curl -H "Authorization: Bearer sk_live_..." \
"https://socdefenders.ai/api/v1/iocs/search?q=192.168.1.1"{
"meta": {
"generated_at": "2026-05-17T10:30:00Z",
"feed_version": "1.0",
"source": "SOC Defenders"
},
"data": {
"found": true,
"query": "192.168.1.1",
"matches": [
{
"id": "6fc99fbc-2c24-4ce2-8b42-48065d4976e7",
"type": "ipv4",
"value": "192.168.1.1",
"confidence": "high",
"first_seen": "2026-05-15T08:21:30Z",
"last_seen": "2026-05-16T18:42:11Z",
"source": {
"article_id": "c59a6bb4-f69a-4b90-babe-ca1afcda3514",
"article_title": "New botnet observed beaconing to home routers",
"article_url": "https://socdefenders.ai/item/c59a6bb4-f69a-4b90-babe-ca1afcda3514",
"reference_url": "https://krebsonsecurity.com/...",
"feed_name": "Krebs on Security",
"category": "threat-intel",
"origin": "article"
},
"context": "C2 server IP referenced in botnet writeup.",
"tags": [
"c2",
"botnet"
],
"mitre_techniques": [
"T1071"
]
}
],
"relatedIOCs": [
{
"id": "...",
"type": "domain",
"value": "c2.example.com",
"confidence": "high",
"first_seen": "2026-05-15T08:21:30Z",
"last_seen": "2026-05-15T08:21:30Z",
"source": {
"article_id": "c59a6bb4-...",
"article_title": "New botnet observed beaconing to home routers",
"article_url": "https://socdefenders.ai/item/c59a6bb4-...",
"reference_url": null,
"feed_name": "Krebs on Security",
"category": "threat-intel",
"origin": "article"
},
"tags": [
"c2",
"botnet"
],
"mitre_techniques": [
"T1071"
]
}
],
"meta": {
"total_matches": 1,
"related_count": 1,
"search_time_ms": 12
}
}
}Look up a specific IOC (IP, domain, hash, URL, CVE, etc.) and get back every record from across the feed plus related indicators from the same article or campaign.
Two-stage lookup:
ioc_value_normalized (btree-indexed, ~5ms). Lowercased + URL-canonicalized + IPv6-zero-compressed.pg_trgm GIN index on the value column.When include_related=true (default), the response includes up to 10 IOCs from the same source article. Useful for hash → campaign expansion.
curl -H "Authorization: Bearer sk_live_..." \
"https://socdefenders.ai/api/v1/iocs/search?q=192.168.1.1"{
"meta": {
"generated_at": "2026-05-17T10:30:00Z",
"feed_version": "1.0",
"source": "SOC Defenders"
},
"data": {
"found": true,
"query": "192.168.1.1",
"matches": [
{
"id": "6fc99fbc-2c24-4ce2-8b42-48065d4976e7",
"type": "ipv4",
"value": "192.168.1.1",
"confidence": "high",
"first_seen": "2026-05-15T08:21:30Z",
"last_seen": "2026-05-16T18:42:11Z",
"source": {
"article_id": "c59a6bb4-f69a-4b90-babe-ca1afcda3514",
"article_title": "New botnet observed beaconing to home routers",
"article_url": "https://socdefenders.ai/item/c59a6bb4-f69a-4b90-babe-ca1afcda3514",
"reference_url": "https://krebsonsecurity.com/...",
"feed_name": "Krebs on Security",
"category": "threat-intel",
"origin": "article"
},
"context": "C2 server IP referenced in botnet writeup.",
"tags": [
"c2",
"botnet"
],
"mitre_techniques": [
"T1071"
]
}
],
"relatedIOCs": [
{
"id": "...",
"type": "domain",
"value": "c2.example.com",
"confidence": "high",
"first_seen": "2026-05-15T08:21:30Z",
"last_seen": "2026-05-15T08:21:30Z",
"source": {
"article_id": "c59a6bb4-...",
"article_title": "New botnet observed beaconing to home routers",
"article_url": "https://socdefenders.ai/item/c59a6bb4-...",
"reference_url": null,
"feed_name": "Krebs on Security",
"category": "threat-intel",
"origin": "article"
},
"tags": [
"c2",
"botnet"
],
"mitre_techniques": [
"T1071"
]
}
],
"meta": {
"total_matches": 1,
"related_count": 1,
"search_time_ms": 12
}
}
}Documentation Index
Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
Use this file to discover all available pages before exploring further.
API key in X-API-Key header
IOC value to search for. Accepts any type (IPv4/IPv6, domain, URL, MD5/SHA1/SHA256/SHA512, email, CVE ID, MITRE technique). Auto-normalized for lookup.
2"192.168.1.1"
When true (default), the response includes up to 10 IOCs from the same source article — useful for pivot/expansion workflows.
true