Integrating with custom threat intelligence databases

It is possible to integrate Kondukto with custom TI databases that might be used in an organization. To do so, the integration should be enabled under Integrations --> Threat Intelligence.

Once the integration is enabled, it becomes possible to feed Kondukto with threat intelligence data coming from a database through Kondukto's API.

The following information can be sent to Kondukto through API;

CVE ID: Required
Description: Optional
Observed in the wild: Optional
Known exploit: Optional
Publish date: Optional
Risk Rating: Required (set as 0 by default)

An example is as follows;

{
"cve_id": "CVE-2018-14721", // required and must be unique
"description": "", // optional, default empty
"observed_in_the_wild": false, // optional, default false
"known_exploit": false, // optional, default false
"publish_date": "2023-08-16T19:05:01.000Z", // optional, it will current time if its sended null
"risk_rating": 2 // optional, default 0
}

The following operations can be carried out through API;

Get all TI data available on Kondukto

Endpoint: {{API_BASE}}/api/v3/threat_intelligence
Method: GET

Get TI data available on Kondukto by CVE ID

Endpoint: {{API_BASE}}/api/v3/threat_intelligence/{{CVE_ID}}
Method: GET

Create TI data on Kondukto

If there is already TI data belonging to an entered CVE ID, the old TI data will also be updated using this endpoint.
Endpoint: {{API_BASE}}/api/v3/threat_intelligence
Method: POST

Update TI data on Kondukto by CVE ID

Endpoint: {{API_BASE}}/api/v3/threat_intelligence/{{CVE_ID}}
Method: PATCH