HYAS Protect API Integration

Integrations accelerating customer value

Let's Talk

HYAS Protect API services provide scalable and flexible management of and access to HYAS Protect. HYAS Protect changes the security paradigm through a focus on adversary infrastructure and preempting attacks by blocking malicious domains. HYAS Protect API services speed threat identification and mitigation by allowing the high fidelity HYAS Protect threat signal to integrate into your existing security infrastructure.

HYAS Protect API services provide an onramp to identify and manage potentially malicious domains used in malware, ransomware, and phishing attacks. HYAS Protect API services benefit from:

  • 200M+ DNS queries analyzed daily
  • 200K+ new malware samples exploded daily
  • Trillions of data points on adversary infrastructure
  • Innovations from multiple industry-leading machine learning teams
  • Cloud native for scalability, availability, and deployability

The HYAS Protect API provides two types of services:

  • HYAS Protect configuration and management (example: adding or modifying a custom domain block list).
  • HYAS Protect 'Verdict' services to integrate with existing enterprise security infrastructure. Verdict services return a risk score (good, suspicious, bad) for domains or IP addresses that are provided as well as the rationale behind the verdict.

HYAS Protect API Format

Type: HYAS Insight provides a RESTful API that uses JSON.

Authentication

Authentication is performed using X-API-Key header with provided PSK API key on each request. It is important that customers protect their API credentials. Prices correspond to queries authenticated with your key even if you later determine the requests were fraudulent. Please contact customer support if you need to revoke/reissue an API key.

HYAS Protect API Services

Service Name Service Description
Data List Services

Data list services can be used to adjust Protect verdicts. Customers are allowed to provide of the following types.

  • Domain names
  • FQDNs
  • IP addresses
  • IP CIDRs
  • Nameservers
  • Registrars

Both allow lists and deny lists are supported.

Lists can be managed locally or remotely. A remote list is essentially a feed and requires a URL and configuration of an update interval.

Verdict Services Verdict services are used for integration purposes. By specifying an FQDN, domain name, or IP address, a request can be made for a verdict. The returned verdict indicates whether to allow or block communication to that infrastructure. Verdicts also provide rationale(supporting data) regarding why HYAS rated that particular infrastructure with the specific result.

 

Schema

HYAS provides sample requests and responses to simplify development and integration for HYAS Protect API services.

For more information leveraging the HYAS Insight API, please contact us.

Let's Talk