| title |
|---|
Intelligence Feeds |
import GatedAccessFeature from '/snippets/gated-access-feature.mdx';
Flare exposes Intelligence Feeds delivered via
TAXII 2
at https://api.flare.io/taxii2/.
| Feed | TAXII 2 ID |
|---|---|
| Full Feed (with context) | d6092c37-d8d7-45c3-8aff-c4dc26030608 |
| IOCs only | feed--02ee65ef-3e6b-40e6-a186-9d6d64ab50a9 |
Feed URLs can be constructed using:
- Format:
https://api.flare.io/taxii2/collections/<TAXII 2 ID >/ - Example:
https://api.flare.io/taxii2/collections/d6092c37-d8d7-45c3-8aff-c4dc26030608/
The intelligence feeds use HTTP Basic Auth, which most TAXII clients support:
- The username should be set to
api-key. - The password should be your Flare API Key.
Obtaining an API key is documented in the Authentication Guide .
Code examples for connecting to the feeds can be found in this Github repository:
The following example uses taxii2-client, which is
available on PyPI.
import datetime
import os
from taxii2client.v21 import Server
from taxii2client.v21 import as_pages
def main() -> None:
server = Server(
"https://api.flare.io/taxii2/",
user="api-key", # Do not change the user.
password=os.environ["FLARE_API_KEY"],
)
print(server.title)
api_root = server.api_roots[0]
start_date: datetime.datetime = datetime.datetime.now() - datetime.timedelta(
hours=2
)
# Iterate through the available collections and print new items
for collection in api_root.collections:
print(collection.title)
# Pagination request.
for envelope in as_pages(
collection.get_objects,
per_request=50,
added_after=start_date,
):
print(envelope)
if __name__ == "__main__":
main()