creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/building-threat-intelligence-platform/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.9 KiB
Raw Blame History

API Reference: Threat Intelligence Platform

STIX 2.1 Indicator Object

{
  "type": "indicator",
  "spec_version": "2.1",
  "id": "indicator--<uuid5>",
  "created": "2025-01-15T10:00:00.000Z",
  "modified": "2025-01-15T10:00:00.000Z",
  "name": "Malicious IP",
  "pattern": "[ipv4-addr:value = '198.51.100.42']",
  "pattern_type": "stix",
  "valid_from": "2025-01-15T10:00:00.000Z",
  "confidence": 85,
  "object_marking_refs": ["marking-definition--f88d31f6-486f-44da-b317-01333bde0b82"]
}

TLP Marking Definition IDs (STIX 2.1)

TLP Level STIX Marking Definition ID
TLP:CLEAR marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9
TLP:GREEN marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da
TLP:AMBER marking-definition--f88d31f6-486f-44da-b317-01333bde0b82
TLP:AMBER+STRICT marking-definition--826578e1-40a3-4b46-a8d8-b9931fdd750e
TLP:RED marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed

TAXII 2.1 Endpoints

# Discovery
curl https://taxii.server.com/taxii2/

# Collections
curl https://taxii.server.com/taxii2/collections/

# Get objects from collection
curl "https://taxii.server.com/taxii2/collections/{id}/objects?type=indicator"

# Add objects
curl -X POST "https://taxii.server.com/taxii2/collections/{id}/objects" \
  -H "Content-Type: application/stix+json;version=2.1" \
  -d @bundle.json

OpenCTI GraphQL API

mutation {
  indicatorAdd(input: {
    name: "Malicious IP"
    pattern: "[ipv4-addr:value = '198.51.100.42']"
    pattern_type: "stix"
    x_opencti_score: 80
  }) {
    id
    standard_id
  }
}

MISP REST API

# Add attribute
curl -X POST "https://misp/attributes/add/EVENT_ID" \
  -H "Authorization: MISP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type":"ip-dst","value":"198.51.100.42","category":"Network activity","to_ids":true}'
Reference in New Issue View Git Blame Copy Permalink