Skip to main content

Overview

Allows the client to check open intelligence of an endpoint.

HTTP request

POST /Agent/Intelligence/CheckEndpoint

Authentication

Requires a valid JWT bearer token.

Request (JSON)

{
	"endpoint":Required(Str(PEndpoint))
}

Input parameters

ParameterDescription
PEndpointThe endpoint to check. It can be an IP endpoint, XMPP endpoint, etc. Format depends on the protocol used.

Response (JSON)

{
	"endpoint": Required(Str(PEndpoint)),
	"EndpointInfo": Optional(
	{
		"created": Required(DateTime(PCreated)),
		"domain": Required(Str(PDomain)),
		"lastProtocol": Required(Str(PLastProtocol)),
		"lastFailed": Required(Bool(PLastFailed)),
		"permanentBlock": Optional(Bool(PPermanentBlock)),
		"temporaryBlock": Optional(DateTime(PTemporaryBlock)),
		"reason": Optional(Str(PReason)),
		"whois": Optional(Str(PWhois)),
		"city": Optional(Str(PCity)),
		"region": Optional(Str(PRegion)),
		"country": Optional(Str(PCountry)),
		"countryCode": Optional(Str(PCountryCode)),
		"flag": Optional(Str(PFlag))
	})
}

Response parameters

ParameterDescription
PEndpointEndpoint recorded in the record. This may be the same in the input, or a scaled down version, depending on the protocol. For IP Endpoints, the port number is removed (for instance).
PCreatedWhen the record was created.
PLastProtocolLast protocol used from endpoint.
PLastFailedIf last authentication attempt failed.
PPermanentBlockIf endpoint is permanently blocked.
PTemporaryBlockIf endpoint is temporarily blocked, and when next login attempt is allowed.
PReasonReason for any block.
PWhoisWHOIS information about the endpoint, if available.
PCityCity associated with endpoint.
PRegionRegion associated with endpoint.
PCountryCountry associated with endpoint.
PCountryCodeCountry code associated with endpoint.
PFlagCountry flag associated with endpoint.

Notes

This endpoint uses the request schema notation described in Pattern matching.