API Integrations

We provide extensions for the major open source threat intelligence platforms. If you use any of them, you can easy integrate our service.

  1. MISP module for MAC Vendor Lookup API
  2. YETI module for MAC Vendor Lookup API
  3. Splunk module for MAC Vendor Lookup API

MISP module for MAC Vendor Lookup API

MAC address Vendor Lookup API is available as an extension for MISP – Open Source Threat Intelligence Platform. It allows making instant MAC Vendor Lookup for the MAC address attributes. To get vendor details and other information provided by the API, you only need to hover over the MAC address attribute value.

Prerequisites

  1. You need a MISP instance up and running. To install and configure it, please refer to the official documentation.
  2. Ensure that your misp-modules are up-to-date.

Configuring the extension

  1. Log in to your MISP instanceLog in to your MISP instance
  2. Go to Main menu > Administration > Server Settings & MaintenanceGo to Main menu > Administration > Server Settings & Maintenance
  3. Click on the Plugin settings tab and select the Enrichment optionClick on the Plugin settings tab and select the Enrichment option
  4. Enable the module by setting the Plugin.Enrichment_macaddress_io_enabled option to trueEnable the module by setting the Plugin.Enrichment_macaddress_io_enabled option to true
  5. Provide your API key by setting the Plugin.Enrichment_macaddress_io_api_key valueProvide your API key by setting the Plugin.Enrichment_macaddress_io_api_key value

Using the extension

  1. Go to Event Actions > Add Event and create an eventGo to Event Actions > Add Event and create an event
  2. Add a mac-address attribute to the event, and set Value to a sample MAC addressAdd a mac-address attribute to the event, and set Value to a sample MAC address
  3. Move your mouse over the new attribute, and MAC lookup details will pop-upMove your mouse over the new attribute, and MAC lookup details will pop-up

YETI module for MAC Vendor Lookup API

MAC address Vendor Lookup API is available as an extension for YETI – Your Everyday Threat Intelligence. It allows performing instant MAC Vendor Lookup for the MAC address observables. To get vendor details and other information provided by the API, you only need to run investigation for the MAC address attribute value.

Prerequisites

  1. You need a YETI instance up and running. To install and configure it, please refer to theofficial documentation.

Configuring the extension

  1. Log in to your YETI instance.Log in to your YETI instance
  2. Go to Profile.Go to 'Profile'
  3. Provide your API key by setting the macaddress.io API KEY value and click Save.Provide your API key by setting the macaddress.io API KEY value and click 'Save'

Using the extension

  1. Create new investigation. Go to New > Investigation.Create new investigation. Go to 'New' > 'Investigation'Create new investigation. Go to 'New' > 'Investigation'
  2. Then click Go to Graph.Then click 'Go to Graph'
  3. Click + button to add a new observable.Click '+' button to add a new observableClick '+' button to add a new observable
  4. Click the icon of the MAC address observable added.Click the icon of the MAC address observable added
  5. Go to Actions > Analytics.Go to Actions > Analytics
  6. Click Run to start the Mac Address Vendor Lookup analytics.Click 'Run' to start the Mac Address Vendor Lookup analytics
  7. Click See Results to see the results.Click 'See Results' to see the results
  8. In order to see the API’s raw response, click Display raw results.In order to see the API’s raw response, click 'Display raw results'
  9. Now, you can refresh the page and go to Info to see the contexts added.Now, you can refresh the page and go to 'Info' to see the contexts added
  10. The contexts are also available within the Observables view. Just go to Main page, fill in the MAC address and press Launch.The contexts are also available within the Observables view. Just go to Main page, fill in the MAC address and press 'Launch'Finally, choose the observable found.Finally, choose the observable found.MAC address vendor lookup resulsts (macaddress.io)

Splunk module for MAC Vendor Lookup API

MAC address Vendor Lookup API is available as an extension for Splunk. It allows doing instant MAC Vendor Lookup and provides an external lookup for enriching MAC addresses with extra details, as well as dashboards which help to visualize MAC address details.

Prerequisites

  1. You need a Splunk instance up and running. To install and configure it, please refer to the official documentation.

Configuring the extension

  1. Log in to your Splunk instance.Log in to your Splunk instance
  2. Download and install the application. You can do it from within Splunk.Download and install the application
  3. You can start the configuration immediately once the application is installed and run.You can start the configuration immediately once the application is installed and run.Also, you can configure the application on the Apps page. Click Set up near the application name.You can configure the application on the Apps page.
  4. Fill in your API key and click Save.Fill in your API key and click Save

Using the extension

  1. Add data to Splunk. In this tutorial, we use a CSV file containing MAC addresses, but you're free to use any other approaches described in the official Splunk documentation. Go to Settings > Add data.Add data to Splunk.
  2. Click Upload files from my computer.Click Upload files from my computer.
  3. Select your file and press Next.Select your file and press Next.
  4. We need to configure the timestamp extraction (the name of the corresponding Splunk option on the view) as Current and fill in CSV columns names. Then click Next. In the modal appeared, choose whether or not you’d like to save the source type changes.Configure the timestamp extraction.Save the source type changes.
  5. On the Input Settings page, choose the index to which you’d like to save your data. It’s possible to use our pre-built "mac_addresses’ index or another one. Then click Review.Move your mouse over the new attribute, and MAC lookup details will pop-up
  6. After reviewing, click Start searching or just go to Apps > Search & Reporting. You can add a lookup clause following your search query. Then choose the time period and click the Search icon.Choose the index to which you’d like to save your data.Start searching.
  7. Once the results have appeared, you can expand each event to see enriched properties. To perform more comprehensive searches, take a look at the corresponding official documentation.Expand each event to see enriched properties.

Advanced usage

MAC address vendor lookup for Splunk provides some pre-built dashboards you can use.

  1. Firstly, let’s make some visualization based on the MAC addresses found. Go to Apps > MAC Address Vendor Lookup > Dashboard.
  2. Fill in the index name "mac_addresses” and the field containing the MAC addresses in the source data.
  3. Then choose the fields which are supposed to be visible in the drilldown.Choose the fields which are supposed to be visible in the drilldown.
  4. Submit the form and wait for the result. It may take a while depending on the size of your dataset. Optionally, you can export a PDF report.Submit the form and wait for the result.
  5. Besides, you can use instant MAC vendor lookup from within the application. Go to Apps > MAC Address Vendor Lookup > MAC Address Vendor Lookup Fill in one or more comma-separated mac addresses. Select visible fields and submit the form.You can use instant MAC vendor lookup from within the application.
MAC address client library in Python languageMAC address client library in PHP languageNode.js MAC address client library

API Libraries

To make coding against MAC address API easier, use client libraries that reduce the amount of code you need to write.
MISP module for MAC Vendor Lookup APIYETI module for MAC Vendor Lookup APISplunk module for MAC Vendor Lookup API

API Integrations

We provide extensions for the major open source threat intelligence platforms. If you use any of them, you can easy integrate our service.
MAC address command-line utility

API Utilities

To make coding against MAC address API easier, use command-line utilities that reduce the amount of code you need to write.

Pricing plans for all team sizes

Our MAC Address API has a transparent pricing model suitable for business of any size. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.

Billed MonthlyBilled Annually🎁 2 months FREE
MAC AddressBasic

$29 / month

Up to 1,000 API requests per day

MAC AddressProfessional

$99 / month

Up to 25,000 API requests per day

MAC AddressEnterprise

Ask for a quote

Custom API requests per day

You’ll be in good company

FlexWebAfricaWeWorkGuardDogCyberCNS

Contact Us

Got a technical issue? Want to send feedback about data feeds? Need details about our plans? Let us know. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.