empayre/OTX-Python-SDK
14
0
Fork 0
mirror of https://github.com/empayre/OTX-Python-SDK.git synced 2024-11-06 09:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add a few utility API as well as some constants to make it easier to manipulate

Browse Source
This commit is contained in:
rspitler 2016-02-23 16:54:55 -06:00
parent eb8f9f780f
commit 265043d604
3 changed files with 94 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
IndicatorTypes.py Normal file
View File

@ -0,0 +1,69 @@
class IndicatorTypes(object):
def __init__(self, name, description):
self.name = name
self.description = description
IPv4 = IndicatorTypes(name="IPv4",
description="An IPv4 address indicating the online location of a server or other computer.")
IPv6 = IndicatorTypes(name="IPv6",
description="An IPv6 address indicating the online location of a server or other computer.")
DOMAIN = IndicatorTypes(name="domain",
description="A domain name for a website or server. Domains encompass a series of hostnames.")
HOSTNAME = IndicatorTypes(name="hostname", description="The hostname for a server located within a domain.")
EMAIL = IndicatorTypes(name="email", description="An email associated with suspicious activity.")
URL = IndicatorTypes(name="URL",
description=" Uniform Resource Location (URL) summarizing"
" the online location of a file or resource.")
URI = IndicatorTypes(name="URI",
description="Uniform Resource Indicator (URI) describing"
" the explicit path to a file hosted online.")
FILE_HASH_MD5 = IndicatorTypes(name="FileHash-MD5",
description="A MD5-format hash that summarizes"
" the architecture and content of a file.")
FILE_HASH_SHA1 = IndicatorTypes(name="FileHash-SHA1",
description="A SHA-format hash that summarizes"
" the architecture and content of a file.")
FILE_HASH_SHA256 = IndicatorTypes(name="FileHash-SHA256",
description="A SHA-256-format hash that summarizes"
" the architecture and content of a file.")
FILE_HASH_PEHASH = IndicatorTypes(name="FileHash-PEHASH",
description="A PEPHASH-format hash that summarizes the"
" architecture and content of a file.")
FILE_HASH_IMPHASH = IndicatorTypes(name="FileHash-IMPHASH",
description="An IMPHASH-format hash that summarizes"
" the architecture and content of a file.")
CIDR = IndicatorTypes(name="CIDR",
description="Classless Inter-Domain Routing (CIDR) address, which"
" describes both a server's IP address and the network"
" architecture (routing path) surrounding that server.")
FILE_PATH = IndicatorTypes(name="FilePath", description="A unique location in a file system.")
MUTEX = IndicatorTypes(name="Mutex",
description="The name of a mutex resource describing the"
" execution architecture of a file.")
CVE = IndicatorTypes(name="CVE",
description="Common Vulnerability and Exposure (CVE) entry"
" describing a software vulnerability that can be"
" exploited to engage in malicious activity.")
all_types = [IPv4,
IPv6,
DOMAIN,
HOSTNAME,
EMAIL,
URL,
URI,
FILE_HASH_MD5,
FILE_HASH_SHA1,
FILE_HASH_SHA256,
FILE_HASH_PEHASH,
FILE_HASH_IMPHASH,
CIDR,
FILE_PATH,
MUTEX,
CVE]
def to_name_list(indicator_type_list):
return [indicator_type.name for indicator_type in indicator_type_list]

32
OTXv2.py
View File

@ -3,12 +3,13 @@
import json
import logging
import IndicatorTypes
API_V1_ROOT = "{}/api/v1/"
PULSES_ROOT = "{}/pulses".format(API_V1_ROOT)
SUBSCRIBED = "{}/subscribed".format(PULSES_ROOT)
EVENTS = "{}/events".format(PULSES_ROOT)
try:
# For Python2
from urllib2 import URLError, build_opener, ProxyHandler
@ -41,10 +42,11 @@ class OTXv2(object):
Main class to interact with the AlienVault OTX API.
"""
def __init__(self, api_key, proxy=None, server="https://otx.alienvault.com"):
def __init__(self, api_key, proxy=None, server="https://otx.alienvault.com", project="SDK"):
self.key = api_key
self.server = server
self.proxy = proxy
self.sdk = 'OTX Python {}/1.0'.format(project)
def get(self, url):
"""
@ -59,7 +61,7 @@ class OTXv2(object):
request = build_opener()
request.addheaders = [
('X-OTX-API-KEY', self.key),
('User-Agent', 'OTX Python SDK/1.0')
('User-Agent', self.sdk)
]
response = None
try:
@ -75,12 +77,12 @@ class OTXv2(object):
def create_url(self, url_path, **kwargs):
uri = url_path.format(self.server)
uri +="?"
uri += "?"
for parameter, value in kwargs.items():
uri+=parameter
uri+="="
uri+= str(value)
uri+="&"
uri += parameter
uri += "="
uri += str(value)
uri += "&"
return uri
def getall(self, limit=20):
@ -100,7 +102,6 @@ class OTXv2(object):
def getall_iter(self, limit=20):
"""
@DEPRECATED
:param limit:
:return:
"""
@ -137,6 +138,19 @@ class OTXv2(object):
yield r
next = json_data["next"]
def get_all_indicators(self, indicator_types=IndicatorTypes.all_types):
"""
Get all the indicators contained within your pulses of the IndicatorTypes passed.
By default returns all IndicatorTypes.
:param indicator_types: IndicatorTypes to return
:return: yields the indicator object for use
"""
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter():
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator
def getevents_since(self, mytimestamp, limit=20):
"""
Get all events (activity) created or updated since a timestamp

4
setup.py
View File

@ -3,11 +3,11 @@
from distutils.core import setup
setup(name='OTXv2',
version='1.0',
version='1.1',
description='AlienVault OTX API',
author='AlienVault Team',
author_email='otx@alienvault.com',
url='https://github.com/AlienVault-Labs/OTX-Python-SDK',
py_modules=['OTXv2'],
py_modules=['OTXv2','IndicatorTypes'],
install_requires=['simplejson']
)