STIX 2.1 Indicator-of-Compromise feed

curl --request GET \
  --url https://api.mnemom.ai/v1/trust/iocs

{
  "type": "<unknown>",
  "id": "<string>",
  "objects": [
    {}
  ],
  "next_after": "2023-11-07T05:31:56Z"
}

GET

trust

iocs

STIX 2.1 Indicator-of-Compromise feed

curl --request GET \
  --url https://api.mnemom.ai/v1/trust/iocs

{
  "type": "<unknown>",
  "id": "<string>",
  "objects": [
    {}
  ],
  "next_after": "2023-11-07T05:31:56Z"
}

type

enum<string>

Available options:

substrate_fingerprint,

sha256,

domain,

url,

technique_id

after

string<date-time>

Cursor — ISO-8601 timestamp; rows with last_seen_at < after are returned.

limit

integer

default:100

Required range: 1 <= x <= 1000

STIX 2.1 Bundle (possibly empty at GA — see calm-at-GA contract).

type

any

required

string

required

STIX 2.1 bundle identifier (UUID-suffixed).

objects

object[]

required

STIX 2.1 indicator SDOs. Each carries a Mnemom extension with the internal indicator type + TLP + linkage to a related advisory.

next_after

string<date-time>

Mnemom-extension pagination cursor. Present iff the response was capped at limit. Pass as ?after= to fetch the next page.

⌘I