Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt

Use this file to discover all available pages before exploring further.

The /api/v1/iocs endpoint returns a paginated list of indicators of compromise from the SOC Defenders feed. You can narrow results by IOC type, confidence level, source category, industry sector, and time range. Use the since parameter for delta polling to retrieve only indicators added after a given timestamp — useful for keeping your SIEM or TIP synchronized without re-fetching the full feed.

Request

Method: GET
URL: https://socdefenders.ai/api/v1/iocs
Auth: Required — Authorization: Bearer sk_live_YOUR_KEY
Tier: Free (up to 100 results per request; Pro raises this to 10,000)

Query parameters

type
string
Filter by IOC type. One of: ipv4, ipv6, domain, url, md5, sha1, sha256, cve, mitre-attack, email.
confidence
string
Filter by confidence level. One of: high, medium, low.
category
string
Filter by source category. Common values: government, commercial, community.
industry
string
Filter by CISA sector name (e.g. energy, healthcare, financial-services).
since
string
ISO 8601 timestamp. Returns only IOCs added or updated after this time. Use for delta polling (e.g. 2024-01-01T00:00:00Z).
limit
integer
default:"100"
Maximum number of results to return. Free tier: 100. Pro tier: up to 10,000.
offset
integer
default:"0"
Number of results to skip for pagination. Use with limit to page through large result sets.

Example request

curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://socdefenders.ai/api/v1/iocs?type=ipv4&confidence=high&limit=100"

Response

{
  "meta": { "total": 1523, "limit": 100, "offset": 0 },
  "data": [
    {
      "type": "ipv4",
      "value": "192.168.1.100",
      "confidence": "high",
      "source": {
        "feed_name": "CISA Alerts",
        "category": "government"
      }
    }
  ]
}

Response fields

meta
object
Pagination metadata for the response.
data
array
Array of IOC objects matching the query.

Error responses

If your API key is missing or invalid, the API returns a 401 Unauthorized response: 
{
  "error": {
    "code": "missing_api_key",
    "message": "API key is required. Include it in the Authorization header as \"Bearer sk_live_...\" or in the X-API-Key header.",
    "request_id": "req_..."
  }
}
See Authentication for the full error code reference.