURIs
parameters:
- in: query
name: type
schema:
type: string
description: \"ek\" or \"dl_malware\" is supported. If specified \"ek\", you can get Exploit Kit related uri lists. If specified \"dl_malware\", you can get malware related uri lists.
responses:
'200':
description: successful operation
schema:
type: array
items:
$ref: '#/definitions/MaliciousUri'