CRITIFENCE API V1


SCADA IDS Signatures Database (SIS) API

SCADA IDS Signatures Database (SIS) API provides methods to search CRITIFENCE's ongoing research databases
and to get summary information about Critical Infrastructure, SCADA and Industrial Control Systems IDS Signatures.

Base URL

The base URL for SCADA IDS Signatures Database (SIS) API methods is:

http://api.critifence.com/v1/sis


Methods

GET

/vuln_signature/{sveid}


Vulnerability Signature

Returns an IDS signature information that have been found on the given SCADA Vulnerabilities and Exposures vulnerability ID (SVEID).


Request URL
http://api.critifence.com/v1/sis/vuln_signature/{sveid}

Parameters
  • api_key: [String] API Key
  • sveid: [String] Vulnerability SVE ID

Python Example Request
#!/usr/bin/env python
import json
import requests

API_KEY = 'YOUR_API_KEY'
API_URL = 'http://api.critifence.com/v1/sis'
METHOD = '/vuln_signature'

SVEID = '247934077'

url = API_URL + METHOD
params = dict(
    api_key=API_KEY,
    sveid=SVEID
)

response = requests.get(url, params=params)
results = json.loads(response.text)
print results

Sample Response
{
	"sveid":"247934077",
	"sisid":"546167713",
	"date":"2016-03-03 12:00:41",
	"title":"CitectSCADA ODBC Overflow Attempt",
	"description":"This vulnerability_exploit rule contains IDS rule that detect exploit attempts on known control system vulnerabilities. The CVE, if available, and common name of the applicable vulnerability precedes each rule.",
	"author":"Digital Bond",
	"signature":"alert tcp any any -> any 20222 (msg:\"CitectSCADA ODBC Overflow Attempt\"; flow:established,to_server; byte_test:4,>,399,0; dsize:4; reference:cve, CVE-2008-2639; reference:url,digitalbond.com\/tools\/quickdraw\/vulnerability-rules; sid:1111601; rev:2; priority:1;)"
}


GET

/sis_info/{sisid}


SIS Signature Information

Returns an IDS signature information that have been found on the given SCADA IDS Signatures Database signature ID (SISID).


Request URL
http://api.critifence.com/v1/sis/sis_info/{sisid}

Parameters
  • api_key: [String] API Key
  • sisid: [String] SIS Signature ID (SISID)

Python Example Request
#!/usr/bin/env python
import json
import requests

API_KEY = 'YOUR_API_KEY'
API_URL = 'http://api.critifence.com/v1/sis'
METHOD = '/sis_info'

SISID = '391579746'

url = API_URL + METHOD
params = dict(
    api_key=API_KEY,
    sisid=SISID
)

response = requests.get(url, params=params)
results = json.loads(response.text)
print results

Sample Response
{
	'sisid':'391579746',
	'date':'2016-03-03 12:00:41',
	'title':'Crash CPU Attempt',
	'author':'Rockwell Automation',
	'signature':'alert tcp any any -> $ENIP_SERVER 44818 (msg:\"ROCKWELL Automation ControlLogix Denial of Service (Crash CPU)\"; flow:to_server; content:\"|6f 00|\"; offset:0; depth:2; content:\"|00 00 00 00|\"; distance:22; within:4; byte_extract:2,2,count,relative,multiplier 4,little; content:\"|b2 00|\"; distance:0; within:count; content:\"|52|\"; distance:2; within:1; byte_jump:1,0,relative,multiplier 2; content:\"|0a|\"; distance:4; within:1; classtype:attempted-dos; reference:osvdb,78486; reference:secunia,47737; sid:1111687; rev:1;)'
}