Skip to content

Exercise 1: Working with ISC/DShield Data

Exercise 1.1: Mechanics of Using the API and Output Formats

In this exercise, we will use the Internet Storm Center and DShield data feeds to explore data.

These exercises are best performed on an Unbuntu system or a Raspberry Pi. You may use the same system that you use as a honeypot. Mac users may be able to perform these tasks on their Mac, but you will have to make sure "curl" and "jq" are installed.

Some of these exercises can also be performed in a web browser, but note that you may need to "View Source" to see the output.

  1. Explore the API and output formats

We will use a very simple API function, "myip", to explore output format options:

curl https://isc.sans.edu/api/myip

The output should look like

<?xml version="1.0" encoding="UTF-8"?>
<myip>
<ip>192.0.2.1</ip>
</myip>

You will see your IP address instead of 192.0.2.1.

By default, data is returned in XML format. Another popular option is JSON:

curl 'https://isc.sans.edu/api/myip?json'

The output will now look like

{"ip":"192.0.2.1"}

Try other output formats ("text", "tab", "php"). Which one of these output formats returns an error message?