6.2 KiB
title | layout |
---|---|
Services | page |
Services
CyCAT provides a public catalogue using an open API. The Cybersecurity Resource Catalogue public API currently allows to query UUID, publishers and projects. Additional query possibilities and a web based interface will be added at a later stage.
CyCAT - The Cybersecurity Resource Catalogue public API services document is available as OpenAPI 2.0 swagger file. The documentation of the API is available in PDF.
The API currently already includes multiple sources such as MITRE ATT&CK, Sigma rules, MISP feeds, MISP galaxies. Don't hesitate to contact us if you would like to add a new catalogue.
API Usage and Examples
Search by namespace topic
curl -X 'GET' \
'https://api.cycat.org/namespace/finduuid/mitre-attack-id/T1216' \
-H 'accept: application/json'
Searching for all the known items in CyCAT about the MITRE ATT&CK T1216 returns the following UUIDs
[
"a0459f02-ac51-4c09-b511-b8c9203fc429",
"f588e69b-0750-46bb-8f87-0e9320d57536",
"39776c99-1c7b-4ba0-b5aa-641525eee1a4",
"59e938ff-0d6d-4dc3-b13f-36cc28734d4e",
"6609c444-9670-4eab-9636-fe4755a851ce",
"51048ba0-a5aa-41e7-bf5d-993cd217dfb2",
"9df0dd3a-1a5c-47e3-a2bc-30ed177646a0",
"4cd29327-685a-460e-9dac-c3ab96e549dc",
"99465c8f-f102-4157-b11c-b0cddd53b79a",
"074e0ded-6ced-4ebd-8b4d-53f55908119d",
"f6fe9070-7a65-49ea-ae72-76292f42cebe",
"c363385c-f75d-4753-a108-c1a8e28bdbda"
]
Fetch item by UUID
curl -X 'GET' \
'https://api.cycat.org/lookup/4cd29327-685a-460e-9dac-c3ab96e549dc' \
-H 'accept: application/json'
{
"description": "Detects Execution via SyncInvoke in CL_Invocation.ps1 module",
"raw": "author: oscd.community, Natalia Shornikova\ndate: 2020/10/14\ndescription: Detects Execution via SyncInvoke in CL_Invocation.ps1 module\ndetection:\n condition: selection\n selection:\n EventID: 4104\n ScriptBlockText|contains|all:\n - CL_Invocation.ps1\n - SyncInvoke\nfalsepositives:\n- Unknown\nid: 4cd29327-685a-460e-9dac-c3ab96e549dc\nlevel: high\nlogsource:\n product: windows\n service: powershell\nmodified: 2021/05/21\nreferences:\n- https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSScripts/Cl_invocation.yml\n- https://twitter.com/bohops/status/948061991012327424\nstatus: experimental\ntags:\n- attack.defense_evasion\n- attack.t1216\ntitle: Execution via CL_Invocation.ps1\n",
"sigma:id": "4cd29327-685a-460e-9dac-c3ab96e549dc",
"title": "Execution via CL_Invocation.ps1",
"_cycat_type": "Item"
}
Fetch relationships of an UUID
curl -X 'GET' \
'https://api.cycat.org/relationships/fbd29c89-18ba-4c2d-b792-51c0adee049f' \
-H 'accept: application/json'
[
"24bfaeba-cb0d-4525-b3dc-507c77ecec41",
"b21c3b2d-02e6-45b1-980b-e69051040839",
"e6919abc-99f9-4c6c-95a5-14761e7b2add",
"cb69b20d-56d0-41ab-8440-4a4b251614d4",
"2dc2b567-8821-49f9-9045-8740f3d0b958",
"692074ae-bb62-4a5e-a735-02cb6bde458c",
"b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"837f9164-50af-4ac0-8219-379d8a74cefc",
"df8b2a25-8bdf-4856-953c-a04372b1c161",
"8d7bd4f5-3a89-4453-9c82-2c8894d5655e",
"e85cae1a-bce3-4ac4-b36b-b00acac0567b",
"005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"fb8d023d-45be-47e9-bc51-f56bcae6435b",
"b76b2d94-60e4-4107-a903-4a3a7622fb3b",
"3433a9e8-1c47-4320-b9bf-ed449061d1c3",
"910906dd-8c0a-475a-9cc1-5e029e2fad58",
"cf23bf4a-e003-4116-bbae-1ea6c558d565",
"13cd9151-83b7-410d-9f98-25d0f0d1d80d",
"afc079f3-c0ea-4096-b75d-3f05338b7f60",
"ef67e13e-5598-4adc-bdb2-998225874fa9",
"2b742742-28c3-4e1b-bab7-8350d6300fa7",
"be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"9efb1ea7-c37b-4595-9640-b7680cd84279",
"c5e3cdbc-0387-4be9-8f83-ff5c0865f377",
"03342581-f790-4f03-ba41-e82e67392e23",
"4b57c098-f043-4da2-83ef-7588a6d426bc",
"db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c",
"232b7f21-adf9-4b42-b936-b9d6f7df856e",
"2a70812b-f1ef-44db-8578-a496a227aef2",
"6add2ab5-2711-4e9d-87c8-7a0be8531530",
"f5352566-1a64-49ac-8f7f-97e1d1a03300",
"b17a1a56-e99c-403c-8948-561df0cffe81",
"3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
"00f90846-cbd1-4fc5-9233-df5c2bf2a662",
"3257eb21-f9a7-4430-8de1-d8b6e288f529",
"04fd5427-79c7-44ea-ae13-11b24778ff1c",
"65f2d882-3f41-4d48-8a06-29af77ec9f90",
"970a3432-3237-47ad-bcca-7d8cbb217736",
"b18eae87-b469-4e14-b454-b171b416bc18",
"dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"b4d80f8b-d2b9-4448-8844-4bef777ed676",
"c848fcf7-6b62-4bde-8216-b6c157d48da0",
"648f995e-9c3a-41e4-aeee-98bb41037426",
"90ac9266-68ce-46f2-b24f-5eb3b2a8ea38",
"8dbadf80-468c-4a62-b817-4e4d8b606887",
"f232fa7a-025c-4d43-abc7-318e81a73d65",
"2e34237d-8574-43f6-aace-ae2915de8597"
]
Full-text search on CyCAT backend
curl -X 'GET' \
'https://api.cycat.org/search/APT33' \
-H 'accept: application/json'
Will return all the UUIDs matching the keyword queried (in this case APT33
). Then the returned UUIDs can be used to find relationships and corresponding items.
[
"db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c",
"fbd29c89-18ba-4c2d-b792-51c0adee049f",
"4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
"2a70812b-f1ef-44db-8578-a496a227aef2",
"2a70812b-f1ef-44db-8578-a496a227aef2",
"8dbadf80-468c-4a62-b817-4e4d8b606887",
"fab34d66-5668-460a-bc0f-250b9417cdbf",
"e85cae1a-bce3-4ac4-b36b-b00acac0567b",
"5de6335d-e128-4bc0-87e2-4db4950d210f",
"08d5b8a4-e752-48f3-ac6d-944807146ce7",
"15dd8386-f11a-485a-b719-440c0a47dee6",
"ab603f29-9c10-4fb0-9fa3-e123fad11a31",
"cfdb02f2-a767-4abb-b04c-333a02cdd7e2",
"0c5bc5c8-5136-413a-bc5a-e13333271f49",
"f9aa9004-8811-4091-a471-38f81dbcadc4",
"5086a6e0-53b2-4d96-9eb3-a0237da2e591",
"8a789016-5f8d-4cd9-ba96-ba253db42fd8",
"f29b7c5e-2439-42ad-a86f-9f8984fafae3",
"1acd0c6c-7aff-462e-94ff-7544b1692740",
"accd848b-b8f4-46ba-a408-9063b35cfbf2",
"2894aee2-e0ec-417a-811e-74a68ab967b2",
"05252643-093b-4070-b62f-d5836683a9fa",
"b18eae87-b469-4e14-b454-b171b416bc18",
"588fb91d-59c6-4667-b299-94676d48b17b",
"036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"d29eb927-d53d-4af2-b6ce-17b3a1b34fe7"
]