Threat hunting with Cymon API


In this article, we’ll discuss mock intrusion attempts on our systems and show you how to make use of Cymon API to query important information that you can use in an effective threat hunt. In our case, we’ll demonstrate how we halted progression of the attack, effectively stopping it in its tracks.

It should be noted that although the discussed scenarios are entirely fictional, they are very possible in today’s world of increasing threats.

Introduction to the Cymon API

Cymon is the largest tracker of malware, phishing, botnets, spam and more. It is maintained by the private security company eSentire. Cymon allows you to:

Search threat reports for free. Reports could include reported IPs, domains, binary hashes and so much more Collaborate with other researchers. Cymon allows you to create your own feed and invite users to contribute IoC data or submit reports to other feeds Export feeds. You are able to export your own feeds or public ones Integrate with existing tools. Cymon allows you to integrate with existing tools in order to deliver on threat intelligence

The above functions can be performed directly on the Cymon app or by interacting with the provided

Read More: