Access to this feature is not enabled by default. Please contact your Customer Success Manager for more details.

Flare exposes Intelligence Feeds delivered via TAXII 2 at https://api.flare.io/taxii2/.

Available Feeds

FeedTAXII 2 ID
Full Feed (with context)d6092c37-d8d7-45c3-8aff-c4dc26030608
IPV4 Onlyfeed—689f0191-3b4d-47c8-9313-85820aae7c27
Domains Onlyfeed—a2e7ea2d-ec01-4550-91e5-1316282d01a0
URLs Onlyfeed—af0848cc-ae01-4937-93fe-5d9bf69ba3d2

Feed URLs can be constructed using:

  • Format: https://api.flare.io/taxii2/collections/<TAXII 2 ID >/
  • Example: https://api.flare.io/taxii2/collections/d6092c37-d8d7-45c3-8aff-c4dc26030608/

Authentication

The intelligence feeds use HTTP Basic Auth, which most TAXII clients support:

  • The username should be set to api-key.
  • The password should be your Flare API Key.

Obtaining an API key is documented in the Authentication Guide .

Code Examples

Code examples for connecting to the feeds can be found in this Github repository:

The following example uses taxii2-client, which is available on PyPI.

import datetime
import os

from taxii2client.v21 import Server
from taxii2client.v21 import as_pages


def main() -> None:
    server = Server(
        "https://api.flare.io/taxii2/",
        user="api-key",  # Do not change the user.
        password=os.environ["FLARE_API_KEY"],
    )

    print(server.title)

    api_root = server.api_roots[0]

    start_date: datetime.datetime = datetime.datetime.now() - datetime.timedelta(
        hours=2
    )

    # Iterate through the available collections and print new items
    for collection in api_root.collections:
        print(collection.title)

        # Pagination request.
        for envelope in as_pages(
            collection.get_objects,
            per_request=50,
            added_after=start_date,
        ):
            print(envelope)


if __name__ == "__main__":
    main()