GET /api/campaigns
列出所有已識別的攻擊活動,支援分頁。依狀態篩選:
active、dormant、resolved。ISO 8601 時間戳。回傳此時間之後更新的攻擊活動。
頁碼。
每頁結果數(最大 100)。
Copy
Ask AI
curl -X GET "https://tc.panguard.ai/api/campaigns?status=active&limit=10" \
-H "Authorization: Bearer YOUR_API_KEY"
Copy
Ask AI
{
"ok": true,
"data": [
{
"id": "campaign_botnet_xyz",
"name": "XYZ Botnet SSH Scanner",
"status": "active",
"severity": "high",
"firstSeen": "2026-02-01T00:00:00.000Z",
"lastActivity": "2026-03-07T11:45:00.000Z",
"iocCount": 234,
"affectedOrgs": 18,
"mitreIds": ["T1110", "T1078", "T1059"],
"tags": ["botnet", "ssh", "bruteforce"]
},
{
"id": "campaign_phish_abc",
"name": "ABC Phishing Kit",
"status": "active",
"severity": "critical",
"firstSeen": "2026-03-01T00:00:00.000Z",
"lastActivity": "2026-03-07T10:30:00.000Z",
"iocCount": 89,
"affectedOrgs": 7,
"mitreIds": ["T1566", "T1204"],
"tags": ["phishing", "credential-theft"]
}
],
"pagination": {
"total": 12,
"page": 1,
"limit": 10,
"pages": 2
}
}
GET /api/campaigns/stats
回傳整個 Threat Cloud 的攻擊活動彙總統計。Copy
Ask AI
curl -X GET "https://tc.panguard.ai/api/campaigns/stats" \
-H "Authorization: Bearer YOUR_API_KEY"
Copy
Ask AI
{
"ok": true,
"data": {
"totalCampaigns": 45,
"activeCampaigns": 12,
"dormantCampaigns": 28,
"resolvedCampaigns": 5,
"bySeverity": {
"critical": 3,
"high": 8,
"medium": 22,
"low": 12
},
"topMitreTechniques": [
{ "id": "T1110", "name": "Brute Force", "campaigns": 15 },
{ "id": "T1566", "name": "Phishing", "campaigns": 8 },
{ "id": "T1059", "name": "Command and Scripting Interpreter", "campaigns": 7 },
{ "id": "T1078", "name": "Valid Accounts", "campaigns": 6 },
{ "id": "T1204", "name": "User Execution", "campaigns": 5 }
],
"avgIocsPerCampaign": 52,
"totalAffectedOrgs": 89
}
}
GET /api/campaigns/:id
回傳特定攻擊活動的詳細資訊,包括所有相關 IoC 和活動時間軸。攻擊活動 ID。
Copy
Ask AI
curl -X GET "https://tc.panguard.ai/api/campaigns/campaign_botnet_xyz" \
-H "Authorization: Bearer YOUR_API_KEY"
Copy
Ask AI
{
"ok": true,
"data": {
"id": "campaign_botnet_xyz",
"name": "XYZ Botnet SSH Scanner",
"description": "Coordinated SSH brute-force campaign targeting Linux servers. Deploys cryptominer payloads upon successful login.",
"status": "active",
"severity": "high",
"firstSeen": "2026-02-01T00:00:00.000Z",
"lastActivity": "2026-03-07T11:45:00.000Z",
"mitreIds": ["T1110", "T1078", "T1059"],
"tags": ["botnet", "ssh", "bruteforce", "cryptominer"],
"iocs": {
"total": 234,
"byType": {
"ip": 189,
"domain": 12,
"hash": 28,
"url": 5
},
"topIps": [
{ "value": "198.51.100.42", "sightings": 47, "reputation": 12 },
{ "value": "203.0.113.99", "sightings": 35, "reputation": 8 },
{ "value": "198.51.100.78", "sightings": 28, "reputation": 15 }
],
"topDomains": [
{ "value": "malware-c2.example.net", "sightings": 89, "reputation": 5 }
]
},
"timeline": [
{
"date": "2026-02-01",
"event": "First IoCs observed",
"details": "Initial SSH scan activity from 3 IPs"
},
{
"date": "2026-02-15",
"event": "Infrastructure expansion",
"details": "C2 domain registered, 50+ new scanner IPs"
},
{
"date": "2026-03-01",
"event": "Payload updated",
"details": "New cryptominer variant deployed via wget"
}
],
"affectedOrgs": 18,
"geography": {
"sourceCountries": ["CN", "RU", "VN", "BR"],
"targetCountries": ["US", "DE", "JP", "TW", "SG"]
},
"recommendations": [
"Block all associated IPs at the network perimeter",
"Monitor for SSH login anomalies",
"Check for unauthorized cryptominer processes",
"Update SSH configuration to disable password authentication"
]
}
}
攻擊活動狀態
| 狀態 | 說明 |
|---|---|
active | 在過去 7 天內觀測到新的 IoC 或觀測記錄 |
dormant | 7—30 天無新活動,但基礎設施可能仍在運作 |
resolved | 30 天以上無活動,相關基礎設施似乎已停用 |
訂閱 SSE 事件串流 以在您的代理遇到與活躍攻擊活動相關的 IoC 時獲得即時通知。