Skip to content

Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.

License

Notifications You must be signed in to change notification settings

cjkoral/OTX-Python-SDK

 
 

Repository files navigation

Build Status

OTX-Python-SDK

Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.

OTX Direct Connect agents provide a way to automatically update your security infrastructure with pulses you have subscribed to from with Open Threat Exchange. By using Direct Connect, the indicators contained within the pulses you have subscribed to can be downloaded and made locally available for other applications such as Intrusion Detection Systems, Firewalls, and other security-focused applications.

OTX DirectConnect Python SDK

OTX DirectConnect provides a mechanism to automatically pull indicators of compromise from the Open Threat Exchange portal into your environment. The DirectConnect API provides access to all Pulses that you have subscribed to in Open Threat Exchange (https://otx.alienvault.com).

  1. Clone this repo
  2. Run (from the root directory) pip install . or python setup.py install
  3. Integrate into your codebase (see Python Notebook example below)

For more information about the particular API calls see https://otx.alienvault.com/api (Endpoint details on 'docs' tab)

Installation and Python Notebook Usage

  1. Clone this repo
  2. Install pandas

pip install pandas

  1. Install python notebook (http://jupyter.readthedocs.org/en/latest/install.html)

pip install jupyter

  1. Run notebook

jupyter notebook howto_use_python_otx_api.ipynb

Example Code

Please see tests/test_client.py and https://otx.alienvault.com/api/ for examples of the SDK in use. A trivial example is below:

from OTXv2 import OTXv2
otx = OTXv2("API_KEY")
indicators = otx.get_pulse_indicators("pulse_id")
for indicator in indicators:
    print indicator["indicator"] + indicator["type"]

About

Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Jupyter Notebook 64.1%
  • Python 35.9%