Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.
OTX Direct Connect agents provide a way to automatically update your security infrastructure with pulses you have subscribed to from with Open Threat Exchange. By using Direct Connect, the indicators contained within the pulses you have subscribed to can be downloaded and made locally available for other applications such as Intrusion Detection Systems, Firewalls, and other security-focused applications.
OTX DirectConnect provides a mechanism to automatically pull indicators of compromise from the Open Threat Exchange portal into your environment. The DirectConnect API provides access to all Pulses that you have subscribed to in Open Threat Exchange (https://otx.alienvault.com).
- Clone this repo
- Run (from the root directory)
pip install .
orpython setup.py install
- Integrate into your codebase (see Python Notebook example below)
For more information about the particular API calls see https://otx.alienvault.com/api (Endpoint details on 'docs' tab)
- Clone this repo
- Install pandas
pip install pandas
- Install python notebook (http://jupyter.readthedocs.org/en/latest/install.html)
pip install jupyter
- Run notebook
jupyter notebook howto_use_python_otx_api.ipynb
Please see tests/test_client.py and https://otx.alienvault.com/api/ for examples of the SDK in use. A trivial example is below:
from OTXv2 import OTXv2
otx = OTXv2("API_KEY")
indicators = otx.get_pulse_indicators("pulse_id")
for indicator in indicators:
print indicator["indicator"] + indicator["type"]