# ThreatBook CTI Documentation ## Docs - [Authentication](https://docs.threatbook.io/api-reference/authentication.md) - [Compromise Detection](https://docs.threatbook.io/api-reference/enrichment/compromise-detection-v1.md): This API is used to detect if an outbound address requested from an internal host is malicious and corresponding threat intel labels. - [Domain Intelligence(v1)](https://docs.threatbook.io/api-reference/enrichment/domain-intelligence-v1.md): Domain Intelligence(V1) API provides intelligence judgment, relevant threat actors, virus/trojan family, complete original intelligence, as well as associated DNS, whois and contextual data for each domain. - [Domain Intelligence](https://docs.threatbook.io/api-reference/enrichment/domain-intelligence-v2.md): Domain Intelligence(V2) API provides detailed threat intelligence for verdict. This includes threat verdict and labes from **ThreatBook Lab**, as well as associated DNS, whois and contextual data for each domain. - [File Intelligence](https://docs.threatbook.io/api-reference/enrichment/file-intelligence-v2.md): Retrieve detailed static and dynamic analysis reports of a file, including file summary information, network behavior, behavioral signatures, static information, dropped behavior, process behavior, and multi-engines detection results. - [File Upload](https://docs.threatbook.io/api-reference/enrichment/file-upload-v2.md): For potentially malicious files from office endpoints, Web/FTP/email attachments, or suspicious files on endpoints/servers, the system performs rapid detection using **22 antivirus scanning engines**. Based on the file type, the system automatically selects an appropriate sandbox environment for dyn… - [IP Intelligence(v1)](https://docs.threatbook.io/api-reference/enrichment/ip-intelligence-v1.md): IP Intelligence(V1) API provides intelligence labels(intelligence type), relevant threat actors, virus/trojan family, complete original intelligence, as well as associated internet asset and contextual data for each IP address. - [IP Intelligence](https://docs.threatbook.io/api-reference/enrichment/ip-intelligence-v2.md): IP Intelligence(V2) API provides detailed threat intelligence for both **inbound** and **outbound** IP addresses. This includes threat verdict and labes from **ThreatBook Lab**, as well as associated internet asset and contextual data for each IP address. - [IP Report(Community)](https://docs.threatbook.io/api-reference/enrichment/ip-report-v1.md): You are able to get an IP report with comprehensive intelligence labels, such as **C2, Malware, Zombie, Compromised Host, Scanner,** etc., and contextual information like **open ports, certificates,** and so on. - [URL Intelligence](https://docs.threatbook.io/api-reference/enrichment/url-intelligence-v2.md): Retrieve URL scan engine detection results and the analysis results of downloaded files. - [Actors](https://docs.threatbook.io/api-reference/feeds/actors.md): This API provides all threat actor profiles. - [Hash](https://docs.threatbook.io/api-reference/feeds/hash.md): This API provides identified malicious file hashes. - [IOC](https://docs.threatbook.io/api-reference/feeds/ioc.md): This API provides outbound malicious or suspicious domains and IPs. - [IP Reputation](https://docs.threatbook.io/api-reference/feeds/ip-reputation.md): This API provides inbound malicious or suspicious IPs. - [Reports](https://docs.threatbook.io/api-reference/feeds/reports.md): This API provides structured threat intelligence reports and their associated objects, such as actors, indicators, vulnerabilities, and attack techniques. - [URL](https://docs.threatbook.io/api-reference/feeds/url.md): This API provides malicious URLs. - [Splunk APP - ThreatBook Cloud API](https://docs.threatbook.io/api-reference/integration/splunk-app-api.md) - [Report Detail](https://docs.threatbook.io/api-reference/reports/report-detail.md): Retrieve the full details of a specific **threat intelligence report**. This endpoint returns comprehensive information including report **severity**, **threat and report types**, **summary**, **tags**, targeted **industries/regions/organizations/products**, **impacts**, **ATT&CK techniques**, etc… - [Report List](https://docs.threatbook.io/api-reference/reports/report-list.md) - [Vulnerability Intelligence](https://docs.threatbook.io/api-reference/vulnerabilities/vulnerability-intelligence-v2.md): Supports integrating vulnerability information into automated operations workflows, providing access to public vulnerability details, risk assessments, PoCs, remediation recommendations, patches, and more. - [Account & Limit](https://docs.threatbook.io/guide/account&limits.md) - [Chat](https://docs.threatbook.io/guide/chat.md) - [Compromise Detection](https://docs.threatbook.io/guide/compromise-detection.md) - [Differentiator](https://docs.threatbook.io/guide/differentiator.md) - [Feeds Introduction](https://docs.threatbook.io/guide/feeds_introduction.md) - [Inbound IP Enrichment](https://docs.threatbook.io/guide/inbound-enrichment.md) - [Welcome to ThreatBook CTI](https://docs.threatbook.io/guide/introduction.md) - [Overview](https://docs.threatbook.io/guide/overview.md) - [Pivoting Analysis](https://docs.threatbook.io/guide/pivoting-analysis.md) - [Research](https://docs.threatbook.io/guide/research.md) - [Threat Labels](https://docs.threatbook.io/guide/threat-labels.md) ## OpenAPI Specs - [openapi](https://docs.threatbook.io/api-reference/openapi.json)