Add Tags
Adds tags to a given artifact.
JSON Request
{ "query": "04zyp.trudemocracy.com", "tags": [ "crimeware", "exploit kit", "rig" ] }
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags' -XPOST -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "tags": ["rig", "crimeware", "exploit kit"]}'
Response
{ "tags": [ "crimeware", "exploit kit", "rig" ] }
Delete Tags
Removes tags from an artifact.
JSON Request
{ "query": "04zyp.trudemocracy.com", "tags": [ "exploit kit", "rig" ] }
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags' -XDELETE -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "tags": ["rig", "exploit kit"]}'
Response
{ "tags": [ "crimeware" ] }
Get Bulk Classification Status
Retrieve classification statuses for given domains.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/bulk/classification?query=04zyp.trudemocracy.com,riskiq.net'
Response
{ "success": true, "results": { "04zyp.trudemocracy.com": { "classification": "malicious" } "riskiq.net": { "classification": "" } } }
Get Classification Status
Retrieve classification status for a given domain.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/classification?query=04zyp.trudemocracy.com'
Response
{ "classification": "malicious" }
Get Compromised Status
Indicates whether or not a given domain has ever been compromised.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/ever-compromised?query=riskiq.net'
Response
{ "everCompromised": false }
Get Dynamic DNS Status
Indicates whether or not a domain's DNS records are updated via dynamic DNS.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/dynamic-dns?query=riskiq.net'
Response
{ "dynamicDns": false }
Get Monitor Status
Indicates whether or not a domain is monitored.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/monitor?query=riskiq.net'
Response
{ "monitor": true }
Get Sinkhole Status
Indicates whether or not an IP address is a sinkhole.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/sinkhole?query=52.8.228.23'
Response
{ "sinkhole": false }
Get Tags
Retrieves tags for a given artifact.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags?query=04zyp.trudemocracy.com'
Response
{ "tags": [ "crimeware", "exploit kit", "rig" ] }
Search Tags
Retrieve artifacts for a given tag.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags/search?query=rig'
Response
{ "results": [ { "focus": "hmknfv.top", "user_tags": [ "crimeware", "exploit kit", "rig" ], "system_tags": [ "known_compromise", "registered" ], "tags": [ "crimeware", "exploit kit", "known_compromise", "registered", "rig" ], "tag_meta": {}, "username": "lou.manousos@riskiq.net" }, ... ], totalCount: 10 }
Set Bulk Classification Status
Set classification statuses for given domains.
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/bulk/classification?queries=04zyp.trudemocracy.com,bad.net&classification=malicious'
Response
{ "classification": "malicious", }
Set Classification Status
Sets the classification status for a given domain.
JSON Request
{ "query": "04zyp.trudemocracy.com", "classification": "malicious" }
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/classification' -XPOST -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "classification": "malicious"}'
Response
{ "classification": "malicious" }
Set Compromised Status
Sets status for a domain to indicate if it has ever been compromised.
Curl Example
$ curl -u $USERNAME:$KEY https://api.riskiq.net/pt/v2/actions/ever-compromised?query=riskiq.net
Response
{ "everCompromised": false }
Set Dynamic DNS Status
Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.
JSON Request
{ "query": "riskiq.net", "status": false }
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/dynamic-dns' -XPOST -H "Content-Type: application/json" --data '{"query": "riskiq.net", "status": false}'
Response
{ "dynamicDns": false }
Set Sinkhole Status
Sets status for an IP address to indicate whether or not it is a sinkhole.
JSON Request
{ "query": "52.8.228.23", "status": true }
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/sinkhole' -XPOST -H "Content-Type: application/json" --data '{"query": "52.8.228.23", "status": true}'
Response
{ "sinkhole": false }
Set Tags
Adds tags to a given artifact.
JSON Request
{ "query": "04zyp.trudemocracy.com", "tags": [ "crimeware", "exploit kit", "rig" ] }
Curl Example
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/actions/tags' -XPUT -H "Content-Type: application/json" --data '{"query": "04zyp.trudemocracy.com", "tags": ["rig", "crimeware", "exploit kit"]}'
Response
{ "tags": [ "crimeware", "exploit kit", "rig" ] }