Skip to main content
The collections endpoint returns all TAXII 2.1 collections available on the SOC Defenders server. Each collection groups STIX objects by indicator type — you can poll all IOCs at once, or target a specific collection such as IP addresses, file hashes, or CVEs depending on what your integration needs.

Endpoint

Method: GET https://www.socdefenders.ai/api/taxii2/api/collections/ Authentication: Required — pass your API key in the Authorization header as a Bearer token. Tier: Pro.

Example request

curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://www.socdefenders.ai/api/taxii2/api/collections/"

Example response

{
  "collections": [
    {
      "id": "all-iocs",
      "title": "All IOCs",
      "description": "All indicators of compromise across all types",
      "can_read": true,
      "can_write": false,
      "media_types": ["application/stix+json;version=2.1"]
    },
    {
      "id": "ip-addresses",
      "title": "IP Addresses",
      "description": "IPv4 and IPv6 indicators only",
      "can_read": true,
      "can_write": false,
      "media_types": ["application/stix+json;version=2.1"]
    },
    {
      "id": "file-hashes",
      "title": "File Hashes",
      "description": "MD5, SHA1, and SHA256 file hash indicators",
      "can_read": true,
      "can_write": false,
      "media_types": ["application/stix+json;version=2.1"]
    },
    {
      "id": "cves",
      "title": "CVEs",
      "description": "CVE vulnerability indicators",
      "can_read": true,
      "can_write": false,
      "media_types": ["application/stix+json;version=2.1"]
    }
  ]
}
The collection IDs shown above are illustrative. Use the id values returned by your live response when constructing object requests.

Response fields

collections
object[]
Array of collection objects available on the server.

Next steps

Use a collection id to fetch its STIX objects at GET /api/taxii2/api/collections//objects/.