Integrating with custom threat intelligence databases
It is possible to integrate Kondukto with custom TI databases that might be used in an organization. To do so, the integration should be enabled under Integrations --> Threat Intelligence.
Once the integration is enabled, it becomes possible to feed Kondukto with threat intelligence data coming from a database through Kondukto's API.
The following information can be sent to Kondukto through API;
CVE ID: Required
Description: Optional
Observed in the wild: Optional
Known exploit: Optional
Publish date: Optional
Risk Rating: Required (set as 0 by default)
An example is as follows;
{
"cve_id": "CVE-2018-14721", // required and must be unique
"description": "", // optional, default empty
"observed_in_the_wild": false, // optional, default false
"known_exploit": false, // optional, default false
"publish_date": "2023-08-16T19:05:01.000Z", // optional, it will current time if its sended null
"risk_rating": 2 // optional, default 0
}
The following operations can be carried out through API;
Get all TI data available on Kondukto
Endpoint: {{API_BASE}}/api/v3/threat_intelligence
Method: GET
Get TI data available on Kondukto by CVE ID
Endpoint: {{API_BASE}}/api/v3/threat_intelligence/{{CVE_ID}}
Method: GET
Create TI data on Kondukto
If there is already TI data belonging to an entered CVE ID, the old TI data will also be updated using this endpoint.
Endpoint: {{API_BASE}}/api/v3/threat_intelligence
Method: POST
Update TI data on Kondukto by CVE ID
Endpoint: {{API_BASE}}/api/v3/threat_intelligence/{{CVE_ID}}
Method: PATCH
Updated about 1 year ago