Access to this feature requires an addon.
Please contact your Customer Success Manager for more details.
https://api.flare.io/taxii2/.
Available Feeds
| Feed | TAXII 2 ID |
|---|
| Full Feed (with context) | d6092c37-d8d7-45c3-8aff-c4dc26030608 |
| IPV4 Only | feed--689f0191-3b4d-47c8-9313-85820aae7c27 |
| Domains Only | feed--a2e7ea2d-ec01-4550-91e5-1316282d01a0 |
| URLs Only | feed--af0848cc-ae01-4937-93fe-5d9bf69ba3d2 |
- Format:
https://api.flare.io/taxii2/collections/<TAXII 2 ID >/
- Example:
https://api.flare.io/taxii2/collections/d6092c37-d8d7-45c3-8aff-c4dc26030608/
Authentication
The intelligence feeds use HTTP Basic Auth, which most TAXII clients support:
- The username should be set to
api-key.
- The password should be your Flare API Key.
Obtaining an API key is documented in the
Authentication Guide .
Query Parameters
| Parameter Name | Description | Example |
|---|
| added_after | filter the IOCs that were added after the timestamp | ?added_after=2026-02-04T12:05:00.000Z |
| limit | restricts the results by the specified amount | ?limit=25 |
Code Examples
Code examples for connecting to the feeds can be found in this Github repository:
The following example uses taxii2-client, which is
available on PyPI.
import datetime
import os
from taxii2client.v21 import Server
from taxii2client.v21 import as_pages
def main() -> None:
server = Server(
"https://api.flare.io/taxii2/",
user="api-key", # Do not change the user.
password=os.environ["FLARE_API_KEY"],
)
print(server.title)
api_root = server.api_roots[0]
start_date: datetime.datetime = datetime.datetime.now() - datetime.timedelta(
hours=2
)
# Iterate through the available collections and print new items
for collection in api_root.collections:
print(collection.title)
# Pagination request.
for envelope in as_pages(
collection.get_objects,
per_request=50,
added_after=start_date,
):
print(envelope)
if __name__ == "__main__":
main()
