product updates

SecurityTrails Blog · Aug 05 · by Esteban Borges

Introducing Risk Rules API + the New Tines Integration

Reading time: 3 minutes
Listen to this article

Today we’re excited to introduce our new and highly anticipated Risk Rules API. This new API endpoint allows users to access Attack Surface Intelligence (ASI) information from their own apps and to receive risk rules valuable data immediately.

We’re also happy to announce Tines as our launch partner for this new API. The amazing Tines team was the first to integrate our new Risk Rules API into their SOAR platform. Let’s deep dive into this new API, and unveil some details about the Tines integration as well.

What data can be accessed by using the new Risk Rules API endpoint?

The new API endpoint allows users to deep dive into ASI’s Risk Rule module, getting immediate data for CVEs, vulnerability name, description, risk severity (classification), affected hostnames, technical references found on the Internet, and project metadata such as ID, title and snapshot creation date.

How does it work?

By simply invoking the curl command, you can query our Risk Rules API endpoint easily, as shown below:

#!/bin/sh

API_KEY="YOUR.API.KEY.HERE"
PROJECT_ID="93c7b9ea-XXXX-XXXX-XXXX-XXXXXX"
SNAPSHOT_DATE="recent"

curl -s --request GET \
     --url https://api.securitytrails.com/v1/asi/rules/${PROJECT_ID}/${SNAPSHOT_DATE}/issues \
     --header "APIKEY: ${API_KEY}"

As you can see in this simple script, you simply need to define a few variables such as “PROJECT_ID”, “SNAPSHOT_DATE” (by using “recent” as the date, you’ll be able to fetch the latest snapshot from your project), and “API_KEY”.

Output example:

{

  "data": [

    {

      "id": "CVE-2021-26855",

      "name": "Exchange Server SSRF Vulnerability (CVE-2021-26855)",

      "description": "This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078.",

      "classification": "high",

      "example_entities": {

        "domains": [

          {

            "example": "cname1.example.com",

            "sort_label": "High",

            "sort_value": 99,

            "target": "https://cname1.example.com/auth/x.js"

          }

        ]

      },

      "rule_metadata": {

        "entity_counts": {

          "domains": 1,

          "ips": 0

        },

        "references": [

          "https://app.recordedfuture.com/live/sc/entity/?name=CVE-2021-26855",

          "https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09",

          "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855",

          "https://proxylogon.com/#timeline",

          "https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse",

          "https://www.shodan.io/search?query=vuln%3ACVE-2021-26855"

        ]

      }

    }

  ],

  "meta": {

    "counts": {

      "high": 1,

      "moderate": 0,

      "informational": 0

    },

    "project_id": "46b56231-XXXX-XXXX-XXXX-XXXXXX",

    "project_title": "TitleHere",

    "snapshot": "2022-05-24 19:41:10"

  }

}

If you want to deep dive into this new API, head over to the official documentation.

The new Tines integration

The new Tines integration is making use of all the information available from the Risk Rules API, so you can collect individual risk rules across the ASI platform. This will help your team not only to access risk rules data enriched with vulnerability data from Recorded Future, but also send quick notifications via Slack to your security team so they can prioritize and resolve risks accordingly by using Jira and ServiceNow tickets.

The new Tines integration

More exciting details, and a full how-to guide on how to use this new integration coming up next week. Stay tuned.

The ability to react quickly is a must for safeguarding your platform. And our new API provides reliable risk data while improving your interaction with ASI—so you can take full control of your attack surface by making the right decisions.

Integrate this powerful new API into your own apps, and receive data on all vulnerabilities, misconfigurations, and critical risks across all your infrastructure IT assets instantly.

Esteban Borges Blog Author
ESTEBAN BORGES

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

X