Getting Started
Review the steps to integrate IP Intel into your app
Introduction
The IP Intel service must be enabled from the Pangea Console before use. Make sure you have access to the Pangea Console and you’ve created a project.
Create a token
Expand for details
Create a token so that you can access the IP Intel endpoints:
- Go to the Pangea Console and click IP Intel in the left-hand navigation menu. The IP Intel Overview page will appear.
- On the IP Intel Overview page, you'll see a notification asking you to set a service token. Click Create new token toward the bottom right side of your screen.
- You’ll be prompted to create a token. Enter a Token name and select an Expiration Date. You may also create a token for all Intel services, if you wish.
- Once configured, the token is available in the Tokens section of the IP Intel Overview page.
Select your provider
Expand for details
Providers can be selected as default in the Pangea Console. Setting a provider as default in the Pangea Console means your API request calls will use this provider, unless another provider is specified as part of your API request.
To select a provider as default for an API:
- Go to the Pangea Console
- On the left-hand navigation menu, select IP Intel
- Go to Settings
- Click Set as default for your preferred provider
You can override the default provider by specifying their name in the provider
field when making an API request to the /reputation endpoint. This is helpful if your default provider returns a verdict of Unknown
and you want a second opinion from another provider.
Test the service
The interactive IP Intel API Reference allows you to test API endpoints from the documentation. This is an easy way to play around with different IPs and providers to see what kind of data is returned.
Make sure you set a token in the Pangea Console so you can test data in the API Reference.
Configure your app for communication with the Pangea service
For your app to communicate with the Pangea service, you must put the values of the following Configuration Details into the PANGEA_INTEL_TOKEN and PANGEA_DOMAIN environment variables:
token
domain
These Configuration Details are created when you enable IP Intel and can be found in the Overview section under IP Intel.
Set environment variables
To set each variable in bash:
export PANGEA_DOMAIN="yourServiceDomain"
export PANGEA_INTEL_TOKEN="yourAccessToken"
Make a reputation call
Use the /reputation endpoint to make an API call and return IP address details. In this example, we are using the following parameters:
ip
provider
curl -sSLX POST 'https://ip-intel.'"$PANGEA_DOMAIN"'/v1/reputation' \
-H 'Authorization:'$"PANGEA_INTEL_TOKEN" \
-H 'Content-Type: application/json' \
-d '{"provider":"crowdstrike","ip":"93.231.182.110"}'
Receive a response
The IP Intel service will send a JSON response, like the one below:
{
"request_id": "prq_eytwrlcoydvl3nh7n5spk7nhjteft7sr",
"request_time": "2022-12-19T23:39:38.991175Z",
"response_time": "2022-12-19T23:39:39.029690Z",
"status": "Success",
"summary": "IP was found",
"result": {
"data": {
"category": [
"Suspicious"
],
"score": 100,
"verdict": "malicious"
}
}
}
In this instance, the verdict
returned as malicious
.
Understand and review results
The API response sent by IP Intel includes various fields and values; however, the ones listed below give you the most information about the disposition of an IP. To learn about more response fields, visit the IP Intel API Reference.
verdict | The verdict normalized categorization as interpreted by the data returned by the third-party provider. There are four possible verdicts:
|
score | The normalized score as interpreted by the data returned by the third party provider. Scores are associated with the verdict values listed above:
|
summary | A summary of the various categories associated with an IP address, which help illustrate why an IP received a particular verdict. |
category | Indicates the category associated with the IP address (e.g. Adware, Malware). This field may return more than one category and may, at times, not be populated. |
raw | Raw data returned by the provider you specified in the API request. You
can investigate the raw data if its meaningful to your use case or if
you want to supply it to your users. You must set the |
Share your implementation
Reach out to the Pangea community on our
Discourse to let us know how you've integrated IP Intel into your application.Was this article helpful?