GreedyBear API¶
- GET /api/feeds/{feed_type}/{attack_type}/{age}.{format}¶
Get the feeds data
Returns the feeds (it will be updated regularly every 10 mins)
- Parameters
feed_type (string) –
- The available feed_type are:
log4j - attacks detected from the Log4pot
cowrie - attacks detected from the Cowrie Honeypot
all - get all types at once
attack_type (string) –
- The available attack_type are:
scanner - IP addresses captured by the honeypots while performing attacks
payload_request - IP addresses and domains extracted from payloads that would have been executed after a specific attack would have been successful.
all - get all types at once
age (string) –
- The available age are:
recent - most recent IOCs seen in the last 3 days
persistent - these IOCs are the ones that were seen regularly by the honeypots. This feeds will start empty once no prior data was collected and will become bigger over time.
format (string) –
- The available format are:
txt - plain text (just one line for each IOC)
csv - CSV-like file (just one line for each IOC)
json - JSON file with additional information regarding the IOCs
- Status Codes
200 OK – successful operation
400 Bad Request – Invalid Input supplied
404 Not Found – Not found
- GET /api/enrichment¶
Get data about a specific IOC
Query for a specific observable in database and return data about it.
- Query Parameters
query (string) –
- Query for an observable_name. The observable_name can be:
An valid IP or domain
(Required)
- Status Codes
200 OK – successful operation
400 Bad Request – Observable IP does not pass the regex check