Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt

Use this file to discover all available pages before exploring further.

The /api/v1/iocs/search endpoint lets you look up a specific indicator value — such as an IP address, domain, or file hash — across the entire SOC Defenders feed. Unlike the list endpoint, which filters by attributes, this endpoint matches against the indicator value itself. Use it when you have a specific observable and want to know whether the feed has seen it, and if so, with what confidence and from which sources.

Request

Method: GET
URL: https://socdefenders.ai/api/v1/iocs/search
Auth: Required — Authorization: Bearer sk_live_YOUR_KEY
Tier: Free

Query parameters

q
string
required
The IOC value to search for. For example, an IP address (1.2.3.4), a domain (evil.com), or a file hash (abc123...).
type
string
Narrow the search to a specific IOC type. One of: ipv4, ipv6, domain, url, md5, sha1, sha256, cve, mitre-attack, email. Useful when a value could be interpreted as more than one type.

Example request

curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://socdefenders.ai/api/v1/iocs/search?q=evil-domain.com"

Response

The response uses the same structure as GET /api/v1/iocs, filtered to entries that match the queried value: 
{
  "meta": { "total": 1, "limit": 100, "offset": 0 },
  "data": [
    {
      "type": "domain",
      "value": "evil-domain.com",
      "confidence": "high",
      "source": {
        "feed_name": "CISA Alerts",
        "category": "government"
      }
    }
  ]
}

Response fields

meta
object
Pagination metadata for the response.
data
array
Array of IOC objects matching the queried value.

Error responses

If your API key is missing or invalid, the API returns a 401 Unauthorized response: 
{
  "error": {
    "code": "missing_api_key",
    "message": "API key is required. Include it in the Authorization header as \"Bearer sk_live_...\" or in the X-API-Key header.",
    "request_id": "req_..."
  }
}
See Authentication for the full error code reference.