The SOC Defenders REST API gives you programmatic access to aggregated threat intelligence from 30+ cybersecurity sources. You can retrieve IOCs, query enriched articles, export data in industry-standard formats (STIX 2.1, MISP, CEF, OpenIOC, Sigma), and poll a TAXII 2.1 server — all over HTTPS using JSON responses.Documentation Index
Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
All API requests go to:/api/v1/ path prefix. For example:
Response format
All endpoints return JSON by default. Some endpoints support alternative output formats (such as STIX 2.1 bundles, MISP events, or Sigma YAML) — these are noted in the individual endpoint references.Authentication
Every request requires an API key. Pass it as a Bearer token in theAuthorization header or in the X-API-Key header. See Authentication for details.
Available endpoints
| Endpoint | Tier | Description |
|---|---|---|
GET /api/v1/iocs | Free | List IOCs with filtering by type, category, confidence, date range, and industry |
GET /api/v1/iocs/search | Free | Find a specific IOC value across the feed |
GET /api/v1/lookup | Free | Single-IOC enrichment with AI risk score, MITRE techniques, and hunting queries |
GET /api/v1/articles | Free | Aggregated news articles with full-text search, filters, and delta polling |
GET /api/v1/articles/{id} | Free | Single article with IOC, CVE, threat actor, and MITRE technique expansions |
GET /api/v1/iocs/stats | Pro | IOC totals broken down by type, category, and source |
GET /api/v1/iocs/stix | Pro | STIX 2.1 bundle containing indicators and identity objects |
GET /api/v1/iocs/misp | Pro | MISP JSON event |
GET /api/v1/iocs/cef | Pro | CEF/Syslog stream for SIEM ingestion |
GET /api/v1/iocs/openioc | Pro | OpenIOC XML document |
GET /api/v1/iocs/sigma | Pro | Multi-document Sigma YAML detection rules per IOC |
GET /api/taxii2/ | Pro | TAXII 2.1 discovery — API roots and server metadata |