MISP is a very well known tool in the infosec community that enables individuals and teams to work and share indicators and other case relevant information.
The MISP API comes for free with every MISP installation of the free and open source software, so if you want to try it out, go for it. There are various install guides for MISP.
Once your MISP instance is up and running, you can head over to the MISP API documentation.
Among all endpoints I did use the Search endpoint the most. This endpoint can be used to search all your MISP data. You can either just pass a string and search everything, or you filter by dedicates types. The query can be as complicated as you want it to be. Be careful with just value searches, depending on your data size, the requests might take a while to complete.
Another very useful thing after your searched is then pull the events that matched your search. This can be helpful to provide more context to analysts who started the search.
When writing about the MISP API, it is important to mention pyMISP, the Python library to access the MISP REST API. It is maintained by the same people behind MISP, so it is kind of a reference implementation of the API and is very easy to use.
The target audience for the MISP API is researchers, students, DFIR professionals and everyone who has a need to store and query structured data around events.
Want to find more Security APIs? Go and visit my repository: https://github.com/jaegeral/security-apis