{"id":28479214,"url":"https://github.com/acquiredsecurity/sentinelone_threatintelapi_json_generator","last_synced_at":"2026-02-27T10:44:53.067Z","repository":{"id":275473725,"uuid":"926182305","full_name":"acquiredsecurity/SentinelOne_ThreatIntelAPI_JSON_Generator","owner":"acquiredsecurity","description":"The SentinelOne IOC JSON Generator is a web-based tool that allows users to manually input Indicators of Compromise (IOCs) and generate properly formatted JSON data for use with the SentinelOne API. It supports one or more entries, a structured optional fields section, and a built-in webhook submission feature for direct API integration.","archived":false,"fork":false,"pushed_at":"2025-03-04T16:06:58.000Z","size":129,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-29T07:54:28.533Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/acquiredsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-02T18:38:46.000Z","updated_at":"2025-05-22T17:42:44.000Z","dependencies_parsed_at":null,"dependency_job_id":"0d7d17aa-a6c8-4eaa-9066-040c142b28c8","html_url":"https://github.com/acquiredsecurity/SentinelOne_ThreatIntelAPI_JSON_Generator","commit_stats":null,"previous_names":["acquiredsecurity/sentinelone_threatintelapi_json_generator"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/acquiredsecurity/SentinelOne_ThreatIntelAPI_JSON_Generator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FSentinelOne_ThreatIntelAPI_JSON_Generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FSentinelOne_ThreatIntelAPI_JSON_Generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FSentinelOne_ThreatIntelAPI_JSON_Generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FSentinelOne_ThreatIntelAPI_JSON_Generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/acquiredsecurity","download_url":"https://codeload.github.com/acquiredsecurity/SentinelOne_ThreatIntelAPI_JSON_Generator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FSentinelOne_ThreatIntelAPI_JSON_Generator/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263300055,"owners_count":23445167,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-07T18:08:34.826Z","updated_at":"2026-02-27T10:44:48.039Z","avatar_url":"https://github.com/acquiredsecurity.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SentinelOne_ThreatIntelAPI_JSON_Generator\nThe SentinelOne IOC JSON Generator is a web-based tool that allows users to manually input Indicators of Compromise (IOCs) and generate properly formatted JSON data for use with the SentinelOne API. It supports one or more entries, a structured optional fields section, and a built-in webhook submission feature to submit via a Webhook with Hyper Automation or directly to the SentienlOne API.\n\n\u003cimg width=\"583\" alt=\"image\" src=\"https://github.com/user-attachments/assets/8ecd6e40-45ba-4d5a-b5f2-718cb8fd059e\" /\u003e\n\n\n\nFeatures\n✅ Supports Various IOC Types (DNS, IPV4, IPV6, MD5, SHA1, SHA256, URL)  \n✅ Enter one or multiple IOCs at once  \n✅ Optional Fields Section (Easily expand/hide additional fields)  \n✅ Severity \u0026 Original Risk Score as Integers (Severity: 1-7, Risk Score: 0-100)  \n✅ Ensures Proper Capitalization (IOC Type remains uppercase for API compatibility)  \n✅ Download JSON or Copy to Clipboard (Save or copy generated JSON instantly)  \n✅ Submit to Webhook (Sends generated JSON directly to the configured SentinelOne API Webhook in HyperAutomation)  \n✅ Submit directly to API (Sends generated JSON directly to the configured SentinelOne API)  \n\n**Dependencies and Setup**  \nInstallation \u0026 Setup (For Webhook Submission) Python Flask Server  \n\n1️ Install Python and required dependencies. Please refer to the python guide to install Python 3 for your OS. Once Python is installed run the following command to ensure flask is installed.   \n                pip install flask  \n\n\n2 Ensure the webhook endpoint is correctly configured in proxy_server.py.  \n                Update the following Variables in the file:  \n                          SENTINELONE_API_URL = \"https://\u003cyour URL\u003e/web/api/v2.1/threat-intelligence/iocs\"  \n                          SENTINELONE_API_KEY = \"\u003cAPI Key\u003e\"  \n                          WEBHOOK_URL = \"\u003cWebhook URL\u003e\"  \n\n3 Run the Flask proxy server:  \n                python3 proxy_server.py  \n\n\n\n***************************  \n💡 How to Use the Webform  \n1️⃣ Enter IOC Details Manually  \nSelect an IOC Type (DNS, IPV4, MD5, etc.)  \nEnter IOC values, source, and other relevant details  \nChoose multiple entries (one per line)  \n\n2️⃣ Optional Fields  \nClick \"Show/Hide Optional Fields\" to enter additional data  \n(e.g., severity, threat actors, risk score, category, etc.)  \n\n3️⃣ API Filtering (Optional)  \nClick \"API Submission\" to enable direct API filtering. The filter fields are handled in the webhook so they are not needed for webhook submissions. Enter Site IDs, Account IDs, Group IDs, or Tenant scope for targeted submissions. \n\n4️⃣ Generate JSON  \nClick \"Generate JSON\" to format input into a valid JSON object.  \nJSON is automatically formatted for SentinelOne API compliance.  \n\n5️⃣ Download or Copy JSON  \nClick \"Download JSON\" to save the file.  \nClick \"Copy JSON\" to copy the JSON output to the clipboard.  \n\n6️⃣ Submit JSON  \n\"Submit to Webhook\" → Sends JSON via the SentinelOne HyperAutomation Webhook API.  \n\"Submit to API\" → Sends JSON directly to SentinelOne Threat Intelligence API.  \n  \n******************  \n\n\n\n\nTechnical Details\nBuilt with HTML, CSS, JavaScript, and jQuery  \nUses Flask (Python) as a proxy for API submissions  \nEnsures field validation \u0026 API-compliant formatting  \nContributing \u0026 Support  \nIf you encounter any issues or need enhancements, feel free to modify the source code or report a problem.  \n\n🚀 Enjoy using the SentinelOne IOC JSON Generator! 🚀  \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facquiredsecurity%2Fsentinelone_threatintelapi_json_generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Facquiredsecurity%2Fsentinelone_threatintelapi_json_generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facquiredsecurity%2Fsentinelone_threatintelapi_json_generator/lists"}