Retrieve IP Address Reputations
Endpoint URL: https://sage.cybereason.com/rest/download_v1/ip_reputation
Endpoint URI: download_v1/ip_reputation
Action: POST
Returns a list of all IP address reputations used by the Cybereason threat intelligence service.
This API is a legacy API and has been deprecated. For the most up-to-date IP address reputation information, use the API to check a specific IP addresses. For details on this API, see Get an IP Address Reputation.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
{}
Because this request uses a POST method, you must add a request body. Add only open and closed brackets without parameters between the brackets.
Request Parameters
URL/URI parameters: none
Request Body Parameters: none
Response Status Code
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
The response contains the following fields:
Field |
Type |
Description |
---|---|---|
ttl |
Integer |
Timestamp representing time the data is live. |
ipReputationResponseList |
Array |
An object containing details on the IP address reputations. |
requestKey |
String |
The specific IP address on which you want data. |
ipAddress |
String |
The numerical IP address. |
addressType |
Enum |
The format for the IP address. Possible values include:
|
aggregatedResult |
Array |
An object containing the details on the IP address reputation. |
reputationSource |
String |
The source for the reputation classification. |
reputationScore |
Enum |
The reputation score assigned to the IP address. Possible values include:
|
Response Failure Schema
None
Important Response Fields
Important information is found in these fields:
ipReputationResponseList object: This object contains details on all the IP addresses you entered in the request. Ensure that each of the IP addresses has a separate entry in this object.
ipAddress: The specific IP address about which you requested threat intelligence.
addressType: The IP version (either version 4 or version 6) for the requested IP address.
reputationSource: The source used to assign a reputation to this IP address.
reputationScore: The classification assigned to this IP address.
Example: Retrieve a list of IP address reputations
Request
curl --request POST \
--url https://sage.cybereason.com/rest/download_v1/ip_reputation \
--header 'Content-Type:application/json' \
--data '{}'
Response
Note
This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.
{
"requestKey": null,
"ttl": 0,
"ipReputationResponseList": [
{
"requestKey": {
"ipAddress": "176.123.26.4",
"addressType": "Ipv4"
},
"ttl": 86400000,
"aggregatedResult": {
"reputationSource": "TOR blocklist",
"reputationScore": "Malicious"
}
},
{
"requestKey": {
"ipAddress": "5.196.66.241",
"addressType": "Ipv4"
},
"ttl": 86400000,
"aggregatedResult": {
"reputationSource": "TOR blocklist",
"reputationScore": "Malicious"
}
}
]
}
Request
Use this request body:
{}
Response
Note
This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.
{
"requestKey": null,
"ttl": 0,
"ipReputationResponseList": [
{
"requestKey": {
"ipAddress": "176.123.26.4",
"addressType": "Ipv4"
},
"ttl": 86400000,
"aggregatedResult": {
"reputationSource": "TOR blocklist",
"reputationScore": "Malicious"
}
},
{
"requestKey": {
"ipAddress": "5.196.66.241",
"addressType": "Ipv4"
},
"ttl": 86400000,
"aggregatedResult": {
"reputationSource": "TOR blocklist",
"reputationScore": "Malicious"
}
}
]
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
session = requests.session()
# Request URL
sage_url = "https://sage.cybereason.com"
endpoint_url = "/rest/download_v1/ip_reputation"
api_url = sage_url + endpoint_url
query = '{}'
api_headers = {'Content-Type':'application/json'}
api_response = session.request("POST", api_url, data=query, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
Note
This is a partial response, shortened to show the key fields. Your actual response will be much longer and contain all product classifications.
{
"requestKey": null,
"ttl": 0,
"ipReputationResponseList": [
{
"requestKey": {
"ipAddress": "176.123.26.4",
"addressType": "Ipv4"
},
"ttl": 86400000,
"aggregatedResult": {
"reputationSource": "TOR blocklist",
"reputationScore": "Malicious"
}
},
{
"requestKey": {
"ipAddress": "5.196.66.241",
"addressType": "Ipv4"
},
"ttl": 86400000,
"aggregatedResult": {
"reputationSource": "TOR blocklist",
"reputationScore": "Malicious"
}
}
]
}