About the REST API

February 27, 2024

ID 198534

This section describes the features of the Kaspersky CyberTrace REST API.

About the REST API

Kaspersky CyberTrace provides a REST API interface that you can use to perform the following actions:

  • Perform an indicator search.
  • Add new suppliers, and configure and remove suppliers that were added with the REST API.
  • Add, remove, and update supplier indicators for suppliers that were added with the REST API; and for InternalTI and FalsePositive suppliers.
  • Add, update, and delete tags in the Kaspersky CyberTrace database. Assign tags to indicators and remove tags from indicators.

Supported protocols

The REST API supports HTTPS protocol with basic authentication. All requests are synchronous. Kaspersky CyberTrace processes a request and returns the result in the response.

To communicate by using HTTPS, Kaspersky CyberTrace uses the certificate specified in the GUISettings > HTTPServer >SSLCertificatePath and GUISettings > HTTPServer >SSLPrivateKeyPath elements of the kl_feed_service.conf configuration file.

The maximum number of processed requests is specified in the ServiceSettings > ScannersCount element of the kl_feed_service.conf configuration file.

REST API suppliers

Suppliers that were added with the REST API are different from regular suppliers. Only the suppliers that you add with the REST API can be accessed through the REST API. You cannot access all other suppliers through the REST API. In addition, the REST API provides a way to manage indicators from FalsePositive and InternalTI suppliers.

Suppliers that were added with the REST API are displayed on the Custom feeds tab. If a vendor is specified for a supplier, the supplier is displayed on the vendor tab instead. Each REST API supplier has a short description that marks it as a REST API supplier.

For suppliers that were added with the REST API, you cannot perform the following actions in Kaspersky CyberTrace Web:

  • Editing supplier properties.
  • Enabling or disabling supplier fields.
  • Specifying filtering rules for a supplier.
  • Specifying the maximum number of records in a supplier.

You can perform the following actions for suppliers that were added with the REST API in Kaspersky CyberTrace Web:

  • Specify actionable fields for a supplier.
  • Enable or disable a supplier.
  • Delete a supplier.

User roles and REST API

Methods that are available to a user depend on the user's role:

  • Users with the Administrator role can make all requests.
  • Users with the Analyst role can perform the indicator search.

REST API and logging

Kaspersky CyberTrace logs the following information about the REST API:

  • If the logging level is err and above, Kaspersky CyberTrace logs information about REST API errors.
  • If the logging level is info and above, Kaspersky CyberTrace logs information about all REST API requests and responses.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.