Documentation Index Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
Use this file to discover all available pages before exploring further.
The collections endpoint returns all TAXII 2.1 collections available on the SOC Defenders server. Each collection groups STIX objects by indicator type — you can poll all IOCs at once, or target a specific collection such as IP addresses, file hashes, or CVEs depending on what your integration needs.
Endpoint Method: GET https://www.socdefenders.ai/api/taxii2/api/collections/Authentication: Required — pass your API key in the Authorization header as a Bearer token.Tier: Pro.Example request curl -H "Authorization: Bearer sk_live_YOUR_KEY" \ "https://www.socdefenders.ai/api/taxii2/api/collections/"
Example response { "collections" : [ { "id" : "all-iocs" , "title" : "All IOCs" , "description" : "All indicators of compromise across all types" , "can_read" : true , "can_write" : false , "media_types" : [ "application/stix+json;version=2.1" ] }, { "id" : "ip-addresses" , "title" : "IP Addresses" , "description" : "IPv4 and IPv6 indicators only" , "can_read" : true , "can_write" : false , "media_types" : [ "application/stix+json;version=2.1" ] }, { "id" : "file-hashes" , "title" : "File Hashes" , "description" : "MD5, SHA1, and SHA256 file hash indicators" , "can_read" : true , "can_write" : false , "media_types" : [ "application/stix+json;version=2.1" ] }, { "id" : "cves" , "title" : "CVEs" , "description" : "CVE vulnerability indicators" , "can_read" : true , "can_write" : false , "media_types" : [ "application/stix+json;version=2.1" ] } ] }
The collection IDs shown above are illustrative. Use the id values returned by your live response when constructing object requests.
Response fields Array of collection objects available on the server. Unique collection identifier. Pass this as the {id} path parameter when fetching objects from GET /api/taxii2/api/collections/{id}/objects/.
Human-readable name of the collection.
collections[].description
Description of what indicator types or data this collection contains.
true if your API key has read access to this collection.
true if your API key has write access to this collection. SOC Defenders collections are read-only; this field will always be false.
collections[].media_types
Array of MIME types supported by this collection. SOC Defenders serves STIX 2.1 objects: application/stix+json;version=2.1.
Next steps Use a collection id to fetch its STIX objects at GET /api/taxii2/api/collections//objects/ .