Cisco Secure Access Investigate API: Domain Status, Risk Score

Investigate

The Cisco Secure Access Investigate API provides a complete view of domains in relation to IP and autonomous system number (ASN) information.

You can get the following domain-related information:

  • Domain status, risk score, and geolocation
  • Number of domain searches
  • Co-occurring domains
  • Subdomains of a domain
  • Tagged timeline of a domain, IP, or URL
  • Security reputation of a domain
  • Top accessed domains
  • WHOIS information for the domain
  • Threat intelligence data for domains, IPs, and URLs
  • Threat intelligence samples by file hash

You can find the Secure Access Investigate API endpoints under the investigate scope in Secure Access.

Overview

Cisco Secure Malware Analytics Integration

Certain Investigate API endpoints integrate with Cisco Secure Malware Analytics. These API endpoints provide detailed information about file samples related to an IP, domain, or URL. You must have licenses to both Investigate and Cisco Secure Malware Analytics to receive an API response that includes the samples data.

Investigate API endpoints that require a Cisco Secure Malware Analytics license:

  • GET /samples/{destination}
  • GET /sample/{hash}
  • GET /sample/{hash}/artifacts
  • GET /sample/{hash}/connections
  • GET /sample/{hash}/behaviors

Rate Limits for Investigate

Secure Access enables rate limits on the Investigate API endpoints. For more information, see Rate Limits > Investigate.

Request Headers

Unless specified, the Secure Access API endpoints use JSON for all requests and responses.

Note: For POST, PUT, and PATCH operations, set the HTTP Content-Type header to application/json in your API request.

Investigate API Endpoints