creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1cffd664f555699d8e2b46f5ea94edaaa520f721
Anthropic-Cybersecurity-Skills/skills/evaluating-threat-intelligence-platforms/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.7 KiB
Raw Blame History

Threat Intelligence Platform Evaluation API Reference

MISP REST API

# Get version
curl "https://misp.example.com/servers/getVersion.json" \
  -H "Authorization: YOUR_API_KEY" -H "Accept: application/json"

# Search events
curl -X POST "https://misp.example.com/events/restSearch" \
  -H "Authorization: YOUR_API_KEY" -H "Content-Type: application/json" \
  -d '{"tags": ["apt28"], "limit": 50}'

# Export STIX 2.1
curl "https://misp.example.com/events/restSearch" \
  -H "Authorization: YOUR_API_KEY" -H "Accept: application/json" \
  -d '{"returnFormat": "stix2"}'

# Feed management
curl "https://misp.example.com/feeds/index.json" -H "Authorization: YOUR_API_KEY"

OpenCTI GraphQL API

# Get platform version
query { about { version } }

# Search indicators
query {
  indicators(filters: { key: "pattern_type", values: ["stix"] }) {
    edges { node { name pattern valid_from valid_until } }
  }
}

# Get campaigns
query {
  campaigns(first: 20, orderBy: created_at, orderMode: desc) {
    edges { node { name first_seen last_seen objectLabel { value } } }
  }
}

ThreatConnect REST API

# List indicators
curl "https://api.threatconnect.com/v3/indicators" \
  -H "Authorization: TC <ACCESS_ID>:<HMAC_SIGNATURE>"

# Create indicator
curl -X POST "https://api.threatconnect.com/v3/indicators" \
  -H "Content-Type: application/json" \
  -d '{"type":"Host","hostName":"evil.example.com","rating":5,"confidence":80}'

TAXII 2.1 API

# Discovery
curl https://taxii.example.com/taxii2/ -H "Accept: application/taxii+json;version=2.1"

# Get API roots
curl https://taxii.example.com/api1/ -H "Accept: application/taxii+json;version=2.1"

# List collections
curl https://taxii.example.com/api1/collections/ -H "Accept: application/taxii+json;version=2.1"

# Get objects from collection
curl "https://taxii.example.com/api1/collections/{id}/objects/" \
  -H "Accept: application/stix+json;version=2.1"

TIP Evaluation Criteria Weights

Category Criterion Weight
Core STIX 2.1 support 10
Core REST API 9
Core TAXII server 8
Core TLP enforcement 8
Integration SIEM integration 9
Integration Feed ingestion 8
Integration EDR integration 7
Operations Sharing (ISAC) 7
Operations Analyst workflow 7
Operations Reporting 6

Platform Comparison Matrix

Feature MISP OpenCTI ThreatConnect
License Open Source Open Source Commercial
STIX 2.1 Native Native Import/Export
TAXII 2.1 Yes Yes Yes
ATT&CK Plugin Native Module
Graph Viz Basic Advanced Advanced
SOAR API Connectors Playbooks
Reference in New Issue View Git Blame Copy Permalink