Add a few utility API as well as some constants to make it easier to manipulate

IndicatorTypes.py

@@ -0,0 +1,69 @@
+
+
+class IndicatorTypes(object):
+    def __init__(self, name, description):
+        self.name = name
+        self.description = description
+
+
+
+IPv4 = IndicatorTypes(name="IPv4",
+                      description="An IPv4 address indicating the online location of a server or other computer.")
+IPv6 = IndicatorTypes(name="IPv6",
+                      description="An IPv6 address indicating the online location of a server or other computer.")
+DOMAIN = IndicatorTypes(name="domain",
+                        description="A domain name for a website or server. Domains encompass a series of hostnames.")
+HOSTNAME = IndicatorTypes(name="hostname", description="The hostname for a server located within a domain.")
+EMAIL = IndicatorTypes(name="email", description="An email associated with suspicious activity.")
+URL = IndicatorTypes(name="URL",
+                     description=" Uniform Resource Location (URL) summarizing"
+                                 " the online location of a file or resource.")
+URI = IndicatorTypes(name="URI",
+                     description="Uniform Resource Indicator (URI) describing"
+                                 " the explicit path to a file hosted online.")
+FILE_HASH_MD5 = IndicatorTypes(name="FileHash-MD5",
+                               description="A MD5-format hash that summarizes"
+                                           " the architecture and content of a file.")
+FILE_HASH_SHA1 = IndicatorTypes(name="FileHash-SHA1",
+                                description="A SHA-format hash that summarizes"
+                                            " the architecture and content of a file.")
+FILE_HASH_SHA256 = IndicatorTypes(name="FileHash-SHA256",
+                                  description="A SHA-256-format hash that summarizes"
+                                              " the architecture and content of a file.")
+FILE_HASH_PEHASH = IndicatorTypes(name="FileHash-PEHASH",
+                                  description="A PEPHASH-format hash that summarizes the"
+                                              " architecture and content of a file.")
+FILE_HASH_IMPHASH = IndicatorTypes(name="FileHash-IMPHASH",
+                                   description="An IMPHASH-format hash that summarizes"
+                                               " the architecture and content of a file.")
+CIDR = IndicatorTypes(name="CIDR",
+                      description="Classless Inter-Domain Routing (CIDR) address, which"
+                                  " describes both a server's IP address and the network"
+                                  " architecture (routing path) surrounding that server.")
+FILE_PATH = IndicatorTypes(name="FilePath", description="A unique location in a file system.")
+MUTEX = IndicatorTypes(name="Mutex",
+                       description="The name of a mutex resource describing the"
+                                   " execution architecture of a file.")
+CVE = IndicatorTypes(name="CVE",
+                     description="Common Vulnerability and Exposure (CVE) entry"
+                                 " describing a software vulnerability that can be"
+                                 " exploited to engage in malicious activity.")
+all_types = [IPv4,
+             IPv6,
+             DOMAIN,
+             HOSTNAME,
+             EMAIL,
+             URL,
+             URI,
+             FILE_HASH_MD5,
+             FILE_HASH_SHA1,
+             FILE_HASH_SHA256,
+             FILE_HASH_PEHASH,
+             FILE_HASH_IMPHASH,
+             CIDR,
+             FILE_PATH,
+             MUTEX,
+             CVE]
+
+def to_name_list(indicator_type_list):
+        return [indicator_type.name for indicator_type in indicator_type_list]

OTXv2.py

@@ -3,12 +3,13 @@
 import json
 import logging
 
+import IndicatorTypes
+
 API_V1_ROOT = "{}/api/v1/"
 PULSES_ROOT = "{}/pulses".format(API_V1_ROOT)
 SUBSCRIBED = "{}/subscribed".format(PULSES_ROOT)
 EVENTS = "{}/events".format(PULSES_ROOT)
 
-
 try:
     # For Python2
     from urllib2 import URLError, build_opener, ProxyHandler
@@ -41,10 +42,11 @@ class OTXv2(object):
     Main class to interact with the AlienVault OTX API.
     """
 
-    def __init__(self, api_key, proxy=None, server="https://otx.alienvault.com"):
+    def __init__(self, api_key, proxy=None, server="https://otx.alienvault.com", project="SDK"):
         self.key = api_key
         self.server = server
         self.proxy = proxy
+        self.sdk = 'OTX Python {}/1.0'.format(project)
 
     def get(self, url):
         """
@@ -59,7 +61,7 @@ class OTXv2(object):
             request = build_opener()
         request.addheaders = [
             ('X-OTX-API-KEY', self.key),
-            ('User-Agent', 'OTX Python SDK/1.0')
+            ('User-Agent', self.sdk)
         ]
         response = None
         try:
@@ -75,12 +77,12 @@ class OTXv2(object):
 
     def create_url(self, url_path, **kwargs):
         uri = url_path.format(self.server)
-        uri +="?"
+        uri += "?"
         for parameter, value in kwargs.items():
-            uri+=parameter
+            uri += parameter
-            uri+="="
+            uri += "="
-            uri+= str(value)
+            uri += str(value)
-            uri+="&"
+            uri += "&"
         return uri
 
     def getall(self, limit=20):
@@ -100,7 +102,6 @@ class OTXv2(object):
 
     def getall_iter(self, limit=20):
         """
-        @DEPRECATED
         :param limit:
         :return:
         """
@@ -137,6 +138,19 @@ class OTXv2(object):
                 yield r
             next = json_data["next"]
 
+    def get_all_indicators(self, indicator_types=IndicatorTypes.all_types):
+        """
+        Get all the indicators contained within your pulses of the IndicatorTypes passed.
+        By default returns all IndicatorTypes.
+        :param indicator_types: IndicatorTypes to return
+        :return: yields the indicator object for use
+        """
+        name_list = IndicatorTypes.to_name_list(indicator_types)
+        for pulse in self.getall_iter():
+            for indicator in pulse["indicators"]:
+                if indicator["type"] in name_list:
+                    yield indicator
+
     def getevents_since(self, mytimestamp, limit=20):
         """
         Get all events (activity) created or updated since a timestamp

setup.py

@@ -3,11 +3,11 @@
 from distutils.core import setup
 
 setup(name='OTXv2',
-      version='1.0',
+      version='1.1',
       description='AlienVault OTX API',
       author='AlienVault Team',
       author_email='otx@alienvault.com',
       url='https://github.com/AlienVault-Labs/OTX-Python-SDK',
-      py_modules=['OTXv2'],
+      py_modules=['OTXv2','IndicatorTypes'],
       install_requires=['simplejson']
       )