SOC Defenders lets you consume threat intelligence in the format that fits your existing stack. Free tier accounts can pull IOCs and articles as JSON or CSV, look up individual indicators, and read aggregated news. Pro accounts unlock industry-standard formats for automated SIEM ingestion, platform integrations, and deployable detection rules — including STIX 2.1, TAXII 2.1, MISP, CEF/Syslog, OpenIOC, and Sigma.Documentation Index
Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
Use this file to discover all available pages before exploring further.
All supported formats
| Format | Tier | Endpoint | Use case |
|---|---|---|---|
| JSON | Free | GET /api/v1/iocs | Flexible REST consumption, custom pipelines |
| CSV | Free | GET /api/v1/iocs?format=csv | Spreadsheet analysis, bulk imports |
| IOC Lookup | Free | GET /api/v1/lookup | Single-value enrichment |
| News Articles | Free | GET /api/v1/articles | Article aggregation, delta polling |
| STIX 2.1 | Pro | GET /api/v1/iocs/stix | Standard threat intel bundles |
| TAXII 2.1 | Pro | GET /api/taxii2/ | Automated SIEM feed polling |
| CEF/Syslog | Pro | GET /api/v1/iocs/cef | Log pipeline / SIEM ingestion |
| MISP | Pro | GET /api/v1/iocs/misp | MISP platform import |
| OpenIOC | Pro | GET /api/v1/iocs/openioc | Mandiant OpenIOC XML |
| Sigma | Pro | GET /api/v1/iocs/sigma | Deployable detection rules |
| Articles NDJSON | Pro | GET /api/v1/articles (bulk) | Bulk news export with cursor pagination |
Pro export formats
The formats below are available on the Pro tier and are designed for automated ingestion and platform integration. Each has a dedicated page with endpoint details, request examples, and filter parameters.STIX 2.1 and TAXII 2.1
Pull IOC bundles in the OASIS STIX 2.1 standard or configure automated TAXII 2.1 feed polling directly into your SIEM.
MISP
Download current IOCs as a MISP-compatible JSON event for import into your Malware Information Sharing Platform instance.
CEF/Syslog
Stream IOCs as Common Event Format log lines directly into syslog-based SIEM pipelines such as ArcSight and QRadar.
Sigma rules
Generate deployable YAML detection rules for each IOC, ready to convert and import into any Sigma-compatible SIEM.