IP Threat Intel API
The IP Threat Intel API is a key part of many systems that need quick and on-demand information about IP addresses. *** It's especially useful in systems like SOARs, which help automate security tasks.
Here's how it works: 1) The system checks all IP addresses you're interested in using the Fast IP Lookup. This is a quick check to see if any of these IP addresses have been observed by ELLIO's deception network. 2) If an IP address is found in this initial check, then the system goes a step further with an Extended IP Lookup. This detailed check gives you more information about the IP address, like what regions it is targeting and what kind of services it might be scanning or exploiting.
This two-step process helps quickly spot potential threats and then gives you all the details you need to understand more about the risks they might pose. It's designed to give quick initial results and then, if necessary, deeper insights for better decision-making.