Integrate the Threat Check API into the following security workflows:
Email filtering
SIEM automation
DNS-based lookups
For all solutions, send a request with a user identifier key and an indicator, then parse the Boolean response to determine if the indicator is listed on an IOFA feed or not.
Prerequisites
You must have the following to complete this guide successfully:
Enterprise Subscription: An active Silent Push Enterprise subscription.
User Identifier Key: A unique key required for authentication. This key is found on the subscription page of the Silent Push platform.
Network Access: The environment must allow outbound HTTPS requests to
https://api.threatcheck.silentpush.com/v1/
.
Example Use Cases
Email Filtering:
During inbound email processing, call the Threat Check API to verify if a sender’s domain or IP address is on an IOFA feed.
If
is_listed
istrue
; route the email for further inspection or block it.
SIEM Integration:
Configure a rule to send indicators, like IP addresses from firewall logs, to the Threat Check API.
If
is_listed
istrue
, trigger an automated response in the SIEM.
DNS-Based Lookups:
For environments that prefer DNS-based checks, the system can be configured to handle DNS queries.
This setup supports high-volume scenarios without requiring multiple HTTP requests.
Example Implementation Steps
Retrieve the ThreatCheck API Key.
Copy the user identifier key from the Subscription page in the Silent Push platform.
Construct the Request.0
Include the following query parameters:
t
set toip
(type of query)d
set toiofa
(data source)u
user identifier key (from step 1)q
Target IP address
Example:
https://api.silentpush.com/?t=ip&d=iofa&u=&q=
Parse the Response.
Check the
is_listed
field in the JSON response:true
: the indicator is on an IOFA feed.false
: the IP is not listed.
Take Action:
If
is_listed
istrue
, implement security actions such asblocking traffic from the IP.
Raising alerts for further investigation.
If
false
, proceed with normal operations.
Example cURL Request
curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"
Response Example
{
"query": "192.168.1.10",
"is_listed": true,
"listed_txt": "This IP is on the IOFA feed."
}