Web services

Beta feature: It is planned that the APIs described here will become stable and permanent features in the product. Siren will take a best effort approach to fix any issues, but the APIs are not subject to the support SLA of official GA features. Caution should be exercised in their use, as there might be breaking changes to these APIs in a future version.

You can use Web services in Siren Investigate to dynamically retrieve data from external APIs. This data can be stored in Elasticsearch and relationally linked to your existing data.

Web services can be invoked in any of the following ways:

  • By using the Query Web services visualization, which can be added to dashboards.

  • By using a script.

  • In Siren Alert watchers.

The data that is derived from Web services can be used in a temporary way by a script, or it can be automatically stored in Elasticsearch indices, as defined in the Web service driver.

To the end user, the resulting data can then be seen in the graph or on dashboards, the same as any other data in Siren Investigate.

Web service drivers

Web services are provided by installing Web service driver plugins into Siren Investigate.

A Web service driver contains a group of Web services, each connecting a user to different endpoints of an external vendor’s API.

Siren Investigate provides the following example Web services:

  • Webhose: An API for news and cybersecurity-related information.

  • JsonWHOIS: An API that retrieves WHOIS data for all domains.

  • Twitter: A range of APIs for engaging with Twitter data.

For example, Webhose exposes a cybersecurity-based API that returns different types of useful data.

One part of this API returns news articles, while another uncovers potential data leaks in an organisation. The Webhose service group contains the "News" and "LeakSearch" Web services.

Siren Investigate provides a growing list of integrated Web services, but you can also create your own web service drivers for APIs that you know how to query.