Get Community Trending Indicators¶

GET /1.2/community-indicators/trending?type={type}&from={from}&to={to}&startPage={start_page}&pageSize={page_size}

Description¶

Return trending community IOCs, Malware, and Vulnerabilities (CVEs). This is analogous to the Community Trends section of the dashboard on Station.

Parameters¶

Warning

This endpoint has been significantly altered. The results for this query are now being cached for time periods of 1, 3, 7, and 30 days. The interval given by from and to will be rounded to the nearest time period for which cached results exist. The result will always contain the first 10 results, thus startPage and pageSize are ignored. We recommend migrating to API v1.3 as soon as possible to use the proper interface for this endpoint.

Parameter	Required	Description
type	X	The type of indicators to be returned Available types: `MALWARE`, `CVE`, or `OTHER` (for all IOCs except for Malware and CVEs).
from		The start time of the query in seconds since Unix epoch. Defaults to 1 day ago.
to		The start time of the query in seconds since Unix epoch. Defaults to 1 day ago.
startPage		This parameter is no longer used.
pageSize		This parameter is no longer used.

Responses¶

200 (OK)¶

An object with pagination information and a list of the resulting trending indicators with their ids, titles, and correlation counts.

{
    "moreResults": <boolean>,
    "pageNumber": <current page number>,
    "totalPages": <total number of pages>,
    "data": {
        "items": [
            {
                "indicatorType": "<indicator type>",
                "correlationCount": <number of correlations>,
                "value": "<indicator value>"
            },
            ...
        ]
    },
    "pageSize": <max results per page>,
    "totalElements": <number results returned>,
    "elementCount": <number of results returned>
}

400 (Bad Request)¶

{
    "timestamp": 1509395506281,
    "status": 400,
    "error": "Bad Request",
    "message": "unrecognized trending IOC type: blah",
    "path": "/api/1.2/community-indicators/trending"
}

Example Usage¶

Request¶

curl -k -H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.2/community-indicators/trending?type=other&pageSize=25&startPage=0&from=1509131449000&to=1509134866764"

Response¶

{
    "moreResults": false,
    "pageNumber": 0,
    "totalPages": 1,
    "data": {
        "items": [
            {
                "value": "subaat.com",
                "indicatorType": "URL",
                "correlationCount": 1
            },
            {
                "value": "http://subaat.com/files/sp.exe",
                "indicatorType": "URL",
                "correlationCount": 1
            },
            {
                "value": "5.189.157.215",
                "indicatorType": "IP",
                "correlationCount": 1
            },
            {
                "value": "115.186.136.237",
                "indicatorType": "IP",
                "correlationCount": 1
            },
            {
                "value": "23.92.211.186",
                "indicatorType": "IP",
                "correlationCount": 1
            },
            {
                "value": "pkwebhost.net",
                "indicatorType": "URL",
                "correlationCount": 1
            },
            {
                "value": "https://researchcenter.paloaltonetworks.com",
                "indicatorType": "URL",
                "correlationCount": 1
            },
            {
                "value": "https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository",
                "indicatorType": "URL",
                "correlationCount": 1
            }
        ]
    },
    "pageSize": 25,
    "totalElements": 8,
    "elementCount": 8
}