Get Security Score Information for Domain - Cloud Security API

{"type":"api","title":"Get Security Score Information for Domain","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/d2a1854d5c0ed9069a7f0bc54a9b813f3075ddc9/570121d2-76a9-3f3f-bf01-6671496640c5","info":{"title":"Cisco Secure Access Investigate API","description":"The Secure Access Investigate API provides a complete view of domains in relation to IP and autonomous system number (ASN) information.\nYou can get the following domain information:\n\n* Domain status, risk score, and geolocation\n* Number of domain searches\n* Co-occurring domains\n* Subdomains of a domain\n* Tagged timeline of a domain, IP, or URL\n* Security reputation of a domain\n* Top accessed domains\n* WHOIS information for the domain\n* Threat intelligence data for domains, IPs, and URLs\n* Threat intelligence samples by file hash","version":"2.0.0","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Domain Status and Categorization"},{"name":"Domain Volume"},{"name":"Co-occurrences for a Domain"},{"name":"Passive DNS"},{"name":"Tagging Timeline"},{"name":"Subdomains for a Domain"},{"name":"Related Domains for a Domain"},{"name":"Security Information for a Domain"},{"name":"AS Information for a Domain"},{"name":"WHOIS Information for a Domain"},{"name":"Popularity List-Top Million Domains"},{"name":"Search Domain"},{"name":"Cisco Secure Malware Analytics Integration"},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/investigate/investigate-overview.md","uri":"secure-access-api-reference-investigate-api-overview"}},"openapi":"3.0.0","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"investigate/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"scopes":{"investigate.investigate:read":"Investigate read access","investigate.bulk:read":"Investigate bulk read access"},"tokenUrl":"https://api.sse.cisco.com/auth/v2/token"}}}}},"spec":{"summary":"Get Security Score Information for Domain","operationId":"getSecurityName","tags":["Security Information for a Domain","Secure Access"],"description":"List multiple scores or security features for a domain. You can use the scores\nor security features to determine relevant data points and build insights on the reputation\nor security risk posed by the site. No one security information feature is conclusive.\nInstead, consider these features as part of your security research.","parameters":[{"name":"domain","in":"path","required":true,"description":"A domain name.","schema":{"type":"string"},"example":"cisco.com","$$ref":"#/components/parameters/domainParam"}],"security":[{"oauthFlow":["investigate.investigate:read"]}],"responses":{"200":{"description":"OK","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"dga_score":{"type":"number","description":"A domain generation algorithm (DGA) is used by malware to generate large lists of domain names.\nThis score is created based on the likeliness\nof the domain name being generated by an algorithm\nrather than a human. This algorithm is designed to identify domains which\nhave been created using an automated randomization\nstrategy, which is a common evasion technique in malware kits or botnets.\nThis score ranges from -100 (suspicious) to 0 (benign).","example":38.301771886101335},"perplexity":{"type":"number","description":"A second score on the likeliness of the name to be algorithmically\ngenerated, on a scale from 0 to 100. This score is used in conjunction with DGA.","example":0.4540313302593146},"entropy":{"type":"number","description":"The number of bits required to encode the domain name as a score. This score is used in conjunction with DGA and Perplexity.","example":2.5216406363433186},"securerank2":{"type":"number","description":"The suspicious rank for a domain that reviews base on the lookup behavior\nof client IP for the domain.\nSecurerank is designed to identify hostnames requested by known infected\nclients but never requested by clean clients,\nassuming these domains are more likely to be bad.\nScores returned range from -100 (suspicious) to 100 (benign).","example":-1.3135141095601992},"pagerank":{"type":"number","description":"A popularity score according to Google's PageRank algorithm.","example":0.0262532},"asn_score":{"type":"number","description":"The ASN reputation score ranges from -100 to 0 where -100 is very suspicious.","example":-29.75810625887133},"prefix_score":{"type":"number","description":"The prefix ranks domains given their IP prefixes\n(an IP prefix is the first three octets in an IP address)\nand the reputation score of these prefixes. The scores range from -100 to 0 where -100 is\nvery suspicious.","example":-64.9070502788884},"rip_score":{"type":"number","description":"The RIP ranks domains given their IP addresses and the reputation score\nof these IP addresses. The scores ranges from -100 to 0 where -100 is very suspicious.","example":-75.64720536038982},"popularity":{"type":"number","description":"The number of unique client IPs visiting this site, relative to all\nrequests to all sites. A score of how many different client or unique IPs requested\nto this domain compared to others.","example":25.335450495507196},"geodiversity":{"type":"array","description":"The list of scores that represent the number of queries from clients visiting the domain, broken down by country.","items":{"type":"number","description":"A score that represents the number of queries from clients visiting the domain,\nbroken down by country. Score is a non-normalized ratio between 0 and 1.","example":0.24074075},"example":[0.24074075,0.018518519]},"geodiversity_normalized":{"type":"array","description":"The list of scores that represents the amount of queries for clients visiting the domain,\nbroken down by country.","items":{"type":"number","description":"A score that represents the amount of queries for clients visiting the domain, broken down by country. The score is a normalized ratio between 0 and 1.","example":0.3761535390278368},"example":[0.3761535390278368,0.0005015965168831449]},"tld_geodiversity":{"type":"array","description":"The list of scores that represent the top-level domain country code geodiversity as a percentage\nof clients visiting the domain.","items":{"type":"number","description":"A score that represents the top-level domain country code geodiversity as a percentage\nof clients visiting the domain. Occurs most often with domains that have a ccTLD.\nThe score is the normalized ratio between 0 and 1."},"example":[0]},"geoscore":{"type":"number","description":"A score that represents how far the different physical locations serving this name\nare from each other.","example":0},"ks_test":{"type":"number","description":"A number that represents the Kolmogorov-Smirnov test on geodiversity.\nZero indicates that the client traffic matches what is expected for this top-level domain.","example":0},"attack":{"type":"string","description":"The name of any known attacks associated with this domain.\nReturns an empty string if no known threat associated with domain.","example":""},"threat_type":{"type":"string","description":"The type of the known attack, such as botnet or APT. Returns an empty string if no known\nthreat associated with domain.","example":"Botnet"},"found":{"type":"boolean","description":"Specifies whether the results are available.","example":false}}},"example":{"dga_score":38.301771886101335,"perplexity":0.4540313302593146,"entropy":2.5216406363433186,"securerank2":-1.3135141095601992,"pagerank":0.0262532,"asn_score":-29.75810625887133,"prefix_score":-64.9070502788884,"rip_score":-75.64720536038982,"popularity":25.335450495507196,"geodiversity":[0.24074075,0.018518519],"geodiversity_normalized":[0.3761535390278368,0.0005015965168831449],"tld_geodiversity":[0],"geoscore":0,"ks_test":0,"attack":"","threat_type":"","found":true}}}},"400":{"description":"Bad Request","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Internal Server Error","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"getSecurityName","method":"get","path":"/security/name/{domain}"}}