Transilience Threat Intel Knowledge Base is a rich repository of exhaustively collected threats, breaches, and product advisories for multiple sources.'
The following types of reports and IOCs are available over the API:
- Threat Advisories
- Breach Advisories
- Product advisories
The API documentation museum is here
The response object has the name of the threat or product or breach, the date published. With those capabilities, customers would be able to easily filter the API based on the published date, or the product name, or the breach name of their interest.
The following document explains how to create the API key to access the API and how to make calls to the API with example Python scripts.
Step 1. Create API Key
Create the API key using your email name or company.
import requests
import json
url = "https://transilience-threat-intel-api.transilienceapi.com/users"
payload = {
"email": "user@example.com",
"name": "John Doe",
"company": "Acme Corp"
}
headers = {
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
if response.status_code == 200:
result = response.json()
print("User created successfully!")
print(f"Email: {result['email']}")
print(f"API Key: {result['api_key']}")
print(f"Full response: {json.dumps(result, indent=2)}")
else:
print(f"Error: {response.status_code}")
print(response.text)Threats API
import requests
import json
# Your API key from the previous request
api_key = "YOUR_API_KEY"
url = "https://transilience-threat-intel-api.transilienceapi.com/threats"
headers = {
"transilience_threatintel_api_key": api_key
}
params = {
"query": "",
"limit": 50
}
response = requests.get(url, headers=headers, params=params)
if response.status_code == 200:
result = response.json()
print("Threats retrieved successfully!")
print(f"Number of reports: {len(result)}")
print(f"Full response: {json.dumps(result, indent=2)}")
for threat in result:
print(f"\nReport ID: {threat['report_id']}")
print(f"Threat Name: {threat['threat_name']}")
print(f"Published At: {threat['published_at']}")
print(f"IOCs: {threat['num_iocs']}")
else:
print(f"Error: {response.status_code}")
print(response.text)Breaches API
import requests
import json
api_key = "YOUR_API_KEY"
headers = {
"transilience_threatintel_api_key": api_key
}
# Process Breaches
print("=" * 60)
print("PROCESSING BREACHES")
print("=" * 60)
breaches_url = "https://transilience-threat-intel-api.transilienceapi.com/breaches"
params = {"query": "", "limit": 10}
response = requests.get(breaches_url, headers=headers, params=params)
print(response.json())
if response.status_code == 200:
breaches = response.json()
print(f"Found {len(breaches)} breaches\n")
for breach in breaches:
report_id = breach['report_id']
breach_name = breach.get('breach_name', breach.get('name', 'Unknown'))
print(f"Processing: {breach_name} ({report_id})")
# Download IOC HTML
ioc_url = f"https://transilience-threat-intel-api.transilienceapi.com/breaches/{report_id}/iocs"
ioc_response = requests.get(ioc_url, headers=headers)
if ioc_response.status_code == 200:
with open(f"/tmp/breach_{report_id}_iocs.html", "wb") as f:
f.write(ioc_response.content)
print(f" ✓ Downloaded IOCs: breach_{report_id}_iocs.html")
else:
print(f" ✗ Failed to download IOCs: {ioc_response.status_code}")
# Download Advisory PDF
advisory_url = f"https://transilience-threat-intel-api.transilienceapi.com/breaches/{report_id}/advisory"
advisory_response = requests.get(advisory_url, headers=headers)
if advisory_response.status_code == 200:
with open(f"/tmp/breach_{report_id}_advisory.pdf", "wb") as f:
f.write(advisory_response.content)
print(f" ✓ Downloaded Advisory: breach_{report_id}_advisory.pdf")
else:
print(f" ✗ Failed to download Advisory: {advisory_response.status_code}")
print()
else:
print(f"Error: {response.status_code}")
print(response.text)
Products
# Process Products
print("\n" + "=" * 60)
print("PROCESSING PRODUCTS")
print("=" * 60)
products_url = "https://transilience-threat-intel-api.transilienceapi.com/products"
params = {"query": "", "limit": 10}
response = requests.get(products_url, headers=headers, params=params)
print(response.json())
if response.status_code == 200:
products = response.json()
print(f"Found {len(products)} products\n")
for product in products:
report_id = product['report_id']
product_name = product.get('product_name', product.get('name', 'Unknown'))
print(f"Processing: {product_name} ({report_id})")
# Download IOC HTML
ioc_url = f"https://transilience-threat-intel-api.transilienceapi.com/products/{report_id}/iocs"
ioc_response = requests.get(ioc_url, headers=headers)
if ioc_response.status_code == 200:
with open(f"/tmp/product_{report_id}_iocs.html", "wb") as f:
f.write(ioc_response.content)
print(f" ✓ Downloaded IOCs: product_{report_id}_iocs.html")
else:
print(f" ✗ Failed to download IOCs: {ioc_response.status_code}")
# Download Advisory PDF
advisory_url = f"https://transilience-threat-intel-api.transilienceapi.com/products/{report_id}/advisory"
advisory_response = requests.get(advisory_url, headers=headers)
if advisory_response.status_code == 200:
with open(f"/tmp/product_{report_id}_advisory.pdf", "wb") as f:
f.write(advisory_response.content)
print(f" ✓ Downloaded Advisory: product_{report_id}_advisory.pdf")
else:
print(f" ✗ Failed to download Advisory: {advisory_response.status_code}")
print()
else:
print(f"Error: {response.status_code}")
print(response.text)
print("\n" + "=" * 60)
print("DOWNLOAD COMPLETE")
print("=" * 60)Consolidated Example
import requests
from datetime import datetime, timedelta
def download_reports(report_types=["threats", "breaches", "products"], download_types=["iocs", "pdfs"], days_back=1, top_n=20, api_key="YOUR_API_KEY"):
"""
Download threat intelligence reports.
Args:
report_types (list): Types of reports - list containing "threats", "breaches", and/or "products" (default: ["threats", "breaches", "products"])
download_types (list): What to download - list containing "iocs" and/or "pdfs" (default: ["iocs", "pdfs"])
days_back (int): Number of days to look back (default: 1)
top_n (int): Maximum number of reports to retrieve (default: 20)
api_key (str): API key for authentication
Returns:
dict: Dictionary with report types as keys and lists of downloaded report dictionaries as values
"""
# Calculate cutoff date
cutoff_date = (datetime.now() - timedelta(days=days_back)).strftime('%Y-%m-%d')
print(f"Report Types: {', '.join(report_types)}")
print(f"Download Types: {', '.join(download_types)}")
print(f"Looking back {days_back} day(s) since: {cutoff_date}")
print(f"Retrieving up to {top_n} reports per type\n")
all_results = {}
for report_type in report_types:
print("=" * 60)
print(f"PROCESSING {report_type.upper()}")
print("=" * 60)
# Get reports
url = f"https://transilience-threat-intel-api.transilienceapi.com/{report_type}"
headers = {"transilience_threatintel_api_key": api_key}
params = {"query": "", "limit": top_n}
response = requests.get(url, headers=headers, params=params)
if response.status_code != 200:
print(f"Error retrieving {report_type}: {response.status_code}")
print(response.text)
all_results[report_type] = []
print()
continue
reports = response.json()
print (f'reports: {reports}')
print(reports)
# Filter by date
recent_reports = [
report for report in reports
if report['published_at'] >= cutoff_date
]
print(recent_reports)
print (f'recent_reports: {recent_reports}')
print(f"Total {report_type} retrieved: {len(reports)}")
print(f"{report_type.capitalize()} in last {days_back} day(s): {len(recent_reports)}\n")
downloaded_reports = []
# Download files for recent reports
for report in recent_reports:
report_id = report['report_id']
# Get the name field based on report type
if report_type == "threats":
name = report.get('threat_name', 'Unknown')
elif report_type == "breaches":
name = report.get('breach_name', 'Unknown')
else: # products
name = report.get('product_name', 'Unknown')
published_at = report['published_at']
print(f"Processing: {name}")
print(f" Published: {published_at}")
report_info = {
'report_id': report_id,
'name': name,
'published_at': published_at,
'ioc_downloaded': False,
'pdf_downloaded': False
}
# Download IOC HTML
if "iocs" in download_types:
ioc_url = f"https://transilience-threat-intel-api.transilienceapi.com/{report_type}/{report_id}/iocs"
ioc_response = requests.get(ioc_url, headers=headers)
if ioc_response.status_code == 200:
filename = f"/tmp/{report_type}_{report_id}_iocs.html"
with open(filename, "wb") as f:
f.write(ioc_response.content)
print(f" ✓ Downloaded IOCs: {filename}")
report_info['ioc_downloaded'] = True
else:
print(f" ✗ Failed to download IOCs: {ioc_response.status_code}")
# Download Advisory PDF
if "pdfs" in download_types:
advisory_url = f"https://transilience-threat-intel-api.transilienceapi.com/{report_type}/{report_id}/advisory"
advisory_response = requests.get(advisory_url, headers=headers)
if advisory_response.status_code == 200:
filename = f"/tmp/{report_type}_{report_id}_advisory.pdf"
with open(filename, "wb") as f:
f.write(advisory_response.content)
print(f" ✓ Downloaded Advisory: {filename}")
report_info['pdf_downloaded'] = True
else:
print(f" ✗ Failed to download Advisory: {advisory_response.status_code}")
downloaded_reports.append(report_info)
print()
all_results[report_type] = downloaded_reports
print("=" * 60)
print("DOWNLOAD COMPLETE")
print("=" * 60)
for report_type, downloads in all_results.items():
print(f"{report_type.capitalize()}: {len(downloads)} reports downloaded")
return all_results
# Example usage:
results = download_reports(days_back=2, report_types=["products"], top_n=200)Transilience Team
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article