LIVE Intel Feed
Enterprise API · For CTOs, Security Engineers & SIEM/SOAR Teams

Security Intel,
Delivered as API

Stop copying IOCs from a browser tab into your SIEM. ClawGuru's REST API puts curated threat intelligence, automated indicator checks, and battle-tested remediation runbooks directly inside your security stack — where decisions actually happen.

View API Reference →See Pricing
Why API-First?

Your SIEM doesn't have a browser tab.

Web UI approach (what most teams do)
  • Analyst manually copies IOC from threat report
  • Pastes it into ClawGuru web UI
  • Reads assessment, then manually creates SIEM rule
  • Zero audit trail from intel source to detection rule
  • Doesn't scale beyond 10 indicators/day
ClawGuru API approach
  • SOAR ingests IOC, auto-calls /v1/check-indicator
  • Risk score + tags returned in <200ms
  • SIEM rule created automatically from API response
  • Full audit trail: indicator → intel source → detection rule
  • Scales to 100,000+ indicators/day with metered billing

Enterprise security teams run at machine speed. When a phishing campaign hits at 2 AM, you don't want a human opening a browser — you want your SOAR to automatically score every new IOC, pull the relevant runbook, and trigger remediation within seconds. That's what the ClawGuru API is built for.

API Capabilities

Three endpoints. Unlimited power.

🎯
Indicator Check

POST /v1/check-indicator — assess any IP, domain, hash, or URL against ClawGuru threat intel in real time. Returns risk score, tags, and SIEM-ready action recommendations.

📡
Intel Feed

GET /v1/intel-feed/latest — subscribe to curated, analyst-reviewed threat intelligence. Filter by severity and category. Pipe directly into Splunk, Elastic SIEM, or Microsoft Sentinel.

📖
Runbook Retrieval

GET /v1/runbook/{'{id}'} — programmatically fetch step-by-step remediation playbooks. Your SOAR can attach the right runbook to every incident ticket automatically.

💳
Usage-Based Billing

Pay only for what you use. Each API call reports one unit to Stripe Metered Billing. No seat licenses. No upfront commitments. Scale from 100 to 10 million calls without renegotiating a contract.

🔐
Enterprise Security

API key authentication with per-key rate limiting and usage tracking. Keys are scoped to Stripe subscription items for isolated billing per team or product.

📐
OpenAPI Documented

Full OpenAPI/Swagger-style reference. Generate client SDKs in any language with a single command. Integrate into your existing API gateway or service mesh in under an hour.

Integration Examples

From zero to integrated in < 1 hour.

1
SIEM: Auto-enrich alerts with threat context

Add ClawGuru enrichment to every Splunk, Elastic, or Sentinel alert containing an IP or domain. One lookup. Full context.

# Splunk SOAR Playbook (Python)
import requests

def enrich_indicator(indicator, indicator_type):
    resp = requests.post(
        "https://clawguru.org/api/v1/check-indicator",
        headers={"X-Api-Key": os.environ["CLAWGURU_API_KEY"]},
        json={"indicator": indicator, "type": indicator_type},
        timeout=5,
    )
    data = resp.json()
    return {
        "risk": data["risk"],
        "score": data["score"],
        "tags": data["tags"],
        "actions": data["actions"],
    }
2
SOAR: Attach the right runbook to every incident

When your SOAR creates an incident ticket, automatically fetch and attach the relevant ClawGuru runbook as a remediation guide.

// SOAR Automation (TypeScript / Tines)
const runbook = await fetch(
  `https://clawguru.org/api/v1/runbook/${incidentType}`,
  { headers: { "X-Api-Key": process.env.CLAWGURU_API_KEY } }
).then(r => r.json())

await jira.createComment(ticketId, `
## Remediation Runbook: ${runbook.title}
${runbook.steps.map((s, i) => `${i+1}. ${s}`).join("\n")}
`)
3
CI/CD: Block deploys containing risky dependencies

Integrate ClawGuru into your GitHub Actions pipeline to check domain/hash indicators from npm audit or trivy scans before deploying.

# GitHub Actions – Indicator Check Step
- name: Check suspicious domain
  run: |
    RESULT=$(curl -s -X POST \
      -H "X-Api-Key: ${{ secrets.CLAWGURU_API_KEY }}" \
      -H "Content-Type: application/json" \
      -d '{"indicator":"'$DOMAIN'","type":"domain"}' \
      https://clawguru.org/api/v1/check-indicator)
    RISK=$(echo $RESULT | jq -r '.risk')
    if [ "$RISK" = "high" ]; then
      echo "High-risk indicator detected. Blocking deploy."
      exit 1
    fi
API Pricing

Usage-based. No surprises.

Powered by Stripe Metered Billing. Each API call is one unit. Bills are generated at the end of each monthly period.

Starter
$0.05per call
Up to 10,000 calls/mo
  • All 3 API endpoints
  • 60 req/min rate limit
  • Standard support
  • OpenAPI docs
  • Usage dashboard
Most Popular
Growth
$0.03per call
10k–100k calls/mo
  • All 3 API endpoints
  • 300 req/min rate limit
  • Priority support
  • Webhook usage alerts
  • Volume discount above 100k
Enterprise
CustomSLA
100,000+ calls/mo
  • All 3 API endpoints
  • Unlimited rate limit
  • Dedicated SLA
  • Custom Intel Feed filters
  • On-premises option
Ready to integrate?

Get your Enterprise API key today.

Start with the API Reference and get your first 500 calls on us.

API Reference →
🔒 Quantum-Resistant Mycelium Architecture
🛡️ 3M+ Runbooks – täglich von SecOps-Experten geprüft
🌐 Zero Known Breaches – Powered by Living Intelligence
🏛️ SOC2 & ISO 27001 Aligned • GDPR 100 % compliant
⚡ Real-Time Global Mycelium Network – 347 Bedrohungen in 60 Minuten
🧬 Trusted by SecOps Leaders worldwide