> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Get started with SOC Defenders

> Sign up for SOC Defenders, create an API key in Settings, and make your first IOC feed request with a working curl command in under five minutes.

This page walks you through creating a SOC Defenders account, generating your first API key, and pulling live threat intelligence from the API. You'll make your first request in under five minutes and leave with a working curl command you can adapt for your own tooling.

<Note>
  The Free tier has a rate limit of 10 requests/minute and 1,000 requests/day. You do not need a credit card to sign up.
</Note>

<Steps>
  <Step title="Sign up at socdefenders.ai">
    Go to [socdefenders.ai](https://socdefenders.ai) and create a free account. No credit card is required. Your account gives you immediate access to the REST API, the threat news feed, IOC lookup, and the CVE database.
  </Step>

  <Step title="Generate an API key">
    After signing in, navigate to **Settings → API Keys** and click **Create key**. Give the key a descriptive name (for example, `my-siem` or `dev-testing`).

    Your key is displayed once at creation time. Copy it and store it somewhere secure — you will not be able to view the full key again after leaving the page.

    API keys follow the format `sk_live_...`. Free accounts support up to 3 API keys. Pro accounts support up to 50.
  </Step>

  <Step title="Make your first API call">
    Use the following curl command to fetch the 100 most recent IPv4 indicators from the IOC feed. Replace `YOUR_API_KEY` with the key you just created.

    ```bash theme={null}
    curl -H "Authorization: Bearer YOUR_API_KEY" \
      "https://socdefenders.ai/api/v1/iocs?type=ipv4&limit=100"
    ```

    A successful response looks like this:

    ```json theme={null}
    {
      "meta": { "total": 1523, "limit": 100 },
      "data": [
        {
          "type": "ipv4",
          "value": "192.168.1.100",
          "confidence": "high",
          "source": { "feed_name": "CISA Alerts", "category": "government" }
        }
      ]
    }
    ```

    The `meta` object tells you the total number of matching indicators and how many were returned. The `data` array contains the indicators, each with a type, value, confidence rating, and source attribution.
  </Step>

  <Step title="Try the IOC lookup endpoint (optional)">
    The IOC lookup endpoint enriches a single indicator value with AI risk scoring, MITRE ATT\&CK technique mappings, and auto-generated Splunk and KQL hunting queries. This is useful for incident investigation and triage.

    ```bash theme={null}
    curl -H "Authorization: Bearer YOUR_API_KEY" \
      "https://socdefenders.ai/api/v1/lookup?value=192.168.1.100"
    ```

    See the [API reference](/api-reference/iocs/lookup) for the full response schema.
  </Step>

  <Step title="Explore export formats or connect your SIEM">
    Once you have a working API key, you can:

    * Browse [export formats](/formats/overview) to pull data as STIX 2.1, MISP, CEF/Syslog, OpenIOC, or Sigma rules (Pro tier).
    * Follow one of the [SIEM integration guides](/integrations/siem-overview) to connect SOC Defenders to Splunk, Microsoft Sentinel, Elastic Security, IBM QRadar, or Google Chronicle.
    * Explore the full [API reference](/api-reference/overview) for all available endpoints and query parameters.
  </Step>
</Steps>
