Solutions for Threat Check API

Updated
  • Updated on Aug 26, 2025
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

Integrate the Threat Check API into the following security workflows:

  • Email filtering

  • SIEM automation

  • DNS-based lookups

For all solutions, send a request with a user identifier key and an indicator, then parse the Boolean response to determine if the indicator is listed on an IOFA feed or not.

Prerequisites

You must have the following to complete this guide successfully:

  • Enterprise Subscription: An active Silent Push Enterprise subscription.

  • User Identifier Key: A unique key required for authentication. This key is found on the subscription page of the Silent Push platform.

  • Network Access: The environment must allow outbound HTTPS requests to https://api.threatcheck.silentpush.com/v1/.

Example Use Cases

  1. Email Filtering:

    • During inbound email processing, call the Threat Check API to verify if a sender’s domain or IP address is on an IOFA feed.

    • If is_listed is true; route the email for further inspection or block it.

  2. SIEM Integration:

    • Configure a rule to send indicators, like IP addresses from firewall logs, to the Threat Check API.

    • If is_listed is true, trigger an automated response in the SIEM.

  3. DNS-Based Lookups:

    • For environments that prefer DNS-based checks, the system can be configured to handle DNS queries.

    • This setup supports high-volume scenarios without requiring multiple HTTP requests.

Example Implementation Steps

  1. Retrieve the ThreatCheck API Key.

    1. Copy the user identifier key from the Subscription page in the Silent Push platform.

  2. Construct the Request.0

    1. Include the following query parameters:

      1. t set to ip (type of query)

      2. d set to iofa (data source)

      3. u user identifier key (from step 1)

      4. q Target IP address

    2. Example: https://api.silentpush.com/?t=ip&d=iofa&u=&q=

  3. Parse the Response.

    1. Check the is_listed field in the JSON response:

      1. true: the indicator is on an IOFA feed.

      2. false: the IP is not listed.

  4. Take Action:

    1. If  is_listed is true, implement security actions such as

      1. blocking traffic from the IP.

      2. Raising alerts for further investigation.

    2. If false, proceed with normal operations.

Example cURL Request

curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"

Response Example

{

"query": "192.168.1.10",

"is_listed": true,

"listed_txt": "This IP is on the IOFA feed."

}