威胁 API 用于查询、管理检测到的钓鱼威胁。
获取威胁列表
GET /v1/threats
查询参数
| 参数 | 类型 | 描述 |
|---|
domain | string | 按保护域名筛选 |
status | string | 状态:active, resolved, false_positive |
severity | string | 严重程度:high, medium, low |
page | number | 页码,默认 1 |
per_page | number | 每页数量,默认 20 |
响应示例
{
"data": [
{
"id": "thr_xxx",
"domain": "examp1e.com",
"protected_domain": "example.com",
"type": "phishing",
"status": "active",
"severity": "high",
"similarity": 0.95,
"source": "ct_log",
"first_seen": "2024-01-20T10:30:00Z",
"screenshot_url": "https://..."
}
],
"meta": {
"total": 42,
"page": 1,
"per_page": 20
}
}
获取单个威胁
GET /v1/threats/:id
响应示例
{
"data": {
"id": "thr_xxx",
"domain": "examp1e.com",
"protected_domain": "example.com",
"type": "phishing",
"status": "active",
"severity": "high",
"similarity": 0.95,
"source": "ct_log",
"ip_address": "192.168.1.1",
"registrar": "Example Registrar",
"created_at": "2024-01-20T10:30:00Z",
"screenshot_url": "https://...",
"whois": {...}
}
}
更新威胁状态
PATCH /v1/threats/:id
请求体
{
"status": "resolved"
}
可用状态
| 状态 | 描述 |
|---|
active | 活跃威胁 |
resolved | 已解决 |
false_positive | 误报 |
批量操作
POST /v1/threats/batch
请求体
{
"ids": ["thr_xxx", "thr_yyy"],
"action": "resolve"
}
可用操作
| 操作 | 描述 |
|---|
resolve | 标记为已解决 |
mark_false_positive | 标记为误报 |
reactivate | 重新激活 |