API. Threat Intelligence Feed.
Integrate our intelligence with your existing security solutions and supercharge detection capabilities.
Malist Threat Feed.
Supercharge Detection.
As a security provider, our goal is to provide the best security possible for our customers. One method to accomplish this is through integrating valuable threat intel with our customers' existing solutions.
DomainGuard's threat feed, Malist, is a JSON-based API that lets your organization enhance existing security solutions and supercharge detection capabilities.
$.http({
url: 'https://malist.guardyourdomain.com/api/v1/intel',
method: 'get',
data: '?q=_,
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})Documentation & Use Cases
Below we've provided documentation and use cases on how DomainGuard integrates with your existing solutions.
The Latin root word, mal, means "bad" or "evil" and is a fitting prefix to the word list, to represent the name of our threat feed. Our threat feed, Malist, is essentially a list of bad or evil domains and other indicators related to those domains.
You must provision an API key in order to make requests to Malist. This can be done by logging into the API management section within the DomainGuard platform.
There are several different types of data you can retrieve from Malist. Our customers are most interested in active threat IoC's for threats identified by DomainGuard. Malist allows you to retrieve threats by domain or IP address so these threats can be blocked in other tools in your environment.
Malist is an HTTP-based JSON API. Working with Malist requires crafting HTTP requests specific to the information you are seeking.
By using Malist, you can retrieve a list of all domains categorized as threats by DomainGuard and block these domains from being able to send an email to your users.
In addition to threat domains, you can retrieve a list of lookalike domains which are not approved by your organization. These domains look similar to your domains and could be used in a phishing attack against your users.
Phishing websites regularly redirect users to the legitimate website after the threat actors have tricked users into entering credentials. This method helps divert suspicion away from the phishing website. In instances where attackers clone your website, and your organization is gathering web server logs from the redirected website you own, Malist can be used to identify potential customer account compromise.
If your organization is using a DNS filter for only allowing your employees to access certain domains, DomainGuard's list of threat and lookalike domains can be added to your filter, to prevent users from being able to resolve those potentially malicious domains.
If your organization utilizes a URL or HTTP-based proxy, limiting websites that your users can access, DomainGuard's list of threat and lookalike domains can be added to your blocklist. This will prevent users from accessing potentially malicious sites identified by DomainGuard.
Malist allows you to retrieve a list of IPs associated with threats identified by DomainGuard. Inbound and Outbound traffic to known threat IPs can and should be blocked at the firewall.