Today we are incredibly excited to announce the beta preview of our Search API!
With it you can search, correlate, and download PCAP files, based on their behaviors and contents.
Exploring the API's Use-Cases
Understand how tactics, threats, and procedures (TTPs) of malicious adversaries evolve over time.
Network traffic is among some of the richest forms of evidence available to security professionals, it is also one of the hardest to analyze at scale. PacketTotal, has analyzed thousands of malicious packet captures, and derived millions of signatures, relationships, and correlations between them.
The Search API provides a powerful interface for finding network traffic that can help you understand, and anticipate the actions of malware in your own environment. Simple search for an indicator of compromise and pull back matching captures, use AND and OR aggregators to get as granular as you want with your queries.
Identifying top threats and their targeted sectors.
Understanding the goals of malicious adversaries is the first step in proactive security.
From malware detonated in a lab to evil found in the wild, PacketTotal is the most diverse set of malicious packet captures on the Internet.
Search by the latest malware campaigns, and see how it communicates, who they're targeting, and what methods they employ.
Build or validate your network signatures through heuristic based approach.
PacketTotal does a good job of providing high-level categorizations of traffic found within packet captures. Through the API you can download captures that you could use to validate controls within your own environment.
Train your Machine Learning models!
If you're a data-scientist, and are lucky enough to be studying malicious network behaviors, you may find the bulk search and download functionality of the search api to be very useful in training your models.
Interested in being a part of the Beta?
Ultimately, the search api is the first step in a much more comprehensive API that will offer full feature parity with the site (and more). If anything about this post excites you please consider giving our API a spin!