Telesint-api

Sector threat brief for ICS/OT. Pass ?sector=energy&period=30. Returns active actors, new CVE counts, active campaigns, top advisories, and risk_trend (increasing/stable/decreasing). One call replaces 5+ chained calls. Ideal for weekly reporting and compliance dashboards.

Full intel feed across all categories. Filters: category(ioc|c2|actor|breach|intent), severity, min_confidence, since, tag, tlp, limit, offset. Returns all record types newest first. Use for SIEM ingestion.

Pre-attack intent signals from Telegram: access sales, 0days, ransomware targeting. Filters: sector, country, organization, intent_type(access_sale|0day|ransomware|exploit), limit. Signals appear before attacks.

Active ICS campaign tracker. Pass ?sector=electric&status=active. Returns campaigns currently targeting a sector with actor attribution, start date, targeted geography, TTPs in use, and CVEs being exploited. No free equivalent for live campaign status.

ICS/OT device exposure lookup. Pass ?vendor=siemens&model=s7-1200. Returns default credential risk, exposed OT protocols (Modbus/502, S7comm/102, DNP3/20000), exploitation notes, and hardening steps. Covers Siemens, Schneider, Rockwell, Honeywell, GE, Unitronics, Beckhoff.

OT asset risk verdict. Pass ?vendor=siemens&model=s7-1500&sector=energy&network=internet-facing. Returns risk_score (0-100), risk_level, escalate (boolean), recommended_action, active CVEs, and threat actors. Optional firmware param enables firmware-specific CVE matching. Cached 1 hour.

OT/ICS patch feasibility for a CVE. Pass ?id=CVE-XXXX-XXXX. Returns patch availability, OT-safe workarounds, patch complexity per ICS layer, estimated downtime, safe-to-patch-live flag, deployment strategy, and risk-vs-disruption score 1-10.

Ransomware group activity from Telegram: victim posts, leak site announcements, extortion demands. Filters: severity, min_confidence, since, tag(lockbit|blackcat|cl0p|ransomhub), sector, country, limit, offset.

Cross-category pivot across all TeleSint intel. Use ?q= for broad keyword or combine filters: category, severity, sector, country, tag, ttp, name, organization, min_confidence, since. Returns items[] across any category.

Breach disclosures from Telegram. Filters: sector, country, organization, severity, min_confidence, since, limit. Returns items[] with target{sectors,countries,organizations}, leak iocs[], confidence.

Dark web intelligence from Telegram: marketplace listings, forum chatter, access broker posts, credential shops, Tor site activity. Filters: severity, min_confidence, since, tag, sector, country, organization, limit, offset.

ICS threat actor profile. Pass ?name=SANDWORM. Returns MITRE ATT&CK ICS techniques, known malware, attribution, physical impact, targeted sectors, and OT detection recommendations. Alias lookup supported: Volt Typhoon→VOLTZITE, APT44→SANDWORM. Covers all Dragos Activity Groups.

ICS threat actors by sector. Pass ?sector=energy. Returns all groups targeting that sector from live MITRE ATT&CK ICS STIX data. Covers energy, water, manufacturing, oil-and-gas, chemical, transportation, nuclear.

ICS sector change feed — only what is NEW in the last N days. Pass ?sector=water&days=7. Returns new CVEs, new CISA advisories, and new actor activity since the last call. Designed for cron-based monitoring agents. Eliminates redundant reprocessing.

CVE and exploitation-in-the-wild signals from Telegram CTI channels. Filters: severity, min_confidence, since, tag(cve|exploit|poc|patch), ttp, type(cve), limit, offset. Returns CVE IDs, affected products, exploit status.

C2 infrastructure from Telegram. Filters: framework(cobalt_strike|sliver|havoc|brute_ratel), severity, min_confidence, since, tag, limit, offset. Returns items[] with C2 IPs/domains, MITRE TTPs, confidence.

Malware family intelligence from Telegram: new sample drops, behavior analysis, loader/stealer/RAT/backdoor writeups. Filters: severity, min_confidence, since, tag(stealer|loader|rat|backdoor), limit, offset.

Live CISA ICS-CERT advisories filtered by vendor or sector. Pass ?vendor=siemens or ?sector=energy. Returns advisory IDs, CVSS scores, CVE lists, OT severity, and sector tags. Up to 25 results.

OT-contextualised CVE triage for ICS/SCADA. Pass ?id=CVE-XXXX-XXXX. Returns OT-adjusted severity, cyber-physical impact, patch feasibility, CISA KEV status, and prioritised action. DeepSeek-enriched with live NVD and CISA-KEV data.

ICS malware encyclopedia. Pass ?name=PIPEDREAM. Returns capabilities, targeted OT protocols, attributed actor, affected vendors, detection signatures, and MITRE ATT&CK ICS techniques. Covers PIPEDREAM, TRITON, INDUSTROYER2, CRASHOVERRIDE, FROSTYLOOP, BLACKENERGY.

IOC feed from Telegram CTI channels. Filters: type(ip|domain|url|hash|cve), severity, min_confidence, since, tlp, tag, channel, limit, offset. Returns items[] with iocs[], ttps[], confidence, severity, tlp, tags[].

IOC enrichment with ICS campaign context. Pass ?value=1.2.3.4&type=ip or type=domain. Queries AlienVault OTX, AbuseIPDB, and DeepSeek CTI for OT campaign association. Returns verdict on whether the IOC is linked to ICS-targeting campaigns.

Threat actor profiles from Telegram. Filters: name, nation_state(kp|ru|cn|ir), motivation(financial|espionage|hacktivism), ttp, severity, limit. Returns items[] with actor{}, ttps[], target{sectors,countries}.