ThreatExchange API Reference

The comprehensive list of the ThreatExchange APIs and the related endpoints.

Objects

Parameter	Description
ThreatDescriptor	Subjective context provided by a ThreatExchangeMember for a ThreatIndicator.
ThreatExchangeMember	Participant within ThreatExchange.
ThreatExchangeImpactReport	Freeform record of outcomes as a result of participating in ThreatExchange.
ThreatIndicator	Indicator of compromise.
ThreatPrivacyGroup	Label to group threat objects together.
ThreatTags	Label to group threat objects together.

Types

Parameter	Description
IndicatorType	Type of indicator being described by a ThreatIndicator object.
PrecisionType	Defines how accurately the threat intelligence detects its intended target, victim or actor.
PrivacyType	Defines who can access the threat intelligence.
ReviewStatusType	Description of how the threat intelligence was vetted.
SeverityType	Description of the threat dangerousness associated with a ThreatIndicator object. The order of the values below are ordered from least severe to most severe.
SignatureType	Type of signature format described by a ThreatIndicator object.
ShareLevelType (aka Traffic Light Protocol or TLP)	Designation of how any object in ThreatExchange may be re-shared both within and outside of ThreatExchange, based on the US-CERT's Traffic Light Protocol.
StatusType	Description of the maliciousness of any object within ThreatExchange.

Search Endpoints

Parameter	Description
/threat_updates	Prefered way of downloading all the data for a collaboration and staying in sync with updates. Not enabled for all privacy groups. See page for details.
/threat_descriptors	Enables searching for descriptors (opinions on content or indicators).
/threat_indicators	Enables searching for indicators.
/threat_tags	Enables searching for threat tags.

Miscellaneous Endpoints

Parameter	Description
/threat_exchange_members	Returns a list of current members of the ThreatExchange.