The Edgewatch CVE Lookup API allows you to retrieve detailed information about IP addresses related to known vulnerabilities and exposures. This includes threat classifications, organizational data, geolocation, and more. The API is divided into two main endpoints:
- Community Endpoint: Provides basic information suitable for general users.
- Enterprise Endpoint: Offers comprehensive data intended for enterprise-level applications.
API Access
The API is accessible at the following base URL:
https://insight.edgewatch.net/v3/Authentication
- Community Endpoint: No authentication required.
- Enterprise Endpoint: Requires an API token.
To obtain an API token for the Enterprise endpoint, please contact us.
Endpoints
Community Endpoint
- URL:
/community - Method:
GET - Description: Retrieve basic CVE information related to a specific IP address.
Enterprise Endpoint
- URL:
/enterprise - Method:
GET - Description: Access comprehensive CVE data, including organizational and geolocation information.
Field Descriptions
Common Fields
These fields are available in both Community and Enterprise endpoints.
| Field | Type | Description | Required | Read-Only |
|---|---|---|---|---|
ip | string | The IP address to query. | Yes | No |
noise | string | Indicates background noise level associated with the IP. | No | Yes |
sight | string | Visibility status of the IP. | No | Yes |
classification | string | Threat classification of the IP. | Yes | No |
name | string | Hostname associated with the IP. | No | Yes |
link | string | URL linking to detailed information about the IP. | No | Yes |
last_seen | string (date-time) | Timestamp of the last activity involving the IP. | No | No |
message | string | Additional notes or messages regarding the IP. | No | Yes |
Enterprise Fields
Additional fields available only in the Enterprise endpoint.
| Field | Type | Description | Required | Read-Only |
|---|---|---|---|---|
asn | integer | Autonomous System Number associated with the IP. | No | No |
organization | string | Organization owning the IP address. | No | No |
country | object | Geolocation information of the IP. | Yes | No |
country Object Fields
| Field | Type | Description | Required | Read-Only |
|---|---|---|---|---|
name | string | Full country name. | Yes | No |
iso_code | string | ISO 3166-1 alpha-2 country code. | Yes | No |
Usage Examples
Community Endpoint Example
Request
/v3/community/192.0.0.1/Response
{
"ip": "192.0.0.1",
"noise": true,
"slight": false,
"classification": "Malicious",
"name": "CHINA UNICOM China169 Backbone",
"link": "https://insight.edgewatch.net/ip/192.0.0.1",
"last_seen": "2024-11-19T16:18:30.113635Z",
"message": "Success"
}Enterprise Endpoint Example
GET /v3/enterprise/192.0.0.1 HTTP/1.1Response
{
"ip": "192.0.0.1",
"noise": "High",
"sight": "Visible",
"classification": "Malicious",
"name": "malicious.example.com",
"link": "https://insight.edgewatch.net/ip/192.0.0.1",
"last_seen": "2023-10-20T08:22:10Z",
"message": "Involved in phishing attacks.",
"asn": 64512,
"organization": "Malicious Actors Inc.",
"country": {
"name": "Exampleland",
"iso_code": "EL"
}
}
Error Handling
The API uses standard HTTP status codes to indicate the success or failure of an API request.
- 200 OK: The request was successful.
- 400 Bad Request: The request could not be understood or was missing required parameters.
- 401 Unauthorized: Authentication failed or user does not have permissions for the requested operation.
- 403 Forbidden: Authentication succeeded but authenticated user does not have access to the resource.
- 404 Not Found: The requested resource could not be found.
- 500 Internal Server Error: An error occurred on the server.
Error Response Format
{
"error": {
"code": 400,
"message": "Invalid IP address format."
}
}Best Practices
- Input Validation: Always validate the IP addresses before making a request.
- Rate Limiting: Implement request throttling to comply with any rate limits.
- Error Handling: Incorporate comprehensive error handling in your application.
- Secure Storage: Keep your API tokens secure and do not expose them in client-side code.
- Data Refresh: Cache data when appropriate but ensure that you refresh it to maintain accuracy.