Skip to content
Signals
Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time
Dragons Community

IOC

IOC API

Retrieve indicators of compromise with type, TLP, confidence and status filters. All values use RFC 5737 documentation ranges — no real malicious infrastructure.

Safety level: Restricted. All responses are editorially reviewed, redacted and safe for enterprise consumption. No raw IOC data, dark web content, exploit code or stolen credentials.

Example use cases

  • SIEM enrichment and correlation rules
  • Automated blocking list updates
  • Threat hunting indicator feeds
  • Incident response triage support

Endpoints

GET/api/v1/threat-intelligence

List Threat Intelligence

Threat Intelligence · Enterprise

IOC Response

Indicator of compromise with type, confidence, TLP classification and defensive context.

id*

IOC identifier

string

type*

Indicator type: ip, domain, url, hash, email

string

value*redacted

Indicator value (RFC 5737 ranges for IPs)

string

confidence*

Confidence level: low, medium, high

string

tlp*

TLP classification: clear, green, amber, red

string

firstSeen*

ISO 8601 first observation date

string

defensiveGuidance

Recommended defensive action

string
{ "id": "ioc-001", "type": "ip", "value": "[REDACTED] 192.0.2.••", "confidence": "high", "tlp": "green", "firstSeen": "2026-04-15", "defensiveGuidance": "Block at perimeter firewall" }

Safety notes

All IP addresses use RFC 5737 documentation ranges (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24).

No real malicious infrastructure, C2 addresses or active threat indicators.

Hash values are synthetic — not real malware samples.