Integrate the Threat Check API into the following security workflows:
Email filtering
SIEM automation
DNS-based lookups
For all solutions, send a request with a user identifier key and an indicator, then parse the Boolean response to determine if the indicator is listed on an IOFA feed or not.
Prerequisites
You must have the following to complete this guide successfully:
Enterprise subscription: An active Silent Push Enterprise subscription.
Access Key: A unique key required for authentication.
Network access: The environment must allow outbound HTTPS requests to
https://api.threatcheck.silentpush.com/v1/
.
View your Access Key
Note: The key is masked by default.
From your user icon, select Subscription.
In Threat Check API, view or copy the provided access key.
Example use cases
Email Filtering:
During inbound email processing, call the Threat Check API to verify if a sender’s domain or IP address is on an IOFA feed.
If
is_listed
istrue
; route the email for further inspection or block it.
SIEM Integration:
Configure a rule to send indicators, like IP addresses from firewall logs, to the Threat Check API.
If
is_listed
istrue
, trigger an automated response in the SIEM.
DNS-Based Lookups:
For environments that prefer DNS-based checks, the system can be configured to handle DNS queries.
This setup supports high-volume scenarios without requiring multiple HTTP requests.
Example implementation steps
Retrieve the ThreatCheck API Key.
Copy the user identifier key from the Subscription page in the Silent Push platform.
Construct the Request.0
Include the following query parameters:
t
set toip
(type of query)d
set toiofa
(data source)u
user identifier key (from step 1)q
Target IP address
Example:
https://api.silentpush.com/?t=ip&d=iofa&u=&q=
Parse the Response.
Check the
is_listed
field in the JSON response:true
: the indicator is on an IOFA feed.false
: the IP is not listed.
Take Action:
If
is_listed
istrue
, implement security actions such asblocking traffic from the IP.
Raising alerts for further investigation.
If
false
, proceed with normal operations.
Example cURL request
curl -X GET "https://api.threatcheck.silentpush.com/v1/?t=ip&d=iofa&u=12345&q=192.168.1.10"
Response example
{
"query": "192.168.1.10",
"is_listed": true,
"listed_txt": "This IP is on the IOFA feed."
}