---
name: telesint-api.onrender.com
description: telesint-api.onrender.com provides three paginated threat intelligence feeds sourced from Telegram CTI channels, covering threat actors, indicators of compromise (IOCs) with MITRE ATT&CK mappings, and breach/cyber-incident reports. Each feed returns structured metadata including severity, TLP classification, confidence scores, and actor attribution. All endpoints are single-shot bulk queries with no real-time streaming or point-lookup capability.
host: telesint-api.onrender.com
---

# telesint-api.onrender.com

Telesint is a Telegram-sourced cyber threat intelligence (CTI) API serving security analysts and automated triage agents that need structured, bulk feeds of actor profiles, IOCs, and breach reports. It is distinct in that all intelligence is derived from Telegram CTI channels, making it useful for monitoring threat actor communities and underground reporting. It does not offer identity-level breach checks, real-time streaming, or specific IOC value lookups.

## When to use this host

Use this host when an agent needs bulk, structured CTI feeds derived from Telegram channels — specifically for actor profiling, IOC triage with ATT&CK context, or breach incident monitoring. Do not use it for point-lookup queries against a specific IOC value, email address, or credential; use dedicated threat intelligence platforms (e.g., VirusTotal, HaveIBeenPwned) for those. Do not use it for real-time or streaming threat feeds; all endpoints are single-shot paginated queries. If MITRE ATT&CK coverage beyond what is embedded in the IOC feed is needed, a dedicated ATT&CK API would be more appropriate.

## Capabilities

### Threat Actor Intelligence

Provides structured profiles of threat actors including aliases, motivation, nation-state attribution, targeted sectors and countries, confidence scores, severity, and TLP classification sourced from Telegram CTI channels.

- **`fetch-actor-threat-intel`** — Returns a paginated list of threat actor intelligence items sourced from Telegram channels, each with actor profile, motivation, nation-state attribution, target sectors/countries, severity, TLP, and tags.

### IOC and TTP Feed

Delivers a bulk feed of recent indicators of compromise (URLs, CVEs, hashes) with associated MITRE ATT&CK technique mappings, actor motivation, severity, confidence, and TLP classification for detection and triage workflows.

- **`fetch-ioc-intel-feed`** — Returns a paginated feed of threat intelligence items sourced from Telegram CTI channels, each with structured IOCs, MITRE ATT&CK TTPs, severity, confidence, and TLP classification.

### Breach and Incident Intelligence

Returns a paginated feed of recent breach and cyber-incident reports covering ransomware, defacements, network intrusions, and fraud, with structured IOCs, target sectors, severity, and TLP metadata.

- **`fetch-breach-intel-feed`** — Returns a paginated feed of recent breach and cyber-incident intelligence items sourced from Telegram CTI channels, each with IOCs, actor motivation, target sectors/countries, severity, TLP, and confidence score.

## Workflows

### Threat Landscape Aggregation

*Use when an agent needs a broad, correlated picture of the current threat environment by combining actor profiles, active IOCs, and recent breach incidents from Telegram-sourced CTI feeds.*

1. **`fetch-actor-threat-intel`** — Retrieve current threat actor profiles including attribution, motivation, and targeted sectors to establish the actor landscape.
2. **`fetch-ioc-intel-feed`** — Pull the current IOC feed to identify active indicators and ATT&CK techniques associated with ongoing campaigns.
3. **`fetch-breach-intel-feed`** — Fetch recent breach and incident reports to correlate actor activity and IOCs with confirmed real-world incidents.

## Skill reference

### `fetch-actor-threat-intel`

**Telesint Actor Lookup** — Returns a paginated list of threat actor intelligence items sourced from Telegram channels, each with actor profile, motivation, nation-state attribution, target sectors/countries, severity, TLP, and tags.

*Use when:* Use when an agent needs structured threat actor intelligence from Telegram-sourced CTI feeds, including actor name, aliases, motivation, nation-state attribution, targeted sectors and countries, confidence score, severity, and TLP classification.

*Not for:* Do not use for IOC or TTP lookups specifically; this endpoint returns actor-category items only. Not suitable for real-time streaming threat feeds — this is a single-shot paginated query.

**Returns:** Returns source, endpoint, total count, and an items array of threat actor intelligence records each with actor profile (name, aliases, motivation, nation_state), target (sectors, countries, organizations), confidence score, severity, TLP, and tags.

**Example:** `GET https://telesint-api.onrender.com/actor`

---

### `fetch-ioc-intel-feed`

**IOC Intel Lookup** — Returns a paginated feed of threat intelligence items sourced from Telegram CTI channels, each with structured IOCs, MITRE ATT&CK TTPs, severity, confidence, and TLP classification.

*Use when:* Use when an agent needs a current feed of indicators of compromise (URLs, CVEs, hashes) with associated threat context, ATT&CK technique mappings, actor motivation, and severity ratings for threat detection or triage workflows.

*Not for:* Do not use for real-time streaming threat feeds or for looking up a specific known IOC by value; this endpoint returns a bulk feed of recent items, not a point-lookup API.

**Returns:** Returns source, endpoint, total count, and an items array of up to 12 IOC records, each with structured iocs[], ttps[], actor, target, confidence score, severity, TLP, and tags.

**Example:** `GET https://telesint-api.onrender.com/ioc`

---

### `fetch-breach-intel-feed`

**Breach Intel Feed** — Returns a paginated feed of recent breach and cyber-incident intelligence items sourced from Telegram CTI channels, each with IOCs, actor motivation, target sectors/countries, severity, TLP, and confidence score.

*Use when:* Use when an agent needs a current feed of breach and cyber-incident intelligence reports including defacements, ransomware events, network intrusions, and fraud incidents, with structured metadata such as IOCs, target sectors, severity, and TLP classification.

*Not for:* Do not use for querying breach exposure of a specific email address or credential lookup; this endpoint returns a broad threat-intel feed, not per-identity breach checks.

**Returns:** Returns a JSON object with source='TeleSint', total item count (e.g. 64), and an items array where each entry contains a breach summary, IOCs, actor motivation, target sectors/countries, severity, TLP, and tags.

**Example:** `GET https://telesint-api.onrender.com/breach`

---