Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt

Use this file to discover all available pages before exploring further.

Fetching an article by its ID returns the full record including all enrichment expansions computed by the SOC Defenders platform: extracted indicators of compromise, referenced CVEs, attributed threat actors, and mapped MITRE ATT&CK techniques. An AI-generated summary is also included. This endpoint is available on the Free tier.

Endpoint

Method: GET https://socdefenders.ai/api/v1/articles/{id} Authentication: Required — pass your API key in the Authorization header as a Bearer token. Tier: Free.

Path parameters

id
string
required
The UUID of the article. You can obtain article IDs from the list endpoint at GET /api/v1/articles.

Example request

curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://socdefenders.ai/api/v1/articles/d0d2789a-cf57-4bfc-aaa5-cf9111a08f1c"

Example response

{
  "id": "d0d2789a-cf57-4bfc-aaa5-cf9111a08f1c",
  "title": "Example Security Article",
  "url": "https://example.com/article",
  "source": "bleepingcomputer.com",
  "published_at": "2024-01-15T10:00:00Z",
  "summary": "AI-generated summary of the article content.",
  "categories": ["vulnerabilities"],
  "severity": "high",
  "tags": ["#vulnerability", "#exploit"],
  "iocs": [
    { "type": "ipv4", "value": "192.0.2.1" },
    { "type": "domain", "value": "evil.example.com" }
  ],
  "cves": ["CVE-2024-1234"],
  "threat_actors": ["APT28"],
  "mitre_techniques": [
    { "id": "T1566", "name": "Phishing" }
  ],
  "points": 3,
  "comment_count": 2
}

Response fields

id
string
Unique article UUID.
title
string
Article title as published by the source.
url
string
Canonical URL of the original article.
source
string
Domain of the publishing source, for example bleepingcomputer.com or cisa.gov.
published_at
string
ISO 8601 timestamp of when the article was published by the source.
summary
string
AI-generated plain-text summary of the article content. Useful for triage without reading the full source.
categories
string[]
Array of category labels, for example ["vulnerabilities", "ransomware"].
severity
string
Assessed severity level: critical, high, medium, or low.
tags
string[]
Array of extracted hashtag-style tags.
iocs
object[]
Array of indicators of compromise extracted from the article. Each object contains a type (e.g. ipv4, domain, md5, sha256, url) and a value string.
cves
string[]
Array of CVE identifiers referenced in the article, for example ["CVE-2024-1234"].
threat_actors
string[]
Array of threat actor names attributed to or mentioned in the article, for example ["APT28", "Lazarus Group"].
mitre_techniques
object[]
Array of MITRE ATT&CK techniques mapped to the article content.
points
integer
Relevance or engagement score assigned to the article by the platform.
comment_count
integer
Number of community comments on the article within the SOC Defenders platform.