Skip to content

Add docs for advanced feeds API #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mlodic merged 1 commit into from
Feb 10, 2025
Merged

Add docs for advanced feeds API #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/GreedyBear/Api-docs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
### `feeds`
:::docs.Submodules.GreedyBear.api.views.feeds

### `feeds_advanced`
:::docs.Submodules.GreedyBear.api.views.feeds_advanced

### `feeds_pagination`
:::docs.Submodules.GreedyBear.api.views.feeds_pagination

Expand Down
30 changes: 29 additions & 1 deletion docs/GreedyBear/Usage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ GreedyBear is created with the aim to collect the information from the TPOTs and
The feeds are reachable through the following URL:

```
https://<greedybear_site>/api/feeds/<feed_type>/<attack_type>/<age>.<format>
https://<greedybear_site>/api/feeds/<feed_type>/<attack_type>/<age>.<format>?<flags>
```

The available feed_type are:
Expand Down Expand Up @@ -75,8 +75,36 @@ The available formats are:
- `csv`: CSV-like file (just one line for each IOC)
- `json`: JSON file with additional information regarding the IOCs

The available flags are:
- `exclude_mass_scanners`: if set, IOCs that are known mass scanners will be excluded from the result

Check the [API specification](https://intelowlproject.github.io/docs/GreedyBear/Api-docs/) or the to get all the details about how to use the available APIs.

## Advanced Feeds

For authenticated users, GreedyBear offers an additional API endpoint that provides similar functionality to the Feeds API but with enhanced customization options.
```
https://<greedybear_site>/api/feeds/advanced/?<query_params>
```

The available query parameters are:

- `feed_type`: see [Feeds API](#feeds)
- `attack_type`: see [Feeds API](#feeds)
- `max_age`: Maximum number of days since last occurrence. (default: 3)
- `min_days_seen`: Minimum number of days on which an IOC must have been seen. (default: 1)
- `include_reputation`: `;`-separated list of reputation values to include, e.g. `known attacker` or `known attacker;` to include IOCs without reputation. (default: include all)
- `exclude_reputation`: `;`-separated list of reputation values to exclude, e.g. `mass scanner` or `mass scanner;bot, crawler`. (default: exclude none)
- `feed_size`: Number of IOC items to return. (default: 5000)
- `ordering`: Field to order results by, with optional `-` prefix for descending. (default: `-last_seen`)
- `verbose`: `true` to include IOC properties that contain a lot of data, e.g. the list of days it was seen. (default: `false`)
- `paginate`: `true` to paginate results. This forces the json format. (default: `false`)
- `format`: see [Feeds API](#feeds) (default: `json`)

Check the [API specification](https://intelowlproject.github.io/docs/GreedyBear/Api-docs/) or the to get all the details about how to use the available APIs.

This "Advanced Feeds" API is protected through authentication. Please reach out [Matteo Lodi](https://twitter.com/matte_lodi) or another member of [The Honeynet Project](https://twitter.com/ProjectHoneynet) if you are interested in gain access to this API.

## Enrichment

GreedyBear provides an easy-to-query API to get the information available in GB regarding the queried observable (domain or IP address).
Expand Down