Skip to content

Commit 64428f3

Browse files
mlodicmlodic
authored
Merge pull request #58 from drona-gyawali/api/feed-response
GB(api) : added new field in feed_response
2 parents 876ab91 + da496c1 commit 64428f3

2 files changed

Lines changed: 14 additions & 0 deletions

File tree

docs/GreedyBear/Api-docs.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,8 @@ _Note: Enhanced with additional filter fields (ioc_type, etc.) in version > 2.4.
4242
### `FeedsResponseSerializer`
4343
:::docs.Submodules.GreedyBear.api.serializers.FeedsResponseSerializer
4444

45+
_Note: Includes attacker_country field in version >= 3.2.0
46+
4547
### `IOCSerializer`
4648
:::docs.Submodules.GreedyBear.api.serializers.IOCSerializer
4749

docs/GreedyBear/Usage.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,12 @@ The `json` result includes two predictive scores:
4444
- `recurrence_probability` (0.0-1.0): Indicates the likelihood that an IOC will reappear within the next 24 hours. Higher values suggest greater persistence of the threat.
4545
- `expected_interactions` (0+): Estimates the number of honeypot interactions anticipated from the IOC in the next 24 hours, indicating potential activity level.
4646

47+
The response includes a new field:
48+
49+
_Available from version >= 3.2.0_
50+
51+
- `attacker_country`: The country associated with the attacking IP address.
52+
4753
These predictions are based on historical interaction patterns and are updated once a day, shortly after midnight UTC. They are the foundation of the `likely_to_recur` and `most_expected_hits` prioritization mechanisms.
4854

4955
Check the [API specification](https://intelowlproject.github.io/docs/GreedyBear/Api-docs/#docs.Submodules.GreedyBear.api.views.feeds.feeds_advanced) or the to get all the details about how to use the available APIs.
@@ -70,6 +76,12 @@ The available query parameters are:
7076
- `paginate`: `true` to paginate results. This forces the json format. (default: `false`)
7177
- `format_`: see [Feeds API](#feeds) (default: `json`)
7278

79+
The response includes a new field:
80+
81+
_Available from version >= 3.2.0_
82+
83+
- `attacker_country`: The country associated with the attacking IP address.
84+
7385
Check the [API specification](https://intelowlproject.github.io/docs/GreedyBear/Api-docs/) or the to get all the details about how to use the available APIs.
7486

7587
This "Advanced Feeds" API is protected through authentication. Please reach out [Matteo Lodi](https://twitter.com/matte_lodi) or another member of [The Honeynet Project](https://twitter.com/ProjectHoneynet) if you are interested in gain access to this API.

0 commit comments

Comments
 (0)