コード例 #1
0
ファイル: OTXv2.py プロジェクト: lprat/OTX-Python-SDK
 def get_all_indicators(self,
                        author_name=None,
                        modified_since=None,
                        indicator_types=IndicatorTypes.all_types,
                        limit=20,
                        max_page=None,
                        max_items=None):
     """
     Get all the indicators contained within your pulses of the IndicatorTypes passed.
     By default returns all IndicatorTypes.
     :param indicator_types: IndicatorTypes to return
     :param author_name limit indicators to ones found in pulses authored by author_name
     :param modified_since limit indicators to ones found in pulses modified since modified_since
     :include_inactive include indicators that are set to inactive (due to expiration typically)
     :return: yields the indicator object for use
     """
     name_list = IndicatorTypes.to_name_list(indicator_types)
     for pulse in self.getall_iter(author_name=author_name,
                                   modified_since=modified_since,
                                   limit=limit,
                                   max_page=max_page,
                                   max_items=max_items):
         for indicator in pulse["indicators"]:
             if indicator["type"] in name_list:
                 yield indicator
コード例 #2
0
    def validate_indicator(self, indicator_type, indicator, description=""):
        """
        The goal of validate_indicator is to aid you in pulse creation.  Use this method on each indicator before
        calling create_pulse to ensure success in the create call.  If you supply invalid indicators in a create call,
        the pulse will not be created.

        :param indicator: indicator value (string)
        :param indicator_type: an IndicatorTypes object (i.e. IndicatorTypes.DOMAIN)
        :param description: a short descriptive string can be sent to the validator for length checking
        :return:
        """
        if not indicator:
            raise ValueError("please supply `indicator` when calling validate_indicator")
        if not indicator_type:
            raise ValueError("please supply `indicator` when calling validate_indicator")
        # if caller supplied object instance, use name field
        if isinstance(indicator_type, IndicatorTypes.IndicatorTypes):
            indicator_type = indicator_type.name
        elif indicator_type not in IndicatorTypes.to_name_list(IndicatorTypes.all_types):
            raise ValueError("Indicator type: {} is not a valid type.".format(indicator_type))
        # indicator type is valid, let's valdate against the otx api
        body = {
            'indicator': indicator,
            'type': indicator_type,
            'description': description
        }
        response = self.post(self.create_url(VALIDATE_INDICATOR), body=body)
        return response
コード例 #3
0
ファイル: OTXv2.py プロジェクト: lprat/OTX-Python-SDK
    def validate_indicator(self, indicator_type, indicator, description=""):
        """
        The goal of validate_indicator is to aid you in pulse creation.  Use this method on each indicator before
        calling create_pulse to ensure success in the create call.  If you supply invalid indicators in a create call,
        the pulse will not be created.

        :param indicator: indicator value (string)
        :param indicator_type: an IndicatorTypes object (i.e. IndicatorTypes.DOMAIN)
        :param description: a short descriptive string can be sent to the validator for length checking
        :return:
        """
        if not indicator:
            raise ValueError(
                "please supply `indicator` when calling validate_indicator")
        if not indicator_type:
            raise ValueError(
                "please supply `indicator` when calling validate_indicator")
        # if caller supplied object instance, use name field
        if isinstance(indicator_type, IndicatorTypes.IndicatorTypes):
            indicator_type = indicator_type.name
        elif indicator_type not in IndicatorTypes.to_name_list(
                IndicatorTypes.all_types):
            raise ValueError("Indicator type: {} is not a valid type.".format(
                indicator_type))
        # indicator type is valid, let's valdate against the otx api
        body = {
            'indicator': indicator,
            'type': indicator_type,
            'description': description
        }
        response = self.post(self.create_url(VALIDATE_INDICATOR), body=body)
        return response
コード例 #4
0
 def get_all_indicators(self, indicator_types=IndicatorTypes.all_types, max_page=None):
     """
     Get all the indicators contained within your pulses of the IndicatorTypes passed.
     By default returns all IndicatorTypes.
     :param indicator_types: IndicatorTypes to return
     :return: yields the indicator object for use
     """
     name_list = IndicatorTypes.to_name_list(indicator_types)
     for pulse in self.getall_iter(max_page=max_page):
         for indicator in pulse["indicators"]:
             if indicator["type"] in name_list:
                 yield indicator
コード例 #5
0
 def get_all_indicators(self, author_name=None, modified_since=None, indicator_types=IndicatorTypes.all_types, limit=20, max_page=None):
     """
     Get all the indicators contained within your pulses of the IndicatorTypes passed.
     By default returns all IndicatorTypes.
     :param indicator_types: IndicatorTypes to return
     :return: yields the indicator object for use
     """
     name_list = IndicatorTypes.to_name_list(indicator_types)
     for pulse in self.getall_iter(author_name=author_name, modified_since=modified_since, limit=limit, max_page=max_page):
         for indicator in pulse["indicators"]:
             if indicator["type"] in name_list:
                 yield indicator
コード例 #6
0
 def get_all_indicators(self, author_name=None, modified_since=None, indicator_types=IndicatorTypes.all_types, limit=20, max_page=None, max_items=None):
     """
     Get all the indicators contained within your pulses of the IndicatorTypes passed.
     By default returns all IndicatorTypes.
     :param indicator_types: IndicatorTypes to return
     :return: yields the indicator object for use
     """
     name_list = IndicatorTypes.to_name_list(indicator_types)
     for pulse in self.getall_iter(author_name=author_name, modified_since=modified_since, limit=limit, max_page=max_page, max_items=max_items):
         for indicator in pulse["indicators"]:
             if indicator["type"] in name_list:
                 yield indicator
コード例 #7
0
 def get_all_indicators(self, indicator_types=IndicatorTypes.all_types):
     """
     Get all the indicators contained within your pulses of the IndicatorTypes passed.
     By default returns all IndicatorTypes.
     :param indicator_types: IndicatorTypes to return
     :return: yields the indicator object for use
     """
     name_list = IndicatorTypes.to_name_list(indicator_types)
     for pulse in self.getall_iter():
         for indicator in pulse["indicators"]:
             if indicator["type"] in name_list:
                 yield indicator
コード例 #8
0
ファイル: OTXv2.py プロジェクト: OG-MrB/OTX-Python-SDK
 def get_all_indicators(self,
                        author_name=None,
                        modified_since=None,
                        indicator_types=IndicatorTypes.all_types,
                        limit=20,
                        max_page=None):
     name_list = IndicatorTypes.to_name_list(indicator_types)
     for pulse in self.getall_iter(author_name=author_name,
                                   modified_since=modified_since,
                                   limit=limit,
                                   max_page=max_page):
         for indicator in pulse["indicators"]:
             if indicator["type"] in name_list:
                 yield indicator
コード例 #9
0
def otx_report(type, indicator):
    ''' AlienVault Open Threat Exchange interface.
        Supported indicator types: "IPv4", "IPv6", "domain", "hostname", "URL", "FileHash-MD5", "FileHash-SHA1", "FileHash-SHA256", "CVE". '''

    if type not in IndicatorTypes.to_name_list(IndicatorTypes.supported_api_types):
        raise Exception("Indicator type %s not supported!" % type)

    def find_by_type(type):
        for indicator in IndicatorTypes.supported_api_types:
            if indicator.name == type:
                return indicator
        raise Exception("Indicator type %s not supported!" % type)

    if not len(config.OTX_APIKEY):
        return jsonify({"error": "NO API KEY"}), 200

    otx = OTXv2(config.OTX_APIKEY, server='https://otx.alienvault.com/')

    return jsonify(otx.get_indicator_details_full(find_by_type(type), indicator)), 200
コード例 #10
0
 def get_all_indicators(self, author_name=None, modified_since=None, indicator_types=IndicatorTypes.all_types, limit=20, max_page=None):
     name_list = IndicatorTypes.to_name_list(indicator_types)
     for pulse in self.getall_iter(author_name=author_name, modified_since=modified_since, limit=limit, max_page=max_page):
         for indicator in pulse["indicators"]:
             if indicator["type"] in name_list:
                 yield indicator