SOC Defenders is a threat intelligence platform built for SOC analysts and security teams. It continuously aggregates cybersecurity news, indicators of compromise (IOCs), and CVE data from more than 30 sources — and surfaces it through a filterable feed, a public REST API, and a TAXII 2.1 server that plugs directly into Splunk, Microsoft Sentinel, Elastic, and other SIEMs.Documentation Index
Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
Use this file to discover all available pages before exploring further.
Quick Start
Make your first API call in minutes. Get an API key and pull live threat data.
API Reference
Full reference for every endpoint — IOCs, articles, STIX, TAXII, and more.
Platform Guide
Explore the threat feed, IOC lookup, CVE database, and community features.
Integrations
Connect SOC Defenders to Splunk, Microsoft Sentinel, Elastic, and more.
Get up and running
Create an account
Sign up at socdefenders.ai — the Free tier requires no credit card.
Generate an API key
Go to Settings → API Keys and create your first key. Your key starts with
sk_live_.Integrate with your stack
Use the SIEM integration guides or explore export formats like STIX 2.1, MISP, or Sigma rules.
What’s included
IOC Feed
IPv4, IPv6, domains, URLs, file hashes, CVEs, MITRE ATT&CK techniques, and email indicators — updated continuously.
CVE Database
Browse and search CVEs enriched with CISA KEV status and EPSS exploit probability scores.
Industry Threats
IOCs and threat data segmented by CISA Critical Infrastructure sectors.
Export Formats
STIX 2.1, TAXII 2.1, MISP, CEF/Syslog, OpenIOC, Sigma rules, JSON, and CSV.