ThreatIntel Feed API
Real-time threat intelligence delivered via API. Integrate our global threat data into your SIEM, SOAR, and security tools.
Security tools are only as good as the intelligence they use. The ThreatIntel Feed API provides curated, actionable threat data from global sources, enriching your security stack with the context needed to detect and respond to threats faster.
Intelligence Data Types
IP Reputation
Real-time reputation scores for IP addresses including malicious activity history, geo-location, and associated threats.
Domain Intelligence
Identify malware distribution domains, phishing sites, command and control servers, and newly registered suspicious domains.
File Hash Database
Comprehensive database of known malware hashes (MD5, SHA1, SHA256) with malware family classification and first-seen dates.
URL Analysis
Check URLs against known malicious indicators including phishing pages, exploit kits, and malware download sites.
CVE Intelligence
Vulnerability data enriched with exploit availability, active exploitation status, and remediation guidance.
Threat Actor Profiles
Detailed profiles of threat actors including tactics, techniques, procedures (TTPs), and associated campaigns.
Works With Your Tools
The ThreatIntel Feed API integrates with your existing security stack through native integrations, STIX/TAXII support, and a flexible REST API.
REST API
STIX/TAXII
Webhooks
Bulk Export
Enrich Your Security Data
Start using ThreatIntel Feed API today. Free tier available for evaluation and small deployments.