Skip to main content
SOC Defenders is a threat intelligence platform built for SOC analysts and security teams. It continuously aggregates cybersecurity news, indicators of compromise (IOCs), and CVE data from more than 30 sources — and surfaces it through a filterable feed, a public REST API, and a TAXII 2.1 server that plugs directly into Splunk, Microsoft Sentinel, Elastic, and other SIEMs.

Quick Start

Make your first API call in minutes. Get an API key and pull live threat data.

API Reference

Full reference for every endpoint — IOCs, articles, STIX, TAXII, and more.

Platform Guide

Explore the threat feed, IOC lookup, CVE database, and community features.

Integrations

Connect SOC Defenders to Splunk, Microsoft Sentinel, Elastic, and more.

Get up and running

1

Create an account

Sign up at socdefenders.ai — the Free tier requires no credit card.
2

Generate an API key

Go to Settings → API Keys and create your first key. Your key starts with sk_live_.
3

Make your first request

Call the IOC list endpoint with your key to pull the latest indicators:
curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://socdefenders.ai/api/v1/iocs?type=ipv4&limit=10"
4

Integrate with your stack

Use the SIEM integration guides or explore export formats like STIX 2.1, MISP, or Sigma rules.

What’s included

IOC Feed

IPv4, IPv6, domains, URLs, file hashes, CVEs, MITRE ATT&CK techniques, and email indicators — updated continuously.

CVE Database

Browse and search CVEs enriched with CISA KEV status and EPSS exploit probability scores.

Industry Threats

IOCs and threat data segmented by CISA Critical Infrastructure sectors.

Export Formats

STIX 2.1, TAXII 2.1, MISP, CEF/Syslog, OpenIOC, Sigma rules, JSON, and CSV.