Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt

Use this file to discover all available pages before exploring further.

The SOC Defenders MISP endpoint returns your filtered IOCs packaged as a MISP JSON event. You can import this file directly into any MISP instance using the standard file or URL import flow — no manual attribute creation required.
MISP export requires a Pro subscription. Upgrade at socdefenders.ai.

Endpoint

GET /api/v1/iocs/misp The response is a MISP-compatible JSON event containing one attribute per IOC.

Authentication

Pass your API key as a Bearer token in the Authorization header.

Query parameters

ParameterTypeDescription
typestringFilter by IOC type: ipv4, ipv6, domain, url, md5, sha1, sha256, cve, email
sincestringISO 8601 timestamp — return only IOCs added after this date
confidencestringlow, medium, or high
industrystringCISA Critical Infrastructure sector slug

Example request

curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://socdefenders.ai/api/v1/iocs/misp?type=domain&confidence=high" \
  -o soc-defenders-iocs.json

Importing into MISP

1

Download the MISP event file

Run the curl command above to save the MISP JSON event to a local file, or copy the endpoint URL for direct URL import.
2

Open your MISP instance

Navigate to Sync Actions → Import from file (or Import from URL if you want MISP to fetch directly).
3

Select the event file

Upload the downloaded JSON file, or paste the full endpoint URL including your Authorization header if your MISP version supports authenticated URL imports.
4

Review and publish

MISP previews the event attributes before committing. Review the attribute count and types, then click Publish to add the event to your instance.
Use the since parameter to pull only new IOCs since your last import. Store the timestamp of each successful import and pass it as since in your next request to avoid duplicate attributes.