Source Monitoring
If you're looking to monitor OSINT sources for new content of a specific type, and perhaps to kick off workflows when the content is released? You're in the right place.
First, use the below endpoint to enumerate the list of sources that Mallory covers.
Retrieve a list of all source configurations.
Authorizations
Responses
200
Successful Response
application/json
404
Not found
get
GET /v1/sources HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*
{
"count": 1,
"sources": [
{
"description": "text",
"first_reference_created_at": "2025-06-27T09:51:05.152Z",
"last_reference_created_at": "2025-06-27T09:51:05.152Z",
"options": {
"match_url_patterns": [
"text"
],
"reference_type": "text",
"reliability": 1,
"type_hint": "text"
},
"reference_count": 1,
"slug": "text"
}
]
}Alternatively, you can query the /v1/references endpoint to get a list of references
If you'd like to limit to a specific source (slug) mentioned, above, you can use the 'filter' parameter with the value: "source:[SLUG]" where [SLUG] is the source's slug found in the source index.
Authorizations
Query parameters
filterstringOptional
A string used to filter references. Allowed filter terms:
source:: filter by source. (exact match - lowercase)domain:: filter by domain. (case insensitive substring filter)url:: filter by url. (case insensitive substring filter)title:: filter the title for a string. (case insensitive substring filter)embedding:: filter by content chunk embeddingtype:: filter by type. (exact match - converted to uppercase)- If no prefix is provided, the filter will be conducted on the url.
sortstringOptionalDefault:
Field to sort by - either created_at, updated_at, published_at, or collected_at
published_atPattern: ^(published_at|collected_at|created_at|updated_at)$orderstringOptionalDefault:
Sort order - either asc or desc
descPattern: ^(asc|desc)$offsetintegerOptionalDefault:
The number of items to skip before starting to collect the result set.
0user_generated_contentbooleanOptionalDefault:
Whether to include user-generated content in the response.
falselimitinteger · min: 1OptionalDefault:
The maximum number of items to return.
100Responses
200
Successful Response
application/json
404
Not found
422
Validation Error
application/json
get
GET /v1/references HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*
{
"data": [
{
"authors": [
"text"
],
"collected_at": "2025-06-27T09:51:05.152Z",
"content_chunk_uuids": [
"text"
],
"content_type": "text",
"created_at": "2025-06-27T09:51:05.152Z",
"published_at": "2025-06-27T09:51:05.152Z",
"screenshotted_at": "2025-06-27T09:51:05.152Z",
"source": "text",
"topic": "text",
"type": "STRUCTURED",
"updated_at": "2025-06-27T09:51:05.152Z",
"url": "text",
"url_hash": "text",
"user_generated_content": true,
"uuid": "text"
}
],
"limit": 1,
"message": "text",
"offset": 1,
"total": 1
}Now that you have the source and references you want to see, you can query each reference to get the detailed content and analysis. To do this, use the endpoint below.
Retrieve a reference by its identifier.
- identifier: The unique hash of the URL or UUID to retrieve the reference for.
This endpoint returns the reference object associated with the given URL hash. If no reference is found, a 404 error is returned.
Authorizations
Path parameters
identifierstringRequired
The unique hash of the URL or UUID to retrieve the reference for
Responses
200
Successful Response
application/json
404
Not found
422
Validation Error
application/json
get
GET /v1/references/{identifier} HTTP/1.1
Host: api.mallory.ai
Authorization: YOUR_API_KEY
Accept: */*
{
"authors": [
"text"
],
"collected_at": "2025-06-27T09:51:05.152Z",
"content_chunk_uuids": [
"text"
],
"content_chunks": [
{
"analysis_object": {
"complete": false,
"content_channels": {
"agentic_ai_security": true,
"ai_security": true,
"analysis_type": "text",
"application_security": true,
"browser_security": true,
"cloud_security": true,
"data_breach": true,
"exploitation": true,
"indicator_of_compromise": true,
"iot_security": true,
"law_enforcement": true,
"malware": true,
"network_security": true,
"new_product": true,
"patch": true,
"phishing": true,
"ransomware": true,
"regulatory_body": true,
"threat_actor": true,
"ttp": true,
"venture_capital": true,
"version": 1,
"vulnerability": true,
"windows_security": true
},
"content_hash": "text",
"meta": {
"analysis_type": "text",
"cyber_intel_content": true,
"cyber_marketing_content": true,
"disparate_topics": true,
"exploit_code": true,
"mailing_list_discussion": true,
"software_advisory": true,
"version": 1
},
"regex_entity": {
"analysis_type": "regex_entity",
"threat_actors": [
"text"
]
},
"regex_ioc": {
"analysis_type": "regex_ioc",
"asns": [
"text"
],
"attack_mitigations": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"attack_tactics": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"attack_techniques": {
"ANY_ADDITIONAL_PROPERTY": [
"text"
]
},
"authentihashes": [
"text"
],
"bitcoin_addresses": [
"text"
],
"cves": [
"text"
],
"domains": [
"text"
],
"email_addresses": [
"text"
],
"email_addresses_complete": [
"text"
],
"file_paths": [
"text"
],
"google_adsense_publisher_ids": [
"text"
],
"google_analytics_tracker_ids": [
"text"
],
"imphashes": [
"text"
],
"ipv4_cidrs": [
"text"
],
"ipv4s": [
"text"
],
"ipv6s": [
"text"
],
"mac_addresses": [
"text"
],
"md5s": [
"text"
],
"monero_addresses": [
"text"
],
"registry_key_paths": [
"text"
],
"sha1s": [
"text"
],
"sha256s": [
"text"
],
"sha512s": [
"text"
],
"ssdeeps": [
"text"
],
"tlp_labels": [
"text"
],
"urls": [
"text"
],
"user_agents": [
"text"
],
"xmpp_addresses": [
"text"
]
},
"source": "text",
"summary_and_fact_extraction": {
"analysis_type": "text",
"facts": [
"text"
],
"synopsis": "text",
"version": 1
},
"targeted_analysis": [
{
"analysis_type": "text",
"co_investors": [
"text"
],
"funded_organizations": [
"text"
],
"funding_amount": "text",
"funding_date": "text",
"funding_details": "text",
"funding_purpose": "text",
"funding_round": "text",
"investors": [
"text"
],
"lead_investor": "text",
"previous_funding": "text",
"version": 1
}
],
"triage": {
"analysis_type": "text",
"breach_entities": [
"text"
],
"campaign_entities": [
"text"
],
"detailed_ttps_discussed": true,
"funding_mention": true,
"investment_firm_entities": [
"text"
],
"ioc_mention": true,
"law_enforcement_entities": [
"text"
],
"location_entities": [
"text"
],
"malware_entities": [
"text"
],
"organization_entities": [
"text"
],
"patch_entities": [
"text"
],
"person_entities": [
"text"
],
"product_entities": [
"text"
],
"references": [
"text"
],
"regulatory_body_entities": [
"text"
],
"technique_or_tactic_entities": [
"text"
],
"threat_actor_entities": [
"text"
],
"version": 1,
"vulnerability_entities": [
"text"
]
},
"url_hash": "text"
},
"analyzed_at": "2025-06-27T09:51:05.152Z",
"content_type": "text",
"created_at": "2025-06-27T09:51:05.152Z",
"extracted_content": {
"authors": [
"text"
],
"collected_date": "2025-06-27T09:51:05.152Z",
"content": "text",
"content_hash": "text",
"content_type": "text",
"published_date": "text",
"published_date_str": "text",
"source": "text",
"topic": "text",
"url": "text",
"url_hash": "text"
},
"hash": "text",
"updated_at": "2025-06-27T09:51:05.152Z",
"uuid": "text"
}
],
"content_type": "text",
"created_at": "2025-06-27T09:51:05.152Z",
"published_at": "2025-06-27T09:51:05.152Z",
"screenshot_url": "text",
"screenshotted_at": "2025-06-27T09:51:05.152Z",
"source": "text",
"topic": "text",
"type": "STRUCTURED",
"updated_at": "2025-06-27T09:51:05.152Z",
"url": "text",
"url_hash": "text",
"user_generated_content": true,
"uuid": "text"
}That's it! New sources are added all the time, so check back soon for more.
Last updated