Best suited for Splunk and other time-based SEIM platforms

These APIs help you get full data out of the Intrigue.io platform and are particularly well suited for event- or time-based workflows. The apis allow you to specify a first_seen date, filtering the results to only those entities seen after this date.

COLLECTION_NAME=example &&\
ACCESS_KEY=aaabbbccc &&\
SECRET_KEY=xxxyyyzzz &&\
curl -H "INTRIGUE_ACCESS_KEY: $ACCESS_KEY" \
     -H "INTRIGUE_SECRET_KEY: $SECRET_KEY" \
https://api.intrigue.io/api/collections/:collection_name/export/:item_type/from_date/:start_ke

Example

An example url, Allowing you to pull the latest issues for the collection named "intrigueio" first seen since 2020-01-01, is:

https://app.intrigue.io/api/collections/intrigueio/export/issues/from_date/2020-01-01

Simply substitute 'intrigueio' with a collection you have, and you'll receive results!

Valid Item Types

Valid :item_type values are as follows. These correspond with the items found in the platform UX.

  • connections
  • entities
  • issues
  • products
  • typosquats
  • vulnerabilities

Handling Pagination

This APi is paginated, and to go beyond the first page, you'll need to send the start_key parameter. This is an encoded version of the "last_evaluated_key" object you receive with each response if there are more pages. Simply Base64 the JSON received under this key, and the next page will be provided to you. Continue until the result of the "last_evaluated_key" attribute is returned nil.