creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1cffd664f555699d8e2b46f5ea94edaaa520f721
Anthropic-Cybersecurity-Skills/skills/evaluating-threat-intelligence-platforms/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

100 lines
2.7 KiB
Markdown
Raw Blame History

# Threat Intelligence Platform Evaluation API Reference
## MISP REST API
```bash
# Get version
curl "https://misp.example.com/servers/getVersion.json" \
-H "Authorization: YOUR_API_KEY" -H "Accept: application/json"
# Search events
curl -X POST "https://misp.example.com/events/restSearch" \
-H "Authorization: YOUR_API_KEY" -H "Content-Type: application/json" \
-d '{"tags": ["apt28"], "limit": 50}'
# Export STIX 2.1
curl "https://misp.example.com/events/restSearch" \
-H "Authorization: YOUR_API_KEY" -H "Accept: application/json" \
-d '{"returnFormat": "stix2"}'
# Feed management
curl "https://misp.example.com/feeds/index.json" -H "Authorization: YOUR_API_KEY"
```
## OpenCTI GraphQL API
```graphql
# Get platform version
query { about { version } }
# Search indicators
query {
indicators(filters: { key: "pattern_type", values: ["stix"] }) {
edges { node { name pattern valid_from valid_until } }
}
}
# Get campaigns
query {
campaigns(first: 20, orderBy: created_at, orderMode: desc) {
edges { node { name first_seen last_seen objectLabel { value } } }
}
}
```
## ThreatConnect REST API
```bash
# List indicators
curl "https://api.threatconnect.com/v3/indicators" \
-H "Authorization: TC <ACCESS_ID>:<HMAC_SIGNATURE>"
# Create indicator
curl -X POST "https://api.threatconnect.com/v3/indicators" \
-H "Content-Type: application/json" \
-d '{"type":"Host","hostName":"evil.example.com","rating":5,"confidence":80}'
```
## TAXII 2.1 API
```bash
# Discovery
curl https://taxii.example.com/taxii2/ -H "Accept: application/taxii+json;version=2.1"
# Get API roots
curl https://taxii.example.com/api1/ -H "Accept: application/taxii+json;version=2.1"
# List collections
curl https://taxii.example.com/api1/collections/ -H "Accept: application/taxii+json;version=2.1"
# Get objects from collection
curl "https://taxii.example.com/api1/collections/{id}/objects/" \
-H "Accept: application/stix+json;version=2.1"
```
## TIP Evaluation Criteria Weights
| Category | Criterion | Weight |
|----------|-----------|--------|
| Core | STIX 2.1 support | 10 |
| Core | REST API | 9 |
| Core | TAXII server | 8 |
| Core | TLP enforcement | 8 |
| Integration | SIEM integration | 9 |
| Integration | Feed ingestion | 8 |
| Integration | EDR integration | 7 |
| Operations | Sharing (ISAC) | 7 |
| Operations | Analyst workflow | 7 |
| Operations | Reporting | 6 |
## Platform Comparison Matrix
| Feature | MISP | OpenCTI | ThreatConnect |
|---------|------|---------|---------------|
| License | Open Source | Open Source | Commercial |
| STIX 2.1 | Native | Native | Import/Export |
| TAXII 2.1 | Yes | Yes | Yes |
| ATT&CK | Plugin | Native | Module |
| Graph Viz | Basic | Advanced | Advanced |
| SOAR | API | Connectors | Playbooks |
Reference in New Issue View Git Blame Copy Permalink