def get_all_indicators(self,
author_name=None,
modified_since=None,
indicator_types=IndicatorTypes.all_types,
limit=20,
max_page=None,
max_items=None):
"""
Get all the indicators contained within your pulses of the IndicatorTypes passed.
By default returns all IndicatorTypes.
:param indicator_types: IndicatorTypes to return
:param author_name limit indicators to ones found in pulses authored by author_name
:param modified_since limit indicators to ones found in pulses modified since modified_since
:include_inactive include indicators that are set to inactive (due to expiration typically)
:return: yields the indicator object for use
"""
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter(author_name=author_name,
modified_since=modified_since,
limit=limit,
max_page=max_page,
max_items=max_items):
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator
def validate_indicator(self, indicator_type, indicator, description=""):
"""
The goal of validate_indicator is to aid you in pulse creation. Use this method on each indicator before
calling create_pulse to ensure success in the create call. If you supply invalid indicators in a create call,
the pulse will not be created.
:param indicator: indicator value (string)
:param indicator_type: an IndicatorTypes object (i.e. IndicatorTypes.DOMAIN)
:param description: a short descriptive string can be sent to the validator for length checking
:return:
"""
if not indicator:
raise ValueError("please supply `indicator` when calling validate_indicator")
if not indicator_type:
raise ValueError("please supply `indicator` when calling validate_indicator")
# if caller supplied object instance, use name field
if isinstance(indicator_type, IndicatorTypes.IndicatorTypes):
indicator_type = indicator_type.name
elif indicator_type not in IndicatorTypes.to_name_list(IndicatorTypes.all_types):
raise ValueError("Indicator type: {} is not a valid type.".format(indicator_type))
# indicator type is valid, let's valdate against the otx api
body = {
'indicator': indicator,
'type': indicator_type,
'description': description
}
response = self.post(self.create_url(VALIDATE_INDICATOR), body=body)
return response
def validate_indicator(self, indicator_type, indicator, description=""):
"""
The goal of validate_indicator is to aid you in pulse creation. Use this method on each indicator before
calling create_pulse to ensure success in the create call. If you supply invalid indicators in a create call,
the pulse will not be created.
:param indicator: indicator value (string)
:param indicator_type: an IndicatorTypes object (i.e. IndicatorTypes.DOMAIN)
:param description: a short descriptive string can be sent to the validator for length checking
:return:
"""
if not indicator:
raise ValueError(
"please supply `indicator` when calling validate_indicator")
if not indicator_type:
raise ValueError(
"please supply `indicator` when calling validate_indicator")
# if caller supplied object instance, use name field
if isinstance(indicator_type, IndicatorTypes.IndicatorTypes):
indicator_type = indicator_type.name
elif indicator_type not in IndicatorTypes.to_name_list(
IndicatorTypes.all_types):
raise ValueError("Indicator type: {} is not a valid type.".format(
indicator_type))
# indicator type is valid, let's valdate against the otx api
body = {
'indicator': indicator,
'type': indicator_type,
'description': description
}
response = self.post(self.create_url(VALIDATE_INDICATOR), body=body)
return response
def get_all_indicators(self, indicator_types=IndicatorTypes.all_types, max_page=None):
"""
Get all the indicators contained within your pulses of the IndicatorTypes passed.
By default returns all IndicatorTypes.
:param indicator_types: IndicatorTypes to return
:return: yields the indicator object for use
"""
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter(max_page=max_page):
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator
def get_all_indicators(self, author_name=None, modified_since=None, indicator_types=IndicatorTypes.all_types, limit=20, max_page=None):
"""
Get all the indicators contained within your pulses of the IndicatorTypes passed.
By default returns all IndicatorTypes.
:param indicator_types: IndicatorTypes to return
:return: yields the indicator object for use
"""
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter(author_name=author_name, modified_since=modified_since, limit=limit, max_page=max_page):
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator
def get_all_indicators(self, author_name=None, modified_since=None, indicator_types=IndicatorTypes.all_types, limit=20, max_page=None, max_items=None):
"""
Get all the indicators contained within your pulses of the IndicatorTypes passed.
By default returns all IndicatorTypes.
:param indicator_types: IndicatorTypes to return
:return: yields the indicator object for use
"""
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter(author_name=author_name, modified_since=modified_since, limit=limit, max_page=max_page, max_items=max_items):
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator
def get_all_indicators(self, indicator_types=IndicatorTypes.all_types):
"""
Get all the indicators contained within your pulses of the IndicatorTypes passed.
By default returns all IndicatorTypes.
:param indicator_types: IndicatorTypes to return
:return: yields the indicator object for use
"""
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter():
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator
def get_all_indicators(self,
author_name=None,
modified_since=None,
indicator_types=IndicatorTypes.all_types,
limit=20,
max_page=None):
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter(author_name=author_name,
modified_since=modified_since,
limit=limit,
max_page=max_page):
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator
def otx_report(type, indicator):
''' AlienVault Open Threat Exchange interface.
Supported indicator types: "IPv4", "IPv6", "domain", "hostname", "URL", "FileHash-MD5", "FileHash-SHA1", "FileHash-SHA256", "CVE". '''
if type not in IndicatorTypes.to_name_list(IndicatorTypes.supported_api_types):
raise Exception("Indicator type %s not supported!" % type)
def find_by_type(type):
for indicator in IndicatorTypes.supported_api_types:
if indicator.name == type:
return indicator
raise Exception("Indicator type %s not supported!" % type)
if not len(config.OTX_APIKEY):
return jsonify({"error": "NO API KEY"}), 200
otx = OTXv2(config.OTX_APIKEY, server='https://otx.alienvault.com/')
return jsonify(otx.get_indicator_details_full(find_by_type(type), indicator)), 200
def get_all_indicators(self, author_name=None, modified_since=None, indicator_types=IndicatorTypes.all_types, limit=20, max_page=None):
name_list = IndicatorTypes.to_name_list(indicator_types)
for pulse in self.getall_iter(author_name=author_name, modified_since=modified_since, limit=limit, max_page=max_page):
for indicator in pulse["indicators"]:
if indicator["type"] in name_list:
yield indicator