curl -H "Authorization: Bearer sk_live_..." \
"https://socdefenders.ai/api/v1/iocs/misp?since=2026-05-15T00:00:00Z&limit=500" \
-o socdefenders-misp.json{
"Event": {
"uuid": "00000000-0000-4000-8000-000000000001",
"info": "SOC Defenders IOCs — 2026-05-15 to 2026-05-17",
"threat_level_id": "2",
"analysis": "2",
"distribution": "3",
"Attribute": [
{
"type": "ip-src",
"category": "Network activity",
"value": "192.168.1.1",
"to_ids": true,
"comment": "C2 IP from \"New botnet observed beaconing\""
},
{
"type": "domain",
"category": "Network activity",
"value": "c2.example.com",
"to_ids": true,
"comment": "C2 domain from same campaign"
},
{
"type": "sha256",
"category": "Payload delivery",
"value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"to_ids": true
}
]
}
}Export IOCs as a MISP-format JSON event ready for import into the MISP threat intelligence platform.
A single MISP Event object containing one Attribute per IOC. Attribute types are mapped from our internal types:
| SOC Defenders type | MISP type |
|---|---|
| ipv4 | ip-src |
| ipv6 | ip-src |
| domain | domain |
| url | url |
| md5, sha1, sha256, sha512 | matching hash type |
| email-src | |
| cve | vulnerability |
curl -X POST https://your-misp.example.com/events/add \
-H "Authorization: <misp-key>" \
-H "Content-Type: application/json" \
-d @socdefenders-misp.json
Requires the Pro plan (read:misp scope).
curl -H "Authorization: Bearer sk_live_..." \
"https://socdefenders.ai/api/v1/iocs/misp?since=2026-05-15T00:00:00Z&limit=500" \
-o socdefenders-misp.json{
"Event": {
"uuid": "00000000-0000-4000-8000-000000000001",
"info": "SOC Defenders IOCs — 2026-05-15 to 2026-05-17",
"threat_level_id": "2",
"analysis": "2",
"distribution": "3",
"Attribute": [
{
"type": "ip-src",
"category": "Network activity",
"value": "192.168.1.1",
"to_ids": true,
"comment": "C2 IP from \"New botnet observed beaconing\""
},
{
"type": "domain",
"category": "Network activity",
"value": "c2.example.com",
"to_ids": true,
"comment": "C2 domain from same campaign"
},
{
"type": "sha256",
"category": "Payload delivery",
"value": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"to_ids": true
}
]
}
}Documentation Index
Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
Use this file to discover all available pages before exploring further.
API key in X-API-Key header
Filter by IOC type
ipv4, ipv6, domain, url, md5, sha1, sha256, sha512, email, cve "ipv4"
Lower time bound (ISO 8601). Clamped to your tier lookback.
"2026-05-15T00:00:00Z"
Max attributes in the event. Tier-capped.
500
MISP event JSON
Show child attributes