GET/ot/brief Sector threat brief for ICS/OT. Pass ?sector=energy&period=30. Returns active actors, new CVE counts, active campaigns, top advisories, and risk_trend (increasing/stable/decreasing). One call replaces 5+ chained calls. Ideal for weekly reporting and compliance dashboards. | 100% | 213 ms | $0.1 |
GET/ot/campaign Active ICS campaign tracker. Pass ?sector=electric&status=active. Returns campaigns currently targeting a sector with actor attribution, start date, targeted geography, TTPs in use, and CVEs being exploited. No free equivalent for live campaign status. | — | — | $0.05 |
GET/ot/device ICS/OT device exposure lookup. Pass ?vendor=siemens&model=s7-1200. Returns default credential risk, exposed OT protocols (Modbus/502, S7comm/102, DNP3/20000), exploitation notes, and hardening steps. Covers Siemens, Schneider, Rockwell, Honeywell, GE, Unitronics, Beckhoff. | — | — | $0.05 |
GET/ot/exposure OT asset risk verdict. Pass ?vendor=siemens&model=s7-1500§or=energy&network=internet-facing. Returns risk_score (0-100), risk_level, escalate (boolean), recommended_action, active CVEs, and threat actors. Optional firmware param enables firmware-specific CVE matching. Cached 1 hour. | — | — | $0.05 |
GET/ot/patch OT/ICS patch feasibility for a CVE. Pass ?id=CVE-XXXX-XXXX. Returns patch availability, OT-safe workarounds, patch complexity per ICS layer, estimated downtime, safe-to-patch-live flag, deployment strategy, and risk-vs-disruption score 1-10. | — | — | $0.05 |
GET/ot/actor ICS threat actor profile. Pass ?name=SANDWORM. Returns MITRE ATT&CK ICS techniques, known malware, attribution, physical impact, targeted sectors, and OT detection recommendations. Alias lookup supported: Volt Typhoon→VOLTZITE, APT44→SANDWORM. Covers all Dragos Activity Groups. | — | — | $0.03 |
GET/ot/actor/sector ICS threat actors by sector. Pass ?sector=energy. Returns all groups targeting that sector from live MITRE ATT&CK ICS STIX data. Covers energy, water, manufacturing, oil-and-gas, chemical, transportation, nuclear. | — | — | $0.03 |
GET/ot/delta ICS sector change feed — only what is NEW in the last N days. Pass ?sector=water&days=7. Returns new CVEs, new CISA advisories, and new actor activity since the last call. Designed for cron-based monitoring agents. Eliminates redundant reprocessing. | — | — | $0.03 |
GET/ot/advisory Live CISA ICS-CERT advisories filtered by vendor or sector. Pass ?vendor=siemens or ?sector=energy. Returns advisory IDs, CVSS scores, CVE lists, OT severity, and sector tags. Up to 25 results. | — | — | $0.02 |
GET/ot/cve OT-contextualised CVE triage for ICS/SCADA. Pass ?id=CVE-XXXX-XXXX. Returns OT-adjusted severity, cyber-physical impact, patch feasibility, CISA KEV status, and prioritised action. DeepSeek-enriched with live NVD and CISA-KEV data. | — | — | $0.02 |
GET/ot/malware ICS malware encyclopedia. Pass ?name=PIPEDREAM. Returns capabilities, targeted OT protocols, attributed actor, affected vendors, detection signatures, and MITRE ATT&CK ICS techniques. Covers PIPEDREAM, TRITON, INDUSTROYER2, CRASHOVERRIDE, FROSTYLOOP, BLACKENERGY. | — | — | $0.02 |
GET/ot/ioc IOC enrichment with ICS campaign context. Pass ?value=1.2.3.4&type=ip or type=domain. Queries AlienVault OTX, AbuseIPDB, and DeepSeek CTI for OT campaign association. Returns verdict on whether the IOC is linked to ICS-targeting campaigns. | — | — | $0.01 |