Get Samples for Domain, IP, or URL - Cloud Security API

{"type":"api","title":"Get Samples for Domain, IP, or URL","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/9d37d008417d562ab46d4b67547a68457ce288d2/570121d2-76a9-3f3f-bf01-6671496640c5","info":{"title":"Cisco Secure Access Investigate API","description":"The Secure Access Investigate API provides a complete view of domains in relation to IP and autonomous system number (ASN) information.\nYou can get the following domain information:\n\n* Domain status, risk score, and geolocation\n* Number of domain searches\n* Co-occurring domains\n* Subdomains of a domain\n* Tagged timeline of a domain, IP, or URL\n* Security reputation of a domain\n* Top accessed domains\n* WHOIS information for the domain\n* Threat intelligence data for domains, IPs, and URLs\n* Threat intelligence samples by file hash","version":"2.0.0","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Domain Status and Categorization"},{"name":"Domain Volume"},{"name":"Co-occurrences for a Domain"},{"name":"Passive DNS"},{"name":"Tagging Timeline"},{"name":"Subdomains for a Domain"},{"name":"Related Domains for a Domain"},{"name":"Security Information for a Domain"},{"name":"AS Information for a Domain"},{"name":"WHOIS Information for a Domain"},{"name":"Popularity List-Top Million Domains"},{"name":"Search Domain"},{"name":"Cisco Secure Malware Analytics Integration"},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/investigate/investigate-overview.md","uri":"secure-access-api-reference-investigate-api-overview"}},"openapi":"3.0.0","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"investigate/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"scopes":{"investigate.investigate:read":"Investigate read access","investigate.bulk:read":"Investigate bulk read access"},"tokenUrl":"https://api.sse.cisco.com/auth/v2/token"}}}}},"spec":{"summary":"Get Samples for Domain, IP, or URL","operationId":"getSamplesDestination","tags":["Cisco Secure Malware Analytics Integration","Secure Access"],"description":"Specify a domain, IP, or URL. Use the destination to search for all samples\nassociated with the destination. The default number of items in a response is 10. You can extend the limit.\nYou must have a license for Cisco Secure Malware Analytics to receive the samples data.\n\nCisco Secure Malware Analytics retains checksum samples for one year.\nYou may find that Investigate previously listed a sample related\nto a destination. If Cisco Secure Malware Analytics no longer contains a sample\nrelated to the destination, Investigate does not display the sample in the list\nof associated samples.\n\nAn error may occur when the requested destination is not in a valid format,\nif the requested host is not found in our database, or if there is no data available\nfor the destination that you have requested. CIDR subnets (for example: 10.10.10.0/24) and pattern search is not supported.\n","parameters":[{"name":"destination","in":"path","required":true,"description":"A domain, IP, or URL. For example, 'cisco.com', 195.22.28.196, or 'https://cisco.com'.","schema":{"type":"string"},"example":"https://cisco.com","$$ref":"#/components/parameters/destinationParam"},{"name":"limit","in":"query","required":false,"description":"The number of items to return in the response from the collection. The default limit is 10.\nIncrease the limit to request a larger set of data.","schema":{"type":"integer","default":10},"example":25,"$$ref":"#/components/parameters/limitParam"},{"name":"offset","in":"query","required":false,"description":"A number that represents an index in the collection. By default, the offset is 0 (the first record).","schema":{"type":"integer","default":0},"example":2,"$$ref":"#/components/parameters/offsetParam"},{"name":"sortby","in":"query","required":false,"description":"Sort the sample based on optional values: `first-seen`, `last-seen`, or `score`.\nThe default value is `score`.","schema":{"type":"string","enum":["firstSeen","lastSeen","score"]},"example":"score","$$ref":"#/components/parameters/sortbyScoreParam"}],"security":[{"oauthFlow":["investigate.investigate:read"]}],"responses":{"200":{"description":"OK","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"array","description":"The list of all samples associated with the destination.","items":{"type":"object","description":"The samples and information associated with the destination.","properties":{"query":{"type":"string","description":"The domain, IP, or URL.","example":"google.com"},"totalresults":{"type":"integer","description":"The number of total results.","format":"int64","example":10},"moreDataAvailable":{"type":"boolean","description":"Specifies whether more samples are available for the destination.","example":true,"$$ref":"#/components/schemas/moreDataAvailable"},"limit":{"type":"integer","description":"The maximum number of records to include in the response.","format":"int64","example":100,"$$ref":"#/components/schemas/limit"},"offset":{"type":"integer","description":"The place to start reading in the collection.","format":"int64","default":0,"example":5,"$$ref":"#/components/schemas/offset"},"samples":{"type":"array","description":"The list of hash samples and information for the destination.","items":{"type":"object","description":"The information about the hash sample.","properties":{"sha256":{"type":"string","description":"The sha256 hash string.","example":"e9d3470c37dada28d5a32fb53a243c5b20def35bb01abf8f5403182cc2b91fdd"},"sha1":{"type":"string","description":"The sha1 hash string.","example":"de182fdcc3c0d473b90a0df0ad14c2074d1e7c50"},"md5":{"type":"string","description":"The md5 hash string.","example":"282f80e8a2cf9e0e0dd72093787d99c6"},"magictype":{"type":"string"},"threatscore":{"type":"integer","format":"int64","description":"The threat score assigned to the sample.","example":100},"size":{"type":"integer","format":"int64","description":"The size of the sample.","example":19251},"firstSeen":{"type":"integer","format":"int64","description":"The first time Secure Access related the domain for the resource record, specified\nin Unix Epoch time.","example":1615427410,"$$ref":"#/components/schemas/firstSeen"},"lastSeen":{"type":"integer","format":"int64","description":"The last time Secure Access related the domain for the resource record, specified\nin Unix Epoch time.","example":1615427410,"$$ref":"#/components/schemas/lastSeen"},"visible":{"type":"boolean","description":"Specifies whether the threat is visible.","example":false},"avresults":{"type":"array","description":"The list of antivirus results.","items":{"type":"object","description":"The information about the antivirus result.","properties":{"signature":{"type":"string","description":"The signature of the antivirus."},"product":{"type":"string","description":"The name of the product associated with the antivirus."}},"example":{"signature":"Win.Trojan.Ramnit","product":"ClamAV"},"$$ref":"#/components/schemas/Avresult"}}},"example":{"sha256":"e9d3470c37dada28d5a32fb53a243c5b20def35bb01abf8f5403182cc2b91fdd","sha1":"de182fdcc3c0d473b90a0df0ad14c2074d1e7c50","md5":"282f80e8a2cf9e0e0dd72093787d99c6","magicType":"PE32 executable (GUI) Intel 80386, for MS Windows","threatscore":100,"size":192512,"firstSeen":1460108539000,"lastSeen":1460108539000,"visible":true,"avresults":[{"signature":"Win.Trojan.Ramnit","product":"ClamAV"},{"signature":"Win.Trojan.Parit","product":"ClamAV"}]},"$$ref":"#/components/schemas/Sample"},"example":[{"sha256":"e9d3470c37dada28d5a32fb53a243c5b20def35bb01abf8f5403182cc2b91fdd","sha1":"de182fdcc3c0d473b90a0df0ad14c2074d1e7c50","md5":"282f80e8a2cf9e0e0dd72093787d99c6","magicType":"PE32 executable (GUI) Intel 80386, for MS Windows","threatscore":100,"size":192512,"firstSeen":1460108539000,"lastSeen":1460108539000,"visible":true,"avresults":[{"signature":"Win.Trojan.Ramnit","product":"ClamAV"},{"signature":"Win.Trojan.Parit","product":"ClamAV"}]}]}},"example":{"query":"google.com","totalresults":10,"moreDataAvailable":true,"limit":10,"offset":0,"samples":[{"sha256":"e9d3470c37dada28d5a32fb53a243c5b20def35bb01abf8f5403182cc2b91fdd","sha1":"de182fdcc3c0d473b90a0df0ad14c2074d1e7c50","md5":"282f80e8a2cf9e0e0dd72093787d99c6","magicType":"PE32 executable (GUI) Intel 80386, for MS Windows","threatscore":100,"size":192512,"firstSeen":1460108539000,"lastSeen":1460108539000,"visible":true,"avresults":[{"signature":"Win.Trojan.Ramnit","product":"ClamAV"},{"signature":"Win.Trojan.Parit","product":"ClamAV"}]}]},"$$ref":"#/components/schemas/Grid"},"example":[{"query":"google.com","totalresults":10,"moreDataAvailable":true,"limit":10,"offset":0,"samples":[{"sha256":"e9d3470c37dada28d5a32fb53a243c5b20def35bb01abf8f5403182cc2b91fdd","sha1":"de182fdcc3c0d473b90a0df0ad14c2074d1e7c50","md5":"282f80e8a2cf9e0e0dd72093787d99c6","magicType":"PE32 executable (GUI) Intel 80386, for MS Windows","threatscore":100,"size":192512,"firstSeen":1460108539000,"lastSeen":1460108539000,"visible":true,"avresults":[{"signature":"Win.Trojan.Ramnit","product":"ClamAV"},{"signature":"Win.Trojan.Parite","product":"ClamAV"}]}]}],"$$ref":"#/components/schemas/Grids"},"example":[{"query":"google.com","totalResults":10,"moreDataAvailable":true,"limit":10,"offset":0,"samples":[{"sha256":"e9d3470c37dada28d5a32fb53a243c5b20def35bb01abf8f5403182cc2b91fdd","sha1":"de182fdcc3c0d473b90a0df0ad14c2074d1e7c50","md5":"282f80e8a2cf9e0e0dd72093787d99c6","magicType":"PE32 executable (GUI) Intel 80386, for MS Windows","threatScore":100,"size":192512,"firstSeen":1460108539000,"lastSeen":1460108539000,"visible":true,"avresults":[{"signature":"Win.Trojan.Ramnit","product":"ClamAV"},{"signature":"Win.Trojan.Parite","product":"ClamAV"}]}]}]}}},"400":{"description":"Bad Request","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Internal Server Error","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"getSamplesDestination","method":"get","path":"/samples/{destination}"}}