Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt

Use this file to discover all available pages before exploring further.

This page walks you through creating a SOC Defenders account, generating your first API key, and pulling live threat intelligence from the API. You’ll make your first request in under five minutes and leave with a working curl command you can adapt for your own tooling.
The Free tier has a rate limit of 10 requests/minute and 1,000 requests/day. You do not need a credit card to sign up.
1

Sign up at socdefenders.ai

Go to socdefenders.ai and create a free account. No credit card is required. Your account gives you immediate access to the REST API, the threat news feed, IOC lookup, and the CVE database.
2

Generate an API key

After signing in, navigate to Settings → API Keys and click Create key. Give the key a descriptive name (for example, my-siem or dev-testing).Your key is displayed once at creation time. Copy it and store it somewhere secure — you will not be able to view the full key again after leaving the page.API keys follow the format sk_live_.... Free accounts support up to 3 API keys. Pro accounts support up to 50.
3

Make your first API call

Use the following curl command to fetch the 100 most recent IPv4 indicators from the IOC feed. Replace YOUR_API_KEY with the key you just created.
curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://socdefenders.ai/api/v1/iocs?type=ipv4&limit=100"
A successful response looks like this:
{
  "meta": { "total": 1523, "limit": 100 },
  "data": [
    {
      "type": "ipv4",
      "value": "192.168.1.100",
      "confidence": "high",
      "source": { "feed_name": "CISA Alerts", "category": "government" }
    }
  ]
}
The meta object tells you the total number of matching indicators and how many were returned. The data array contains the indicators, each with a type, value, confidence rating, and source attribution.
4

Try the IOC lookup endpoint (optional)

The IOC lookup endpoint enriches a single indicator value with AI risk scoring, MITRE ATT&CK technique mappings, and auto-generated Splunk and KQL hunting queries. This is useful for incident investigation and triage.
curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://socdefenders.ai/api/v1/lookup?value=192.168.1.100"
See the API reference for the full response schema.
5

Explore export formats or connect your SIEM

Once you have a working API key, you can:
  • Browse export formats to pull data as STIX 2.1, MISP, CEF/Syslog, OpenIOC, or Sigma rules (Pro tier).
  • Follow one of the SIEM integration guides to connect SOC Defenders to Splunk, Microsoft Sentinel, Elastic Security, IBM QRadar, or Google Chronicle.
  • Explore the full API reference for all available endpoints and query parameters.