Access to this feature is not enabled for all accounts by default. Please contact your Customer Success Manager if you are interested in enabling it on your account.

Flare exposes Intelligence Feeds delivered via TAXII 2 at https://api.flare.io/taxii2/.

Available Feeds

FeedTAXII 2 ID
Botnet feed0abb06690b0b47e49cd7794396b76b20
Domain feeda34aa0a4f9de419582a883863503f9c4
IP feedbaaed2a92335418aa753fe944e13c23a
Malicious files feedee6a153ed77e4ec3ab21e76cc2074b9f
URL feed1d3208c143be49da8130f5a66fd3a0fa

Feed URLs can be constructed using:

  • Format: https://api.flare.io/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/<TAXII 2 ID >/
  • Example: https://api.flare.io/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a/collections/0abb06690b0b47e49cd7794396b76b20/

Authentication

The intelligence feeds use HTTP Basic Auth, which most TAXII clients support:

  • The username should be set to api-key.
  • The password should be your Flare API Key.

Obtaining an API key is documented in the Authentication Guide

.

Code Examples

Code examples for connecting to the feeds can be found in this Github repository:

The following example uses taxii2-client, which is available on PyPI.

import datetime
import os

from taxii2client.v21 import Server
from taxii2client.v21 import as_pages


def main() -> None:
    server = Server(
        "https://api.flare.io/taxii2/",
        user="api-key",  # Do not change the user.
        password=os.environ["FLARE_API_KEY"],
    )

    print(server.title)

    api_root = server.api_roots[0]

    start_date: datetime.datetime = datetime.datetime.now() - datetime.timedelta(
        hours=2
    )

    # Iterate through the available collections and print new items
    for collection in api_root.collections:
        print(collection.title)

        # Pagination request.
        for envelope in as_pages(
            collection.get_objects,
            per_request=50,
            added_after=start_date,
        ):
            print(envelope)


if __name__ == "__main__":
    main()