You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/GreedyBear/Usage.md
+15-2Lines changed: 15 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,6 +66,10 @@ The available query parameters are:
66
66
67
67
-`feed_type`: see [Feeds API](#feeds)
68
68
-`attack_type`: see [Feeds API](#feeds)
69
+
-`asn`: Filter IOCs by their Autonomous System Number. (_Available from version >= 3.3.0_)
70
+
-`port`: Filter IOCs that have attacked a specific destination port. (_Available from version >= 3.3.0_)
71
+
-`min_score`: Filter IOCs by a minimum recurrence probability score (0.0 to 1.0). (_Available from version >= 3.3.0_)
72
+
-`start_date` / `end_date`: Filter IOCs seen within a specific date range (format: `YYYY-MM-DD`). (_Available from version >= 3.3.0_)
69
73
-`max_age`: Maximum number of days since last occurrence. (default: 3)
70
74
-`min_days_seen`: Minimum number of days on which an IOC must have been seen. (default: 1)
71
75
-`include_reputation`: `;`-separated list of reputation values to include, e.g. `known attacker` or `known attacker;` to include IOCs without reputation. (default: include all)
@@ -74,7 +78,7 @@ The available query parameters are:
74
78
-`ordering`: Field to order results by, with optional `-` prefix for descending. (default: `-last_seen`)
75
79
-`verbose`: `true` to include IOC properties that contain a lot of data, e.g. the list of days it was seen. (default: `false`)
76
80
-`paginate`: `true` to paginate results. This forces the json format. (default: `false`)
77
-
-`format_`: see [Feeds API](#feeds) (default: `json`)
81
+
-`format_`: see [Feeds API](#feeds) (default: `json`). From version >= 3.3.0, additionally supports `stix21` for STIX 2.1 Bundle exports.
78
82
79
83
The response includes a new field:
80
84
@@ -86,6 +90,15 @@ Check the [API specification](https://intelowlproject.github.io/docs/GreedyBear/
86
90
87
91
This "Advanced Feeds" API is protected through authentication. Please reach out [Matteo Lodi](https://twitter.com/matte_lodi) or another member of [The Honeynet Project](https://twitter.com/ProjectHoneynet) if you are interested in gain access to this API.
88
92
93
+
### Shareable Feeds API
94
+
_Available from version >= 3.3.0_
95
+
96
+
For authenticated users, GreedyBear allows sharing customized feeds via a signed token, which can be consumed publicly without an account.
97
+
98
+
-**`/api/feeds/share` (GET)**: Accepts the same query parameters as the Advanced Feeds API. Returns a JSON response containing a public `url` to consume the feed and a `revoke_url`.
99
+
-**`/api/feeds/consume/<token>` (GET)**: A strictly rate-limited public endpoint that allows anyone to consume the pre-configured feed using the generated token.
100
+
-**`/api/feeds/revoke/<token>` (GET)**: Instantly invalidates the share token. This endpoint can be clicked or opened directly in the browser to revoke. Only the original creator of the token (or staff) can perform this action.
101
+
89
102
### ASN Aggregated Feeds API
90
103
_Available from version >= 3.0.0_
91
104
@@ -271,4 +284,4 @@ Then you have to add some credentials for AWS: if you have GreedyBear deployed o
271
284
to allow that just set `AWS_IAM_ACCESS` to `True`. If that is not the case, you have to set both `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
272
285
273
286
Additionally, if you are not using the default AWS region of us-east-1, you need to specify your `AWS_REGION`.
274
-
You can customize the AWS Region location of you services by changing the environment variable `AWS_REGION`. Default is `eu-central-1`.
287
+
You can customize the AWS Region location of you services by changing the environment variable `AWS_REGION`. Default is `eu-central-1`.
0 commit comments