Get Custom Threat Indicator Feed
Table of Contents
Get Custom Threat Indicator Feed
Use this resource to retrieve the results for a specified
custom threat indicator feed. To view this information, you must
be in possession of the custom feed URL, as it contains the output
feed ID and output feed name; additionally, for custom EDL feeds,
you must also have the authentication details associated with the
feed.
You can retrieve up to 100,000 IPv4 indicators
or 5,000 indicators of all other types, per request. This limitation
is based on the maximum number of threat indicators that each feed
is capable of processing. For more information about creating custom
feeds, refer to: Create Custom Feeds
Resource
- URL Custom Feed—/IOCFeed/{outputFeedId}/{outputFeedName}?limit={max_entries}EDL Custom Feed—EDL/IOCFeed/{outputFeedId}/{outputFeedName}?limit={max_entries}Request URL ParametersThe following table describes the parameters for Get Custom Threat Intelligence Feed requests.ParametersDescriptionTypeExample or Possible Values{outputFeedId}(Required) The custom threat feed ID number.stringExample:2c9483446d93e094016de0a37f500398{outputFeedName}(Required) Name of the custom feed.stringExample:urlindicators?limit={max_entries}(Optional) Limit the number of indicator entries displayed in the output.stringExample:?limit=250Request Body ParametersThe following table describes the parameters for Get Custom Threat Intelligence Feed requests.ParametersDescriptionTypeExample or Possible ValuesapiKey(Required) API key tied to your license. All users attached to a license share a single API key.stringExample (obfuscated):d32108a5-XXX-XXXX-XXXX-c04bda5b8450RequestInclude the output feed ID and the output feed name in the request URL, as well as the API key in the request body.curl -X GET https://autofocus.paloaltonetworks.com/api/v1.0/IOCFeed/2c9483446d93e094016de0a37f500398/Graywareverdict -H "apiKey:apikey"ResponseThe response displays the indicator IDs for the custom URL feed named Graywareverdict.0048d66d3f4e6cfb2c190087674d76742663668e430094847d6d92b1dc70859d 00ccab21b3357ff53e2dd04cf0cbbabeea72571443b29de40f1d4f688a466388 00f3c157834bf67dcbed2bc4152835c561a61cc760dcc5bf0091a2400c27f852 011e1e93cbe66eae3fc6fcd1d13ae8a3bd862bbb96c13aecfe8d10a90e36c60f 012f2fda4b8efcca162c0d9b140d267f165ea78905cf7c7c24529e7025fcd2dd 0141c6cf2ecd35c1413ceb72fb5b974e601002400e229ae194aea32ebeb2297c 0144d607c470056cbe81ef59255ced1cc4112f69eff4336575e171ed1b93838a 01704ee5950a0cc5a31f97f8e9197214de15665a53e067ebada23045ce0475c6 017daf7bdf367a4a27df0584b232f8e5cac68dcd871fc60bb5ac7ad0fc57700f 0199b38ce4bf6e6a375a16944759bcd0910133d490700a6301842502f2c59445 01a9a8674dbdddf8a960a16d736eabc3c4c676dd29578b623f24be58245b409b 01d5441f50d27154a13da39449d1e59cfac822e99a361ca998e850e029061be9 01e22e1cb7536dd5f77b5a11f939bd541cb5232965d05bb133fca369f6757546 027639a1f0b07a906acdc9012fc2ebd438765c8a367fe7abc4d654e97df934e8 02a0a31135e3a370d8e3af80fbe54a9c1a964481a1e7ddabfcbacda74049ee4e 02df717593c363789e83eafeef2c2de5558bbe01c0d983d6aa900e35ae59439e 030a59ab44b9aab9adbf5223a57bf33600d7472fbdb7d074cee697cb752d759e 0316ba7640df86164788ea20aa696ec50a5e9a07516033ed28dd6ed41062ed82 033d9d38388b1bbbe413c03a3c4b41be8370f4ab366822984f4beda531e0e745 03404b8476d7e9745443554041866dc9265e48264f367c6f12a84d6911263532RequestInclude the output feed ID and the output feed name in the request URL, as well as the API key in the request body. Additionally, you must also generate and add an authorization header based on the custom EDL feed authentication details to the URL.curl -X GET -H "Authorization: Basic TgRCh4ds543hgfD45EDR5rdDF4" https://autofocus.paloaltonetworks.com/api/v1.0/EDL/IOCFeed/2c9483446d93e094016de0a37f500398/Malwareverdict -H "apiKey:apikey"Alternatively, you can add the user credentials as a separate parameter:
- Credentials as a command body parameter:curl --user {username}:{password} https://autofocus.paloaltonetworks.com/api/v1.0/EDL/IOCFeed/2c9483446d93e094016de0a37f500398/Malwareverdict -H "apiKey:apikey"
ResponseThe response displays the indicator IDs for the custom URL feed named Malwareverdict.0048d66d3f4e6cfb2c190087674d76742663668e430094847d6d92b1dc70859d 00ccab21b3357ff53e2dd04cf0cbbabeea72571443b29de40f1d4f688a466388 00f3c157834bf67dcbed2bc4152835c561a61cc760dcc5bf0091a2400c27f852 011e1e93cbe66eae3fc6fcd1d13ae8a3bd862bbb96c13aecfe8d10a90e36c60f 012f2fda4b8efcca162c0d9b140d267f165ea78905cf7c7c24529e7025fcd2dd 0141c6cf2ecd35c1413ceb72fb5b974e601002400e229ae194aea32ebeb2297c 0144d607c470056cbe81ef59255ced1cc4112f69eff4336575e171ed1b93838a 01704ee5950a0cc5a31f97f8e9197214de15665a53e067ebada23045ce0475c6 017daf7bdf367a4a27df0584b232f8e5cac68dcd871fc60bb5ac7ad0fc57700f 0199b38ce4bf6e6a375a16944759bcd0910133d490700a6301842502f2c59445 01a9a8674dbdddf8a960a16d736eabc3c4c676dd29578b623f24be58245b409b 01d5441f50d27154a13da39449d1e59cfac822e99a361ca998e850e029061be9 01e22e1cb7536dd5f77b5a11f939bd541cb5232965d05bb133fca369f6757546 027639a1f0b07a906acdc9012fc2ebd438765c8a367fe7abc4d654e97df934e8 02a0a31135e3a370d8e3af80fbe54a9c1a964481a1e7ddabfcbacda74049ee4e 02df717593c363789e83eafeef2c2de5558bbe01c0d983d6aa900e35ae59439e 030a59ab44b9aab9adbf5223a57bf33600d7472fbdb7d074cee697cb752d759e 0316ba7640df86164788ea20aa696ec50a5e9a07516033ed28dd6ed41062ed82 033d9d38388b1bbbe413c03a3c4b41be8370f4ab366822984f4beda531e0e745 03404b8476d7e9745443554041866dc9265e48264f367c6f12a84d6911263532
