Vision API Endpoint Paths and Descriptions
Vision API Endpoints Paths and Descriptions
The Vision Application Programming Interface (API) is a RESTful web service that enables access to Vision data and data products:
Data: Indexed Collection
- SEARCH endpoint allows for targeted, complex queries with various parameters and filters to retrieve full documents from the entirety of Vision’s indexed data collection.
- RANSOMWARE endpoint facilitates querying for organization information specifically filtered to Ransomware as a Service (RaaS) websites and blogs, or leaks sourced from those RaaS sites, from Vision’s indexed data collection.
- DOCUMENT endpoint allows for retrieval of specific documents from Vision’s indexed data collection.
Data: Structured Records
- ENTITY endpoints allow for lookup of structured records associated with cryptocurrency, emails, IP addresses, or credit cards.
Data Enrichment
- LEAK endpoints allows you to retrieve a list of leaks recently added to the DarkOwl Vision dataset, or supplemental information about an individual leak.
Analytical Products
-
- ACTOR endpoints provide actor dossiers for selected threat actors, which may include profile information, targets, tools, and/or darknet fingerprint.
- DARKSONAR endpoint allows for retrieval of a relative risk rating for a domain, which captures rising or falling cyber risk over time. Ratings are based on credential exposure of a domain as seen in Vision’s data collection, compared with the domain’s baseline.
- SCORE endpoints allow for requesting and retrieval of DARKINT score calculations and associated formula inputs. Scores are based on the quality, quantity, and recency of exposed data found in Vision’s data collection.
API Endpoint Table
API Type |
Endpoint |
Path |
Description |
|
Search |
Search |
/api/v1/search |
Form complex searches to query Vision’s DARKINT data. Use various query parameters, filters, and options (full body, snippets, or metadata/non-body fields). Documents that meet your criteria are returned with all metadata fields; full body or snippet detail options are available. |
|
Document |
/api/v1/documents/{id} |
Return an individual document from Vision, including all metadata fields. |
|
|
Ransomware |
Ransomware |
/api/v1/ransomware |
Query DarkOwl Vision’s DARKINT data collection for mentions of various organization attributes on ransomware sites or leaks sourced from ransomware sites. |
|
Entity |
Credit Card Number |
/api/v1/entity/ccn |
Retrieve mentions of a single credit card number found in the DarkOwl Vision dataset. |
|
Crypto-currency Address |
/api/v1/entity/crypto-address |
Retrieve mentions of a single cryptocurrency address found in the DarkOwl Vision dataset. Supported currencies: Bitcoin, Dash, Ethereum, Litecoin, Monero, ZCash. |
|
|
Email Address |
/api/v1/entity/email-address |
Retrieve mentions of a single email address found in the DarkOwl Vision dataset. |
|
|
IP Address |
/api/v1/entity/ip-address |
Retrieve mentions of a single ip address found in the DarkOwl Vision dataset. IPv4 and IPv6 addresses are supported. |
|
|
Bank Identification Number |
/api/v1/entity/bin |
Retrieve all credit card numbers associated with a 6-digit bank identification number, with cvv and expiration date (if available), found in the DarkOwl Vision dataset. |
|
|
Email Domain |
/api/v1/entity/email-domain |
Retrieve all email addresses within a particular domain, with password and password type (if available), found in the DarkOwl Vision dataset. |
|
|
Leak |
Leak Context |
/api/v1/context/leak |
Retrieve information about a data leak in the DarkOwl Vision dataset. |
|
Leak Summary |
/api/v1/context/summary |
Retrieve a list of data leaks that were recently added into the DarkOwl Vision dataset. |
|
|
Actor |
Actor |
/api/v1/actor |
Retrieve an actor dossier for a selected threat actor. |
|
Summary |
/api/v1/actorsummary |
Retrieve a list of actor names within the DarkOwl Actor dataset. |
|
|
DarkSonar |
DarkSonar |
/api/v1/risk |
Request and retrieve a synchronous relative risk rating and signal interpretation. Includes an option to include historical ratings and baseline calculations in the response. |
|
Score |
Submit |
/api/v1/score/submit |
Request an asynchronous DARKINT Score calculation. |
|
Status |
/api/v1/score/status?id= |
Check the status of a DARKINT Score calculation. |
|
|
Result |
/api/v1/score/result?id= |
Retrieve a DARKINT Score and its associated score formula inputs. |