Using the Countermeasures API
Before proceeding, complete the API Authentication steps in order to obtain a working
The URL to access Taegis™ XDR APIs may differ according to the region your environment is deployed in:
The examples in this Taegis™ XDR API documentation use
https://api.ctpx.secureworks.com throughout. If you are in a different region substitute appropriately.
The countermeasure API allows you to automatically download the CTU Countermeasures as documented in CTU™ Network Countermeasures.
The following endpoints can be accessed using the Taegis™ XDR Countermeasures API to retrieve CTU information:
/— Returns rulesets. Example:
/ti-list— Returns all Threat Indicator List versions released by the CTU. Example:
/ti-list/latest— Returns only the latest versions of Threat Indicator Lists released by the CTU. Example:
By default, the results from these endpoints are not url escaped. If you need to display these results in a web page, please use the query parameter
Threat Indication List endpoints by default return filtered lists (MSS). If you need all the lists or only raw lists, please use the filter query parameter.*
?filter=all => all lists
?filter=raw => raw lists
*omit the query param or
?filter=mss for mss lists.