Using the Countermeasures API

Important

Before proceeding, complete the API Authentication steps in order to obtain a working client_id and client_secret.

Regions

The URL to access XDR APIs may differ according to the region your environment is deployed in:

US1— https://api.ctpx.secureworks.com
US2— https://api.delta.taegis.secureworks.com
US3— https://api.foxtrot.taegis.secureworks.com
EU— https://api.echo.taegis.secureworks.com

The examples in this XDR API documentation use https://api.ctpx.secureworks.com throughout. If you are in a different region substitute appropriately.

The countermeasure API allows you to automatically download the Secureworks Counter Threat Unit™ (CTU) Countermeasures as documented in CTU Network Countermeasures.

Endpoints ⫘

The following endpoints can be accessed using the Secureworks® Taegis™ XDR Countermeasures API to retrieve CTU information:

/ — Returns rulesets. Example: https://api.ctpx.secureworks.com/intel-requester/
/ti-list — Returns all Threat Indicator List versions released by the CTU. Example: https://api.ctpx.secureworks.com/intel-requester/ti-list
/ti-list/latest — Returns only the latest versions of Threat Indicator Lists released by the CTU. Example: https://api.ctpx.secureworks.com/intel-requester/ti-list/latest

By default, the results from these endpoints are not url escaped. If you need to display these results in a web page, please use the query parameter ?html=true.

Threat Indication List endpoints by default return filtered lists (MSS). If you need all the lists or only raw lists, please use the filter query parameter.*

?filter=all => all lists
?filter=raw => raw lists

*omit the query param or ?filter=mss for mss lists.

Using the Countermeasures API

Endpoints ⫘

On this page: