Solutions for Threat Check API

  • Updated on Sep 16, 2025
  • Published on Apr 24, 2025
  • 1 minute(s) read
Prev Next

Integrate the Threat Check API into the following security workflows:

  • Email filtering

  • SIEM automation

  • DNS-based lookups

For all solutions, send a request with a user identifier key and an indicator, then parse the Boolean response to determine if the indicator is listed on an IOFA feed or not.

Prerequisites

You must have the following to complete this guide successfully:

  • Enterprise subscription: An active Silent Push Enterprise subscription.

  • Access Key: A unique key required for authentication.

  • Network access: The environment must allow outbound HTTPS requests to https://api.threatcheck.silentpush.com/v1/.

View your Access Key

Note: The key is masked by default.

  1. From your user icon, select Subscription.

  2. In Threat Check API, view or copy the provided access key.

Example use cases

  1. Email Filtering:

    • During inbound email processing, call the Threat Check API to verify if a sender’s domain or IP address is on an IOFA feed.

    • If is_listed is true; route the email for further inspection or block it.

  2. SIEM Integration:

    • Configure a rule to send indicators, like IP addresses from firewall logs, to the Threat Check API.

    • If is_listed is true, trigger an automated response in the SIEM.

  3. DNS-Based Lookups:

    • For environments that prefer DNS-based checks, the system can be configured to handle DNS queries.

    • This setup supports high-volume scenarios without requiring multiple HTTP requests.

Example implementation steps

  1. Retrieve the ThreatCheck API Key.

    1. Copy the user identifier key from the Subscription page in the Silent Push platform.

  2. Construct the Request.0

    1. Include the following query parameters:

      1. t set to ip (type of query)

      2. d set to iofa (data source)

      3. u user identifier key (from step 1)

      4. q Target IP address

    2. Example: https://api.silentpush.com/?t=ip&d=iofa&u=&q=

  3. Parse the Response.

    1. Check the is_listed field in the JSON response:

      1. true: the indicator is on an IOFA feed.

      2. false: the IP is not listed.

  4. Take Action:

    1. If  is_listed is true, implement security actions such as

      1. blocking traffic from the IP.

      2. Raising alerts for further investigation.

    2. If false, proceed with normal operations.

Example cURL request

curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"

Response example

{

"query": "192.168.1.10",

"is_listed": true,

"listed_txt": "This IP is on the IOFA feed."

}