Using the Countermeasures API
Important
Before proceeding, complete the API Authentication steps in order to obtain a working client_id
and client_secret
.
Regions
The URL to access XDR APIs may differ according to the region your environment is deployed in:
- US1—
https://api.ctpx.secureworks.com
- US2—
https://api.delta.taegis.secureworks.com
- US3—
https://api.foxtrot.taegis.secureworks.com
- EU—
https://api.echo.taegis.secureworks.com
The examples in this XDR API documentation use https://api.ctpx.secureworks.com
throughout. If you are in a different region substitute appropriately.
The countermeasure API allows you to automatically download the Secureworks Counter Threat Unit™ (CTU) Countermeasures as documented in CTU Network Countermeasures.
Endpoints ⫘
The following endpoints can be accessed using the Secureworks® Taegis™ XDR Countermeasures API to retrieve CTU information:
/
— Returns rulesets. Example:https://api.ctpx.secureworks.com/intel-requester/
/ti-list
— Returns all Threat Indicator List versions released by the CTU. Example:https://api.ctpx.secureworks.com/intel-requester/ti-list
/ti-list/latest
— Returns only the latest versions of Threat Indicator Lists released by the CTU. Example:https://api.ctpx.secureworks.com/intel-requester/ti-list/latest
By default, the results from these endpoints are not url escaped. If you need to display these results in a web page, please use the query parameter ?html=true
.
Threat Indication List endpoints by default return filtered lists (MSS). If you need all the lists or only raw lists, please use the filter query parameter.*
?filter=all => all lists
?filter=raw => raw lists
*omit the query param or ?filter=mss
for mss lists.