Setup Guide for Threat Check API

New
  • Published on Apr 24, 2025
  • 1 minute(s) read

Customers use the Threat Check API to determine if an IP address or a hostname is listed on a Silent Push Indicators of Future Attack (IOFA) feed. Use the following guide to configure and integrate the Threat Check API. Before starting, ensure you have the following for a successful setup:

Required

You must have the following to successfully complete this guide:

  • Enterprise Subscription: An active Silent Push Enterprise subscription.

  • User Identifier Key: A unique key required for authentication. This key is found on the subscription page of the Silent Push platform.

  • Network Access: The environment must allow outbound HTTPS requests to https://api.threatcheck.silentpush.com/v1/.

Process

  1. Gain the User Identifier Key

  2. Construct the Request

  3. Integrate the API into Security Workflows

  4. Validate the Response

1.Gain the User Identification Key

Note: The key is masked by default.

View your API Key

  1. Sign in to the Silent Push platform.

  2. Select your profile icon.

  3. Select Subscription.

  4. In Threat Check API, view or copy the provided access key:

2.Construct the Request

To construct a request, complete the following process:

Construct a Threat Check API Request

  1. Use the base URL:

    1. https://api.threatcheck.silentpush.com/v1/

  2. Build the lookup with the following required parameters:

    1. t (type): Type of indicator, for example name or ip.

    2. d (data): Type of data. The default is iofa .

    3. u (user identifier): Unique identifier of the organization that is making the request.

    4. q (query): IP address or hostname that the organization is investigating.

  3. With curl, an example request:

    1. curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"

3.Integrate the API into Security Workflows

Integrate and use the Threat Check API in the following workflows:

  • Email Filtering: Use the Threat Check API to verify sender IPs or domains before delivering emails.

  • SIEM and SOAR: Send indicators from logs or alerts to the API. If the response indicates a listed indicator, customers can trigger automated containment or notification processes.

  • DNS-Based Queries: For high-volume lookups, customers configure DNS-based checks if available in the environment.

4.Validate the Response

To verify that you have successfully setup the Threat Check API into your workflows, ensure that the responses returned are the following:

  • Successful Response (200 OK):
    {

     "query": "192.168.1.10",

     "is_listed": true,

     "listed_txt": "This IP is on the IOFA feed."

    }

  • Error Responses:

    • 400 Bad Request: Missing or invalid parameters.

    • 422 Unprocessable Entity: Invalid format, for example, an incorrect IP address.

For more information about solutions with the Threat Check API, go to our Solutions for Threat Check API article.