SOC Defenders is a threat intelligence platform built for SOC analysts, security engineers, and security operations teams. It continuously aggregates cybersecurity news, indicators of compromise (IOCs), and CVE data from more than 30 sources, then delivers that intelligence through a filterable web feed, a REST API, and a TAXII 2.1 server — so you can enrich your investigations, feed your SIEM, and stay ahead of active threats without stitching together dozens of individual feeds yourself.Documentation Index
Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
Use this file to discover all available pages before exploring further.
Platform
Explore the threat news feed, IOC lookup, CVE database, and industry threat view.
API Reference
Full reference for every endpoint — IOCs, articles, STIX, TAXII, and more.
Integrations
Connect SOC Defenders to Splunk, Microsoft Sentinel, Elastic, and more.
Export Formats
STIX 2.1, TAXII 2.1, MISP, CEF/Syslog, OpenIOC, Sigma rules, JSON, and CSV.
What the platform provides
Threat news feed — A continuously updated feed of cybersecurity articles aggregated from 30+ sources. You can filter by category (attacks and breaches, malware, vulnerabilities, and more), severity, industry sector, MITRE ATT&CK technique, threat actor, and technology. Articles are enriched with extracted IOCs, CVEs, and MITRE technique mappings so you can pivot from a news item directly into an investigation. IOC feed — A structured feed of indicators of compromise including IPv4, IPv6, domains, URLs, MD5/SHA1/SHA256 file hashes, CVEs, MITRE ATT&CK techniques, and email addresses. Indicators include confidence ratings and source attribution. Use the IOC lookup endpoint to enrich a single indicator with AI risk scoring and auto-generated Splunk and KQL hunting queries. CVE database — Search and browse CVEs enriched with CISA Known Exploited Vulnerabilities (KEV) status and EPSS exploit probability scores, so you can prioritize patching by actual exploitation risk rather than raw CVSS score alone. Industry threat view — IOCs and threat articles segmented by CISA Critical Infrastructure sectors, letting you filter intelligence to the industries most relevant to your organization. Community — Access community-contributed threat intelligence and stay connected with other security practitioners using the platform.The API
SOC Defenders exposes a REST API and a TAXII 2.1 server for programmatic access to all threat intelligence. Use the REST API to pull IOC lists, search for specific indicators, retrieve enriched news articles, and export data in multiple formats. Use the TAXII 2.1 server to poll collections automatically from any TAXII-compatible SIEM or threat intelligence platform. All API access requires an API key passed in theAuthorization header or X-API-Key header. See Authentication to get started, or jump to the API reference for full endpoint documentation.
Free vs Pro
SOC Defenders offers two tiers. The Free tier is available immediately with no credit card required and covers most individual and small-team use cases. The Pro tier is designed for security teams and organizations that need higher throughput, longer data lookback, and SIEM-native export formats.| Feature | Free | Pro |
|---|---|---|
| Rate limit | 10 req/min, 1,000 req/day | 1,000 req/min, 1,000,000 req/day |
| Lookback period | 1 day | 1 year |
| Results per request | 100 | 10,000 |
| JSON / CSV export | Yes | Yes |
| STIX 2.1 / TAXII 2.1 | — | Yes |
| MISP / CEF / OpenIOC | — | Yes |
| Sigma rules | — | Yes |
| API keys | Up to 3 | Up to 50 |
| Support | Community | Priority email |
| Uptime SLA | — | 99.9% |
Supported SIEM integrations
SOC Defenders works directly with the following platforms:- Splunk — Ingest IOCs via REST API or TAXII 2.1 feed. Auto-generated Splunk hunting queries are available per indicator through the IOC lookup endpoint.
- Microsoft Sentinel — Connect via TAXII 2.1 or REST API. KQL hunting queries are generated per IOC in the lookup response.
- IBM QRadar — Ingest via TAXII 2.1 or CEF/Syslog stream (Pro).
- Elastic Security — Pull IOCs via REST API or TAXII 2.1 feed.
- Google Chronicle — Ingest STIX 2.1 bundles or connect via TAXII 2.1 (Pro).