APIVoid
LAST UPDATED: 06/10/2024
Overview
APIVoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention, reducing and automating the manual work of security analysts.
D3 SOAR is providing REST operations to function with APIVoid.
APIVoid is available for use in:
Known Limitations
Command | Limits |
Check IP Reputation | You need to limit requests to a maximum of 2-3 requests per second. Before starting new requests, wait until the previous ones have finished. These rules will ensure our APIs run smoothly for all users. Occasional small peaks should not cause problems, but we ask you to limit the requests on your end. We may add requests per second restrictions on APIVoid from our side in the coming months. Please note that if we notice you make too many requests per second continuously, we may restrict usage of our APIs on your account. In case our servers are handling too many requests, you may get a 502 HTTP status code. |
Check URL Reputation | You need to limit requests per second to a maximum of 2-3 requests. Before starting new requests, wait until the previous ones have finished. These rules will ensure our APIs run smoothly for all users. Occasional small peaks should not cause problems, but we ask you to limit the requests on your end. We may add requests per second restrictions on APIVoid from our side in the coming months. Please note that if we notice you making too many requests per second continuously, we may restrict the usage of our APIs on your account. If our servers are handling too many requests, you may receive a 502 HTTP status code. |
Check Domain Reputation | You need to limit requests per second to a maximum of 3-5 requests. Before starting new requests, wait until the previous ones have finished. These rules will ensure our APIs run smoothly for all users. Occasional small peaks should not cause problems, but we ask you to limit the requests on your end. We may add requests per second restrictions on APIVoid from our side in the coming months. Please note that if we notice you making too many requests per second continuously, we may restrict the usage of our APIs on your account. If our servers are handling too many requests, you may receive a 502 HTTP status code. |
Check Email Reputation | You need to limit requests per second to a maximum of 3-5 requests. Before starting new requests, wait until the previous ones have finished. These rules will ensure our APIs run smoothly for all users. Occasional small peaks should not cause problems, but we ask you to limit the requests on your end. We may add requests per second restrictions on APIVoid from our side in the coming months. Please note that if we notice you making too many requests per second continuously, we may restrict the usage of our APIs on your account. If our servers are handling too many requests, you may receive a 502 HTTP status code. |
Get Screenshot | You need to limit requests per second to a maximum of 2-3 requests. Before starting new requests, wait until the previous ones have finished. These rules will ensure our APIs run smoothly for all users. Occasional small peaks should not cause problems, but we ask you to limit the requests on your end. We may add requests per second restrictions on APIVoid from our side in the coming months. Please note that if we notice you making too many requests per second continuously, we may restrict the usage of our APIs on your account. If our servers are handling too many requests, you may receive a 502 HTTP status code. |
You can check APIVoid uptime on the status page. For more information about rate limits, please refer to APIVoid Documentation for detailed information.
Connection
To connect to APIVoid from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The URL of the APIVoid server. | https://endpoint.apivoid.com |
API Key | The API key used to authenticate the API connection. | 2e0************************ba2 |
API Version | The version of the API to use for the connection. | v1 |
Configuring APIVoid to Work with D3 SOAR
Log into the APIVoid web interface.
Visit the Dashboard to check the remaining credits.
Having zero credit will result in the failure of all commands, including the Test Connection command.
The Test Connection command and any unsuccessful API calls will not consume credits.
Click “Buy More Credits” if you are out of credits.
Click on My API Keys, and select Add API Key.
Save the API Key.
READER NOTE
Credits are valid for one year only. You can add or modify your API keys. Ensure that the API keys in VSOC are current.
WARNING
Too many requests with an incorrect API key will trigger an ERROR, locking the IP address. Please reach out to customer support or wait approximately one hour for the lock to be lifted.
Configuring D3 SOAR to Work with APIVoid
Log in to D3 SOAR.
Find the APIVoid integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type APIVoid in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to APIVoid.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System Reputation Check: Checking one or more reputation check tick boxes will run the corresponding check reputation command(s) under this integration connection to enrich the corresponding artifacts with reputation details.
For example, we are configuring an integration connection named “ConnectionA” with the site “Sandbox”. All IP artifacts from the “Sandbox” site will go through a reputation check using the Check IP Reputation command from that integration. The return data output from running the command will then be used to update the risk level of the artifacts which may affect the risk level of incoming events.System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Server URL. The default value is https://endpoint.apivoid.com.
2. Copy the API Key from the APIVoid platform.
3. Input the API Version. The default value is v1.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
APIVoid includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the APIVoid API, please refer to the APIVoid API reference.
Check IP Reputation
Checks the risk level of Public IPv4 addresses.
Input
Input Parameter | Required/Optional | Description | Example |
IPs | Required | The public IPv4 address(es) used to check IP reputation. | [ "***.***.***.***" ] |
Output
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check IP Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API key is not valid. |
Error Sample Data Check IP Reputation failed. Status Code: 200. Message: API key is not valid. |
Check URL Reputation
Checks the risk level of URL(s).
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URL(s) checked for their reputation. | [ "https://www.*****.***" |
Output
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check URL Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Url is not valid. |
Error Sample Data Check URL Reputation failed. Status Code: 200. Message: Url is not valid. |
Check Domain Reputation
Checks the risk level of the domain(s).
Input
Input Parameter | Required/Optional | Description | Example |
Host | Required | The host(s) to submit. | [ "*****.***" ] |
Output
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check Domain Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Host is not valid. |
Error Sample Data Check Domain Reputation failed. Status Code: 200. Message: Host is not valid. |
Check Email Reputation
Checks the risk level of email(s).
Input
Input Parameter | Required/Optional | Description | Example |
Emails | Required | The emails checked for their reputation. | [ |
Output
D3-defined Risk Scores and Risk Levels
The table below lists the possible output Risk Scores and their corresponding Risk Levels:
Risk Scores | Risk Levels |
1 | High |
2 | Medium |
3 | Low |
4 | Default |
5 | ZeroRisk |
Error Handling
An Error tab will appear in the Test Result window if the command fails to run.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check Email Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API key is not valid |
Error Sample Data Check Email Reputation failed. Status Code: 200. Message: API key is not valid |
Get Screenshot
Retrieves the screenshot from a URL.
Input
Input Parameter | Required/Optional | Description | Example |
URL | Required | The URL used to retrieve the screenshot. | https://www.*****.*** |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Screenshot failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Url is not valid. |
Error Sample Data Get Screenshot failed. Status Code: 200. Message: Url is not valid. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. The API always returns a 200 HTTP status code. Refer to the APIVoid Status Code for details. | Status Code: 200. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: API key is not valid. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 200. Message: API key is not valid |