Overview
The Threat Intelligence Aggregator is a security-focused API that enables rapid threat assessment by cross-referencing targets against aggregated threat intelligence databases. Built for security teams, incident responders, and compliance professionals, this tool consolidates threat data from multiple sources to provide actionable intelligence on IPs, domains, file hashes, and other indicators of compromise.
This API is ideal for organizations that need real-time threat visibility without managing multiple third-party integrations. Whether you're conducting incident response, performing due diligence on external entities, or automating security workflows, the Threat Intelligence Aggregator delivers comprehensive threat context in a single API call.
Key capabilities include rapid threat lookups, multi-source threat correlation, and detailed risk assessment data—all accessible through a simple, RESTful interface designed for integration into SOAR platforms, security dashboards, and automated response systems.
Usage
Sample Request
CODEBLOCK0
Sample Response
CODEBLOCK1
Endpoints
POST /check-threat
Analyzes a target against aggregated threat intelligence sources to identify known threats and security risks.
Method: POST
Path: �INLINECODE0
Description: Submits a target (IP address, domain, file hash, or URL) for threat assessment. The API queries multiple threat intelligence feeds and returns consolidated findings with risk scoring and remediation recommendations.
Request Parameters:
| Name | Type | Required | Description |
|---|
| target | string | Yes | The indicator to check: IP address, domain name, file hash (MD5/SHA1/SHA256), or URL |
Response Schema:
| Field | Type | Description |
|---|
| target | string | The checked indicator |
| threat_status |
string | Overall threat assessment:
clean,
low_risk,
medium_risk,
high_risk,
critical_risk |
| findings | array | Array of threat findings from individual sources |
| findings[].source | string | Threat intelligence source (e.g.,
abusech,
otx,
abuseipdb) |
| findings[].threat_type | string | Classification of threat detected |
| findings[].confidence | integer | Confidence score 0-100 |
| findings[].last_seen | string | ISO 8601 timestamp of most recent observation |
| risk_score | number | Aggregated risk score 0-10 |
| recommendations | array | List of recommended remediation actions |
| aggregated_at | string | ISO 8601 timestamp of aggregation time |
HTTP Status Codes:
- -
200 OK — Threat check completed successfully - INLINECODE10� — Invalid request body or malformed target parameter
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|
| Free | 5 | 50 | Free |
| Developer |
20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in — 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
References
- - Kong Route: �INLINECODE11
- API Docs: �INLINECODE12
概述
威胁情报聚合器是一款专注于安全的API,通过将目标与聚合的威胁情报数据库进行交叉比对,实现快速威胁评估。该工具专为安全团队、事件响应人员和合规专业人员打造,整合来自多个来源的威胁数据,为IP地址、域名、文件哈希及其他入侵指标提供可操作的情报。
该API非常适合需要实时威胁可见性但无需管理多个第三方集成的组织。无论您是在进行事件响应、对外部实体进行尽职调查,还是自动化安全工作流程,威胁情报聚合器都能通过一次API调用提供全面的威胁上下文信息。
核心功能包括快速威胁查询、多源威胁关联以及详细的风险评估数据——所有这些均可通过一个简单的RESTful接口访问,该接口专为集成到SOAR平台、安全仪表板和自动化响应系统而设计。
使用说明
示例请求
json
{
target: 192.168.1.100
}
示例响应
json
{
target: 192.168.1.100,
threatstatus: highrisk,
findings: [
{
source: abusech,
threattype: malwarec2,
confidence: 95,
last_seen: 2024-01-15T10:30:00Z
},
{
source: otx,
threat_type: botnet,
confidence: 87,
last_seen: 2024-01-14T22:15:00Z
}
],
risk_score: 9.2,
recommendations: [
Block at firewall perimeter,
Investigate network connections,
Review logs for command execution
],
aggregated_at: 2024-01-16T08:45:22Z
}
接口端点
POST /check-threat
针对聚合的威胁情报源分析目标,以识别已知威胁和安全风险。
方法: POST
路径: /check-threat
描述: 提交目标(IP地址、域名、文件哈希或URL)进行威胁评估。该API查询多个威胁情报源,并返回包含风险评分和修复建议的整合结果。
请求参数:
| 名称 | 类型 | 必填 | 描述 |
|---|
| target | string | 是 | 要检查的指标:IP地址、域名、文件哈希(MD5/SHA1/SHA256)或URL |
响应结构:
| 字段 | 类型 | 描述 |
|---|
| target | string | 已检查的指标 |
| threatstatus |
string | 总体威胁评估:clean、lowrisk、medium
risk、highrisk、critical_risk |
| findings | array | 来自各个来源的威胁发现数组 |
| findings[].source | string | 威胁情报来源(例如:abusech、otx、abuseipdb) |
| findings[].threat_type | string | 检测到的威胁分类 |
| findings[].confidence | integer | 置信度评分 0-100 |
| findings[].last_seen | string | 最近一次观察的ISO 8601时间戳 |
| risk_score | number | 聚合风险评分 0-10 |
| recommendations | array | 推荐的修复措施列表 |
| aggregated_at | string | 聚合时间的ISO 8601时间戳 |
HTTP状态码:
- - 200 OK — 威胁检查成功完成
- 422 Unprocessable Entity — 请求体无效或目标参数格式错误
定价
| 套餐 | 每日调用次数 | 每月调用次数 | 价格 |
|---|
| 免费版 | 5 | 50 | 免费 |
| 开发者版 |
20 | 500 | $39/月 |
| 专业版 | 200 | 5,000 | $99/月 |
| 企业版 | 100,000 | 1,000,000 | $299/月 |
关于
ToolWeb.in — 200+安全API,CISSP & CISM认证,平台:按次付费、API网关、MCP服务器、OpenClaw、RapidAPI、YouTube。
参考信息
- - Kong路由: https://api.mkkpro.com/security/threat-intel-aggregator
- API文档: https://api.mkkpro.com:8009/docs
