威胁情报聚合器是一个专注于安全的API,通过交叉引用聚合的威胁情报数据库来实现快速威胁评估。该工具专为安全团队、事件响应人员和合规专业人员设计,整合来自多个来源的威胁数据,以提供关于IP、域名、文件哈希和其他妥协指标的可操作情报。
此API非常适合需要实时威胁可见性而无需管理多个第三方集成的组织。无论您是进行事件响应、对外部实体进行尽职调查,还是自动化安全工作流程,威胁情报聚合器都能在单次API调用中提供全面的威胁上下文。
主要功能包括快速威胁查询、多源威胁关联和详细的风险评估数据——所有这些都可通过简单的RESTful接口访问,专为集成到SOAR平台、安全仪表板和自动化响应系统而设计。
使用方法
示例请求
{
"target": "192.168.1.100"
}
示例响应
{
"target": "192.168.1.100",
"threat_status": "high_risk",
"findings": [
{
"source": "abusech",
"threat_type": "malware_c2",
"confidence": 95,
"last_seen": "2024-01-15T10:30:00Z"
},
{
"source": "otx",
"threat_type": "botnet",
"confidence": 87,
"last_seen": "2024-01-14T22:15:00Z"
}
],
"risk_score": 9.2,
"recommendations": [
"Block at firewall perimeter",
"Investigate network connections",
"Review logs for command execution"
],
"aggregated_at": "2024-01-16T08:45:22Z"
}
端点
POST /check-threat
针对聚合的威胁情报源分析目标,以识别已知威胁和安全风险。
方法: POST
路径: /check-threat
描述: 提交一个目标(IP地址、域名、文件哈希或URL)进行威胁评估。该API查询多个威胁情报源,并返回带有风险评分和修复建议的综合发现结果。
请求参数:
| 名称 | 类型 | 必填 | 描述 |
|---|
| target | string | 是 | 要检查的指标:IP地址、域名、文件哈希(MD5/SHA1/SHA256)或URL |
响应模式:| 字段 | 类型 | 描述 |
|---|
| target | string | 已检查的指标 |
| threat_status | string | 总体威胁评估:clean、low_risk、medium_risk、high_risk、critical_risk |
| findings | array | 来自各个源的威胁发现数组 |
| findings[].source | string | 威胁情报源(例如 abusech、otx、abuseipdb) |
| findings[].threat_type | string | 检测到的威胁分类 |
| findings[].confidence | integer | 置信度评分 0-100 |
| findings[].last_seen | string | 最近观察到的ISO 8601时间戳 |
| risk_score | number | 聚合风险评分 0-10 |
| recommendations | array | 建议的修复操作列表 |
| aggregated_at | string | 聚合时间的ISO 8601时间戳 |
HTTP状态码:200 OK — 威胁检查成功完成422 Unprocessable Entity — 请求体无效或目标参数格式错误
定价
| 计划 | 每日调用次数 | 每月调用次数 | 价格 |
|---|
| 免费 | 5 | 50 | 免费 |
| 开发者 | 20 | 500 | $39/月 |
| 专业版 | 200 | 5,000 | $99/月 |
| 企业版 | 100,000 | 1,000,000 | $299/月 |
关于 ToolWeb.in
— 200+ 安全API,CISSP & CISM,平台:按次运行、API网关、MCP Server、OpenClaw、RapidAPI、YouTube。
参考资料
- Kong 路由:
https://api.mkkpro.com/security/threat-intel-aggregator
- API 文档:
https://api.mkkpro.com:8009/docs
The Threat Intelligence Aggregator is a security-focused API that enables rapid threat assessment by cross-referencing targets against aggregated threat intelligence databases. Built for security teams, incident responders, and compliance professionals, this tool consolidates threat data from multiple sources to provide actionable intelligence on IPs, domains, file hashes, and other indicators of compromise.
This API is ideal for organizations that need real-time threat visibility without managing multiple third-party integrations. Whether you're conducting incident response, performing due diligence on external entities, or automating security workflows, the Threat Intelligence Aggregator delivers comprehensive threat context in a single API call.
Key capabilities include rapid threat lookups, multi-source threat correlation, and detailed risk assessment data—all accessible through a simple, RESTful interface designed for integration into SOAR platforms, security dashboards, and automated response systems.
Usage
Sample Request
{
"target": "192.168.1.100"
}
Sample Response
{
"target": "192.168.1.100",
"threat_status": "high_risk",
"findings": [
{
"source": "abusech",
"threat_type": "malware_c2",
"confidence": 95,
"last_seen": "2024-01-15T10:30:00Z"
},
{
"source": "otx",
"threat_type": "botnet",
"confidence": 87,
"last_seen": "2024-01-14T22:15:00Z"
}
],
"risk_score": 9.2,
"recommendations": [
"Block at firewall perimeter",
"Investigate network connections",
"Review logs for command execution"
],
"aggregated_at": "2024-01-16T08:45:22Z"
}
Endpoints
POST /check-threat
Analyzes a target against aggregated threat intelligence sources to identify known threats and security risks.
Method: POST
Path: /check-threat
Description: Submits a target (IP address, domain, file hash, or URL) for threat assessment. The API queries multiple threat intelligence feeds and returns consolidated findings with risk scoring and remediation recommendations.
Request Parameters:
| Name | Type | Required | Description |
|---|
| target | string | Yes | The indicator to check: IP address, domain name, file hash (MD5/SHA1/SHA256), or URL |
Response Schema:| Field | Type | Description |
|---|
| target | string | The checked indicator |
| threat_status | string | Overall threat assessment: clean, low_risk, medium_risk, high_risk, critical_risk |
| findings | array | Array of threat findings from individual sources |
| findings[].source | string | Threat intelligence source (e.g., abusech, otx, abuseipdb) |
| findings[].threat_type | string | Classification of threat detected |
| findings[].confidence | integer | Confidence score 0-100 |
| findings[].last_seen | string | ISO 8601 timestamp of most recent observation |
| risk_score | number | Aggregated risk score 0-10 |
| recommendations | array | List of recommended remediation actions |
| aggregated_at | string | ISO 8601 timestamp of aggregation time |
HTTP Status Codes:200 OK — Threat check completed successfully422 Unprocessable Entity — Invalid request body or malformed target parameter
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|
| Free | 5 | 50 | Free |
| Developer | 20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in — 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
References
- Kong Route:
https://api.mkkpro.com/security/threat-intel-aggregator
- API Docs:
https://api.mkkpro.com:8009/docs
by