Discovery API
The Discovery API allows to search data in bulk using the ONYPHE Query Language (OQL). You can pass as many search filters as you wish, the syntax is always FILTER:VALUE. More details in the ONYPHE Query Language chapter.
This API will execute searches by trying to detect which filters you want to use. For instance, if you enter a domain name, the domain filter will be used automatically. Example search google.com will be rewritten domain:google.com under the hood.
Other automatically detected patterns are:
- port numbers
- hostnames
Also, if you give some words or phrases which are not detected as automatic patterns, the fallback will be the data field.
NOTE: the category you want to query has to be provided with the API endpoint URL. Take the following example using curl, and just replace datascan by another category, like resolver or vulnscan for instance. This API is only available for Griffin View subscriptions.
Using curl
You can use curl in the following way to call the Discovery API:
echo 'protocol:rdp domain:google.com' > /tmp/google.txt
echo 'protocol:ssh domain:google.com' >> /tmp/google.txt
curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XPOST 'https://www.onyphe.io/api/v2/bulk/discovery/datascan/asset' --data-binary @/tmp/google.txt
Output:
{"@category":"datascan","@timestamp":"2023-03-08T05:31:29.000Z",[..]
{"@category":"datascan","@timestamp":"2023-03-08T03:55:46.000Z",[..]
Using curl against Unrated API endpoint
If you want to query against the Unrated API endpoint, you have to pass the API key as an HTTP parameter as the Authorization header will be used to store Basic authentication credentials based on your login email address and your API key as a password:
LOGIN=`echo -n YOUR_LOGIN_EMAIL | sed 's/@/_/g'`
PASS=YOUR_APIKEY
BASIC=`echo -n $LOGIN:$PASS | base64 -w 0`
curl -H 'Content-Type: application/json' -H "Authorization: basic $BASIC" -XPOST 'https://www.onyphe.io/unrated/api/v2/bulk/discovery/datascan/asset?k=YOUR_APIKEY' --data-binary @/tmp/google.txt