This feed can be used to return identified malware threats at a customer or regional grid level.
Note: This is tied to the Threat Intel feature in the Administration Console, which is currently available as an opt-in early release. Contact our Service Delivery Support Team to have this feature enabled for an account prior to expecting returned data.
Pre-requisites
In order to successfully use this endpoint the logged in user must be a Mimecast administrator with at least the Services | Gateway | Tracking | Read permission.
URI
To use this endpoint you send a POST request to:
/api/ttp/threat-intel/get-feed
Request Headers
The following request headers must be included in your request:
Field
Description
Authorization
Please see the Authorization guide for more information on building the Authorization header.
x-mc-req-id
A randomly generated GUID, for example,
8578FCFC-A305-4D9A-99CB-F4D5ECEFE297
x-mc-app-id
The Application ID provided with your Registered API Application.
x-mc-date
The current date and time in the following format, for example,
Sample code is provided to demonstrate how to use the API and is not representative of a production application. To use the sample code; complete the required variables as described, populate the desired values in the request body, and execute in your favorite IDE. Please see the Global Base URL's page to find the correct base URL to use for your account.
POST {base_url}/api/ttp/threat-intel/get-feed
Authorization: MC {accesskKey}:{Base64 encoded signed Data To Sign}
x-mc-date: {dateTime}
x-mc-req-id: {unique id}
x-mc-app-id: {applicationId}
Content-Type: application/json
Accept: application/json
{
"data":[
{s
"start": "Date String",
"end": "Date String",
"compress": "Boolean",
"fileType": "String",
"feedType": "String",
"token": "String"
}
]
}
import base64
import hashlib
import hmac
import uuid
import datetime
import requests
# Setup required variables
base_url = "https://xx-api.mimecast.com"
uri = "/api/ttp/threat-intel/get-feed"
url = base_url + uri
access_key = "YOUR ACCESS KEY"
secret_key = "YOUR SECRET KEY"
app_id = "YOUR APPLICATION ID"
app_key = "YOUR APPLICATION KEY"
# Generate request header values
request_id = str(uuid.uuid4())
hdr_date = datetime.datetime.utcnow().strftime("%a, %d %b %Y %H:%M:%S") + " UTC"
# DataToSign is used in hmac_sha1
dataToSign = ':'.join([hdr_date, request_id, uri, app_key])
# Create the HMAC SHA1 of the Base64 decoded secret key for the Authorization header
hmac_sha1 = hmac.new(base64.b64decode(secret_key), dataToSign.encode(), digestmod=hashlib.sha1).digest()
# Use the HMAC SHA1 value to sign the hdrDate + ":" requestId + ":" + URI + ":" + appkey
sig = base64.b64encode(hmac_sha1).rstrip()
# Create request headers
headers = {'Authorization': 'MC ' + access_key + ':' + sig.decode(),
'x-mc-app-id': app_id,
'x-mc-date': hdr_date,
'x-mc-req-id': request_id,
'Content-Type': 'application/json'
}
payload = {
"data": [
{
"start": "Date String",
"end": "Date String",
"compress": "Boolean",
"fileType": "String",
"feedType": "String",
"token": "String"
}
]
}
r = requests.post(url=url, headers=headers, data=str(payload))
print(r.text.encode('utf8'))
static void Main(string[] args)
{
//Setup required variables
string baseUrl = "https://xx-api.mimecast.com";
string uri = "/api/ttp/threat-intel/get-feed";
string accessKey = "YOUR ACCESS KEY";
string secretKey = "YOUR SECRET KEY";
string appId = "YOUR APPLICATION ID";
string appKey = "YOUR APPLICATION KEY";
//Generate request header values
string hdrDate = System.DateTime.Now.ToUniversalTime().ToString("R");
string requestId = System.Guid.NewGuid().ToString();
//Create the HMAC SHA1 of the Base64 decoded secret key for the Authorization header
System.Security.Cryptography.HMAC h = new System.Security.Cryptography.HMACSHA1(System.Convert.FromBase64String(secretKey));
//Use the HMAC SHA1 value to sign the hdrDate + ":" requestId + ":" + URI + ":" + appkey
byte[] hash = h.ComputeHash(System.Text.Encoding.Default.GetBytes(hdrDate + ":" + requestId + ":" + uri + ":" + appKey));
//Build the signature to be included in the Authorization header in your request
string signature = "MC " + accessKey + ":" + System.Convert.ToBase64String(hash);
//Build Request
System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(baseUrl + uri);
request.Method = "POST";
request.ContentType = "application/json";
//Add Headers
request.Headers[System.Net.HttpRequestHeader.Authorization] = signature;
request.Headers.Add("x-mc-date", hdrDate);
request.Headers.Add("x-mc-req-id", requestId);
request.Headers.Add("x-mc-app-id", appId);
//Add request body
//Create and write data to stream
string postData = @"{
""data"": [
{
""start"": ""Date String"",
""end"": ""Date String"",
""compress"": ""Boolean"",
""fileType"": ""String"",
""feedType"": ""String"",
""token"": ""String""
}
]
}";
byte[] payload = System.Text.Encoding.UTF8.GetBytes(postData);
System.IO.Stream stream = request.GetRequestStream();
stream.Write(payload, 0, payload.Length);
stream.Close();
//Send Request
System.Net.HttpWebResponse response = (System.Net.HttpWebResponse)request.GetResponse();
//Output response to console
System.IO.StreamReader reader = new System.IO.StreamReader(response.GetResponseStream());
string responseBody = "";
string temp = null;
while ((temp = reader.ReadLine()) != null)
{
responseBody += temp;
};
System.Console.WriteLine(responseBody);
System.Console.ReadLine();
}