### Install OTX Python SDK from Source Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/README.md Clones the repository and installs the OTX Python SDK locally. ```bash git clone https://github.com/AlienVault-Labs/OTX-Python-SDK.git cd OTX-Python-SDK pip install . ``` -------------------------------- ### Complete OTXv2 Python SDK Usage Example Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2.md This snippet shows how to initialize the OTXv2 client, fetch recent pulses, search for specific threats, retrieve indicators from a pulse, create a new pulse with indicators, and get full details for an indicator. Ensure you replace 'your-api-key-here' with your actual OTX API key. ```python from OTXv2 import OTXv2 import IndicatorTypes import datetime # Initialize client otx = OTXv2("your-api-key-here") # Get recent pulses recent_pulses = otx.getsince( datetime.datetime.now() - datetime.timedelta(days=7), limit=100 ) # Search for specific threat results = otx.search_pulses("Dridex") for pulse in results['results']: print(f"Pulse: {pulse['name']}") # Get indicators from a pulse pulse_id = "5a7e5c2f1234567890abcdef" indicators = otx.get_pulse_indicators(pulse_id) for indicator in indicators: print(f"{indicator['indicator']} ({indicator['type']})") # Create a new pulse with indicators new_pulse = otx.create_pulse( name="My Malware IOCs", public=False, description="Custom IOCs I've identified", tlp="amber", indicators=[ {'indicator': '192.168.1.1', 'type': 'IPv4'}, {'indicator': 'malware.example.com', 'type': 'domain'} ] ) # Get detailed information about an indicator details = otx.get_indicator_details_full( IndicatorTypes.IPv4, "192.168.1.1" ) print(f"IP Reputation: {details.get('reputation')}") ``` -------------------------------- ### Basic OTXv2 Client Setup Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Demonstrates the basic setup of the OTXv2 client using an API key retrieved from an environment variable. Ensure the OTX_API_KEY environment variable is set before running. ```python from OTXv2 import OTXv2 import os # Get API key from environment variable api_key = os.getenv('OTX_API_KEY') if not api_key: raise ValueError("OTX_API_KEY environment variable not set") otx = OTXv2(api_key) # Use client pulses = otx.getall() ``` -------------------------------- ### Basic OTXv2 Client Setup Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/INDEX.md Initialize the OTXv2 client with your API key for basic usage. ```python otx = OTXv2("your-api-key") ``` -------------------------------- ### Install OTX Python SDK using pip Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/README.md Installs the OTX Python SDK directly from the Python Package Index. ```bash pip install OTXv2 ``` -------------------------------- ### Example Request Headers Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Shows an example of the headers that are sent with OTX API requests, including authentication, user agent, and content type. ```text X-OTX-API-KEY: abc123... User-Agent: OTX Python SDK/1.5.12 Content-Type: application/json ``` -------------------------------- ### Example: Saving Fetch Timestamp Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2Cached.md Demonstrates how to manually set the last_subscription_fetch attribute and then save the updated metadata. ```python otx.last_subscription_fetch = datetime.datetime.now() otx.save_data() ``` -------------------------------- ### OTXv2 Client Setup with Proxy Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/INDEX.md Configure the OTXv2 client to use an HTTP proxy for network requests. ```python otx = OTXv2("api_key", proxy="http://proxy:8080") ``` -------------------------------- ### GET /pulses/subscribed Request Example Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md This snippet shows the structure of a GET request to retrieve pulses the user is subscribed to, including optional query parameters for filtering and pagination. ```http GET /api/v1/pulses/subscribed?limit=50&page=1[&modified_since=2024-01-01T00:00:00][&author_name=AlienVault] ``` -------------------------------- ### Quick Start: OTX Python SDK Usage Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/README.md Demonstrates basic usage of the OTX Python SDK for initializing the client, retrieving pulses, searching for indicators, and creating a new pulse. ```python from OTXv2 import OTXv2 import IndicatorTypes # Initialize client otx = OTXv2("your-api-key") # Get subscribed pulses pulses = otx.getall(limit=50) # Search for pulses results = otx.search_pulses("Dridex") # Get indicator details details = otx.get_indicator_details_full( IndicatorTypes.IPv4, "192.168.1.1" ) # Create a pulse pulse = otx.create_pulse( name="My Threat IOCs", public=False, indicators=[ {'indicator': '10.0.0.1', 'type': 'IPv4'}, {'indicator': 'malware.com', 'type': 'domain'} ] ) ``` -------------------------------- ### OTXv2 Client Setup with Client Certificate (mTLS) Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/INDEX.md Initialize the OTXv2 client using a client certificate and key for mutual TLS authentication. ```python otx = OTXv2("api_key", cert=('/path/to/cert.crt', '/path/to/key.key')) ``` -------------------------------- ### Complete OTXv2Cached Usage Example Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2Cached.md This snippet demonstrates initializing the OTXv2Cached client with a specified cache directory and maximum age, performing an initial cache sync, querying recent pulses, iterating through pulses by author, and setting up a periodic update loop. ```python from OTXv2 import OTXv2Cached import datetime import time # Initialize cached client otx = OTXv2Cached( "your-api-key", cache_dir="/var/lib/otx_cache", max_age=datetime.timedelta(days=30) ) # Initial sync print("Performing initial cache sync...") otx.initial_fetch() otx.update() # Query cache print(f"Total cached pulses: {len(otx.getall())}") # Get recent pulses recent = otx.getsince( datetime.datetime.now() - datetime.timedelta(days=7) ) print(f"Recent pulses: {len(recent)}") # Process specific author's pulses for pulse in otx.getall_iter(author_name="AlienVault"): print(f"Processing: {pulse['name']}") for indicator in pulse.get('indicators', []): print(f" - {indicator['indicator']}") # Periodic sync loop while True: print("Syncing cache...") otx.update() # Get newly added pulses all_pulses = otx.getall() print(f"Total pulses in cache: {len(all_pulses)}") # Wait before next sync time.sleep(3600) # Sync every hour ``` -------------------------------- ### Execute GET Request to OTX API Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2.md Internal method to execute a GET request to the OTX API. Use this for fetching data. ```python get(url, **kwargs) -> dict ``` -------------------------------- ### OTXv2 Client Setup with Proxy Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Configures the OTXv2 client to use HTTP and HTTPS proxies. Replace 'http://proxy.example.com:8080' with your actual proxy details. ```python from OTXv2 import OTXv2 otx = OTXv2( api_key="your-api-key", proxy="http://proxy.example.com:8080", proxy_https="https://proxy.example.com:8080" ) ``` -------------------------------- ### OTXv2 Client Setup with Custom User-Agent Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Configures the OTXv2 client with a custom project name and user-agent string. The 'project' parameter is used to form a default user-agent, while 'user_agent' allows for a completely custom string. ```python from OTXv2 import OTXv2 otx = OTXv2( api_key="your-api-key", project="MySecurityApp", # Used as: "OTX Python MySecurityApp/1.5.12" user_agent="MyApp/2.0 (Linux; Python 3.9)" # Overrides project-based UA ) ``` -------------------------------- ### OTXv2 Client Setup for Custom Server Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Configures the OTXv2 client to connect to a self-hosted or custom OTX server. Replace 'https://otx-internal.example.com' with the URL of your custom server. ```python from OTXv2 import OTXv2 otx = OTXv2( api_key="your-api-key", server="https://otx-internal.example.com" ) ``` -------------------------------- ### OTXv2 Client Setup with Client Certificate (mTLS) Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Shows how to configure the OTXv2 client for mutual TLS (mTLS) authentication using either separate certificate and key files or a combined PEM file. Ensure the paths to your certificate and key files are correct. ```python from OTXv2 import OTXv2 # Separate cert and key files otx = OTXv2( api_key="your-api-key", cert=("/path/to/client.crt", "/path/to/client.key") ) # Or combined PEM file otx = OTXv2( api_key="your-api-key", cert="/path/to/client.pem" ) ``` -------------------------------- ### Get OTX User Information Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2.md Retrieve detailed or basic information about an OTX user. Use 'detailed=True' for statistics. ```python user = otx.get_user("AlienVault", detailed=True) print(f"Username: {user['username']}") print(f"Pulses: {user.get('pulse_count', 0)}") ``` -------------------------------- ### Get Indicator Details with OTXv2 Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/IndicatorTypes.md Demonstrates how to retrieve full details or specific sections for various indicator types like IPv4, Domain, and File Hash using the OTXv2 client. ```python from OTXv2 import OTXv2 import IndicatorTypes otx = OTXv2("api_key") # Get details for an IPv4 address details = otx.get_indicator_details_full(IndicatorTypes.IPv4, "192.168.1.1") # Get details for a domain details = otx.get_indicator_details_full(IndicatorTypes.DOMAIN, "example.com") # Get a specific section for a file hash analysis = otx.get_indicator_details_by_section( IndicatorTypes.FILE_HASH_SHA256, "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2", section="analysis" ) # Validate indicators before adding to a pulse otx.validate_indicator(IndicatorTypes.IPv4, "192.168.1.1") otx.validate_indicator(IndicatorTypes.DOMAIN, "malware.example.com") ``` -------------------------------- ### Handle Errors Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/INDEX.md Provides examples of how to catch specific exceptions that may occur during API interactions, such as authentication errors or resource not found. ```python try: pulse = otx.get_pulse_details(pulse_id) except InvalidAPIKey: # Handle auth error except NotFound: # Handle not found ``` -------------------------------- ### OTXv2Cached Client Setup with Custom Cache Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Initializes an OTXv2Cached client with a specified cache directory and maximum age for cached pulses. The 'update()' method is called to perform the initial synchronization. ```python from OTXv2 import OTXv2Cached import datetime otx = OTXv2Cached( api_key="your-api-key", cache_dir="/var/lib/myapp/otx_cache", max_age=datetime.timedelta(days=30) # Only cache pulses from last 30 days ) # First sync downloads all recent pulses otx.update() ``` -------------------------------- ### Get Indicator Details Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/howto_use_python_otx_api.ipynb Fetch detailed information about a specific indicator, such as an IPv4 address, from OTX. Ensure you specify the correct `IndicatorTypes`. ```python from OTXv2 import IndicatorTypes indicator = pulse_details["indicators"][4]["indicator"] indicator_details = otx.get_indicator_details_full(IndicatorTypes.IPv4, indicator) ``` -------------------------------- ### OTXv2 Client Setup with SSL Verification Disabled Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Disables SSL certificate verification for the OTXv2 client. This is intended for development or testing environments only and should not be used in production due to security risks. ```python from OTXv2 import OTXv2 # WARNING: Only for development/testing otx = OTXv2( api_key="your-api-key", verify=False ) ``` -------------------------------- ### OTXv2 Class Documentation Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/MANIFEST.md Provides comprehensive documentation for the OTXv2 class, covering all public methods for Pulse retrieval and lifecycle management, indicator operations, search, user management, subscriptions, sample submission, and group management. Includes method signatures, parameters, return types, exceptions, and code examples. ```APIDOC ## OTXv2 Class Methods ### Description This section details the public methods available in the OTXv2 class for interacting with the OTX API. ### Methods - **Pulse Retrieval:** `getall`, `getsince`, `get_pulse_details` - **Pulse Lifecycle:** `create`, `edit`, `delete` - **Indicator Management:** 5 methods - **Indicator Details API:** 2 methods - **Search:** 2 methods - **User Operations:** 6 methods - **Subscriptions:** 4 methods - **Sample Submission:** 5 methods - **Group Management:** 2 methods - **Pagination/Iteration:** 2 methods - **Utility Methods:** 3 methods Each method includes its full signature, parameters table, return type, exceptions raised, and working code examples. ``` -------------------------------- ### Get Full Indicator Details from OTX Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/README.md Fetches comprehensive details about a specific indicator (e.g., domain, IP address) from OTX. Requires specifying the indicator type and value. ```python from OTXv2 import OTXv2 from OTXv2 import IndicatorTypes otx = OTXv2("API_KEY") # Get everything OTX knows about google.com otx.get_indicator_details_full(IndicatorTypes.DOMAIN, "google.com") ``` -------------------------------- ### Add Content to OTX Pulse Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/README.md Create a new OTX pulse with a specified name, indicators, and tags. This example demonstrates adding both IPv4 and Domain indicators to a public pulse. ```python from OTXv2 import OTXv2 otx = OTXv2("API_KEY") name = 'Test Pulse' indicators = [ {'indicator': '69.73.130.198', 'type': 'IPv4'}, {'indicator': 'aoldaily.com', 'type': 'Domain'} ] response = otx.create_pulse(name=name ,public=True ,indicators=indicators ,tags=[] , references=[]) print str(response) ``` -------------------------------- ### GET /pulses/{pulse_id} Request Example Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md This snippet demonstrates a GET request to retrieve detailed information for a specific pulse using its unique ID. ```http GET /api/v1/pulses/5a7e5c2f1234567890abcdef ``` -------------------------------- ### Handle NotFound Exception Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/errors.md Example of how to catch and handle the NotFound exception when requesting specific OTX resources, such as pulse details. It also shows handling a ValueError for invalid ID formats. ```python from OTXv2 import OTXv2, NotFound otx = OTXv2("api_key") try: pulse = otx.get_pulse_details("nonexistent_id_12345678901234567890ab") except NotFound: print("Pulse not found") except ValueError: print("Invalid pulse ID format") ``` -------------------------------- ### GET /pulses/{pulse_id} Response Example Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md This JSON structure represents a successful response for a specific pulse, including its metadata, indicators, and associated threat intelligence details. ```json { "id": "5a7e5c2f1234567890abcdef", "name": "Pulse Name", "description": "Detailed description", "author_name": "author", "author_id": "author_id", "public": true, "created": "2024-01-01T10:00:00.000000", "modified": "2024-01-15T14:30:00.000000", "TLP": "green", "tags": ["tag1", "tag2"], "references": ["https://example.com"], "indicators": [...], "targeted_countries": ["US", "GB"], "industries": ["Finance", "Technology"], "malware_families": ["Dridex"], "attack_ids": ["T1005"], "adversary": "Adversary Name", "revision": 5, "locked": false, "export_count": 42, "subscriber_count": 123, "group_ids": [1, 2, 3] } ``` -------------------------------- ### GET /pulses/subscribed Response Example Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md This JSON structure represents a successful response from the /pulses/subscribed endpoint, detailing the count, pagination links, and a list of subscribed pulses with their key attributes. ```json { "count": 1234, "next": "/api/v1/pulses/subscribed?limit=50&page=2", "previous": null, "results": [ { "id": "5a7e5c2f1234567890abcdef", "name": "Dridex Botnet", "description": "Threat description...", "author_name": "AlienVault", "public": true, "created": "2024-01-01T10:00:00.000000", "modified": "2024-01-15T14:30:00.000000", "TLP": "green", "tags": ["trojan", "botnet"], "references": ["https://example.com"], "indicators": [ { "id": "indicator_id_123", "indicator": "192.168.1.1", "type": "IPv4", "title": "C2 Server", "description": "Command and control server", "created": "2024-01-01T10:00:00.000000", "modified": "2024-01-15T14:30:00.000000", "is_active": 1, "expiration": null } ] } ] } ``` -------------------------------- ### Initialize OTXv2Cached with Environment Variables Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Demonstrates initializing the OTXv2Cached client by reading API key, cache directory, and server URL from environment variables. Provides default values if environment variables are not set. ```python import os from OTXv2 import OTXv2Cached otx = OTXv2Cached( api_key=os.getenv('OTX_API_KEY', 'default-key'), cache_dir=os.getenv('OTX_CACHE_DIR', os.path.expanduser('~/.otxv2_cache')), server=os.getenv('OTX_SERVER', 'https://otx.alienvault.com'), ) ``` -------------------------------- ### Initialize OTXv2 Client Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2.md Instantiate the OTXv2 client with your API key. Proxies, custom servers, and SSL certificates can also be configured during initialization. ```python from OTXv2 import OTXv2 # Basic initialization otx = OTXv2("your-api-key-here") # With proxy otx = OTXv2("your-api-key", proxy="http://proxy.example.com:8080") # With custom server otx = OTXv2("your-api-key", server="https://custom-otx.example.com") # With client certificate otx = OTXv2("your-api-key", cert=("/path/to/cert.pem", "/path/to/key.pem")) ``` -------------------------------- ### GET /pulses/{pulse_id}/delete Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Deletes a specified pulse from OTX. This operation is performed using a GET request to the dedicated delete endpoint. ```APIDOC ## GET /pulses/{pulse_id}/delete ### Description Delete a pulse. ### Method GET (Note: API uses GET for delete operation) ### Endpoint /api/v1/pulses/{pulse_id}/delete ### Response #### Success Response (200) - **id** (str) - The ID of the deleted pulse. - **deleted** (bool) - Indicates if the pulse was successfully deleted. #### Response Example ```json { "id": "5a7e5c2f1234567890abcdef", "deleted": true } ``` **Status Codes:** | Code | Meaning | |------|---------| | 200 | Deleted | | 403 | Not authorized | | 404 | Pulse not found | ``` -------------------------------- ### Initialize OTXv2 with Default SSL Verification Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Use this for standard production environments where SSL certificate validity is automatically checked. No client certificate is required. ```python otx = OTXv2(api_key) # verify=True, cert=None ``` -------------------------------- ### Initialize OTX API Client Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/howto_use_python_otx_api.ipynb Instantiate the OTXv2 client. Replace "" with your actual OTX API key obtained from your AlienVault settings page. ```python otx = OTXv2("") ``` -------------------------------- ### OTXv2 Constructor Options Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Use these options when initializing the OTXv2 client for direct API interaction. All options are passed as keyword arguments. ```python OTXv2(api_key, proxy=None, proxy_https=None, server="https://otx.alienvault.com", project="SDK", user_agent=None, verify=True, cert=None) ``` -------------------------------- ### Get Recent Events (GET /pulses/events) Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieve recent events since a specific timestamp. Requires 'since' parameter. 'limit' is optional for pagination. ```http GET /api/v1/pulses/events?since=2024-01-15T00:00:00&limit=50 ``` -------------------------------- ### Import Necessary Libraries Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/howto_use_python_otx_api.ipynb Import the core OTXv2 client, IndicatorTypes, pandas for data normalization, and datetime for potential date manipulations. ```python from OTXv2 import OTXv2, IndicatorTypes ``` ```python from pandas.io.json import json_normalize ``` ```python from datetime import datetime, timedelta ``` -------------------------------- ### Get Status of Submitted Files Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieves the analysis status for files that have been previously submitted. ```APIDOC ## GET /indicators/submitted_files ### Description Get status of submitted files. ### Method POST ### Endpoint /api/v1/indicators/submitted_files ### Parameters #### Request Body - **hashes** (array of strings) - Required - A list of file hashes for which to retrieve status. - **limit** (int) - Optional - The maximum number of results to return per page. - **page** (int) - Optional - The page number for pagination. ### Request Example ``` POST /api/v1/indicators/submitted_files Content-Type: application/json { "hashes": ["hash1", "hash2"], "limit": 100, "page": 1 } ``` ``` -------------------------------- ### Get User Profile Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieve detailed profile information for a specific OTX user. ```APIDOC ## GET /users/{username} ### Description Get user profile information. ### Method GET ### Endpoint /api/v1/users/{username} ### Parameters #### Path Parameters - **username** (str) - Required - OTX username #### Query Parameters - **detailed** (int) - Optional - Include detailed stats (0 or 1) ### Response #### Success Response (200) - **id** (str) - User's unique identifier. - **username** (str) - User's username. - **avatar_url** (str) - URL to the user's avatar. - **bio** (str) - User's biography. - **follower_count** (int) - Number of followers. - **following_count** (int) - Number of users the user is following. - **pulse_count** (int) - Number of pulses created by the user. - **is_verified** (bool) - Indicates if the user account is verified. - **is_followed** (bool) - Indicates if the current user is following this user. - **is_following** (bool) - Indicates if the current user is being followed by this user. #### Response Example ```json { "id": "user_id", "username": "AlienVault", "avatar_url": "...", "bio": "...", "follower_count": 10000, "following_count": 500, "pulse_count": 1234, "is_verified": true, "is_followed": false, "is_following": false } ``` ``` -------------------------------- ### Get My Pulses Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieve all pulses created by the currently authenticated user. Supports filtering by limit. ```APIDOC ## GET /pulses/my ### Description Get pulses created by authenticated user. ### Method GET ### Endpoint /api/v1/pulses/my ### Parameters #### Query Parameters - **limit** (int) - Optional - Maximum number of pulses to return (default 50). ``` -------------------------------- ### GET /pulses/{pulse_id} Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieves detailed information about a specific pulse using its unique ID. ```APIDOC ## GET /pulses/{pulse_id} ### Description Retrieve detailed information about a specific pulse using its unique ID. ### Method GET ### Endpoint /api/v1/pulses/{pulse_id} ### Parameters #### Path Parameters - **pulse_id** (str) - Yes - 24-character hex pulse ID ### Response #### Success Response (200) - **id** (string) - The unique identifier for the pulse. - **name** (string) - The name of the pulse. - **description** (string) - A detailed description of the pulse. - **author_name** (string) - The username of the pulse author. - **author_id** (string) - The ID of the pulse author. - **public** (boolean) - Indicates if the pulse is public. - **created** (string) - The creation timestamp of the pulse. - **modified** (string) - The last modification timestamp of the pulse. - **TLP** (string) - The Traffic Light Protocol (TLP) setting. - **tags** (array) - An array of tags associated with the pulse. - **references** (array) - An array of URLs for references. - **indicators** (array) - An array of indicator objects associated with the pulse. - **targeted_countries** (array) - An array of targeted countries. - **industries** (array) - An array of targeted industries. - **malware_families** (array) - An array of malware families associated with the pulse. - **attack_ids** (array) - An array of MITRE ATT&CK IDs. - **adversary** (string) - The name of the adversary. - **revision** (integer) - The revision number of the pulse. - **locked** (boolean) - Indicates if the pulse is locked. - **export_count** (integer) - The number of times the pulse has been exported. - **subscriber_count** (integer) - The number of subscribers to the pulse. - **group_ids** (array) - An array of group IDs associated with the pulse. ### Response Example ```json { "id": "5a7e5c2f1234567890abcdef", "name": "Pulse Name", "description": "Detailed description", "author_name": "author", "author_id": "author_id", "public": true, "created": "2024-01-01T10:00:00.000000", "modified": "2024-01-15T14:30:00.000000", "TLP": "green", "tags": ["tag1", "tag2"], "references": ["https://example.com"], "indicators": [...], "targeted_countries": ["US", "GB"], "industries": ["Finance", "Technology"], "malware_families": ["Dridex"], "attack_ids": ["T1005"], "adversary": "Adversary Name", "revision": 5, "locked": false, "export_count": 42, "subscriber_count": 123, "group_ids": [1, 2, 3] } ``` ### Status Codes - **200** - Success - **403** - Invalid API key - **404** - Pulse not found - **400** - Invalid pulse_id format ``` -------------------------------- ### OTXv2 Constructor Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2.md Initializes an OTX API client with the provided API key and optional configuration parameters. ```APIDOC ## OTXv2 Constructor ### Description Initializes an OTX API client. ### Signature `OTXv2(api_key, proxy=None, proxy_https=None, server="https://otx.alienvault.com", project="SDK", user_agent=None, verify=True, cert=None)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters Table | Parameter | Type | Default | Required | Description | |-----------|------|---------|----------|-------------| | api_key | str | — | Yes | AlienVault OTX API key for authentication | | proxy | str | None | No | HTTP proxy URL (e.g., `http://proxy.example.com:8080`) | | proxy_https | str | None | No | HTTPS proxy URL | | server | str | `https://otx.alienvault.com` | No | OTX server base URL | | project | str | `SDK` | No | Project name for User-Agent header | | user_agent | str | None | No | Custom User-Agent header; defaults to `OTX Python {project}/1.5.12` | | verify | bool | True | No | Verify SSL certificates | | cert | str or tuple | None | No | Client certificate path or (cert, key) tuple | ### Returns `OTXv2` instance ### Raises - `InvalidAPIKey` — if the provided API key is invalid (raised on first API call, not during initialization) ### Example ```python from OTXv2 import OTXv2 # Basic initialization otx = OTXv2("your-api-key-here") # With proxy otx = OTXv2("your-api-key", proxy="http://proxy.example.com:8080") # With custom server otx = OTXv2("your-api-key", server="https://custom-otx.example.com") # With client certificate otx = OTXv2("your-api-key", cert=("/path/to/cert.pem", "/path/to/key.pem")) ``` ``` -------------------------------- ### OTXv2 Client Initialization Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/README.md Initialize the main OTXv2 client with your API key. This client is used for all direct interactions with the OTX API. ```APIDOC ## OTXv2 Client Initialization ### Description Initializes the primary API client for interacting with the OTX API. Requires an OTX API key. ### Method `OTXv2(api_key: str, timeout: int = 30, retries: int = 5)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```python from OTXv2 import OTXv2 otx = OTXv2("your-api-key") ``` ### Response #### Success Response (200) An initialized OTXv2 client object. #### Response Example None ``` -------------------------------- ### Get User Pulses Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieve all pulses created by a specific user. Supports filtering by limit and a search query. ```APIDOC ## GET /pulses/user/{username} ### Description Get all pulses created by a user. ### Method GET ### Endpoint /api/v1/pulses/user/{username} ### Parameters #### Path Parameters - **username** (str) - Required - The username of the user whose pulses to retrieve. #### Query Parameters - **limit** (int) - Optional - Maximum number of pulses to return (default 50). - **q** (str) - Optional - Search query to filter pulses by keyword. ### Response #### Success Response (200) - **count** (int) - The total number of pulses found for the user. - **results** (list) - A list of pulse objects created by the user. ``` -------------------------------- ### Complete OTXv2Cached Client Configuration Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/INDEX.md Set up a cached OTXv2 client with a custom cache directory and maximum cache age. ```python otx = OTXv2Cached("api_key", cache_dir="/var/cache/otx", max_age=timedelta(days=30)) ``` -------------------------------- ### GET /pulses/subscribed Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieves all pulses the user is subscribed to. Supports filtering by modification date and author name, with pagination options. ```APIDOC ## GET /pulses/subscribed ### Description Retrieve all pulses the user is subscribed to. Supports filtering by modification date and author name, with pagination options. ### Method GET ### Endpoint /api/v1/pulses/subscribed ### Parameters #### Query Parameters - **limit** (int) - Optional - Page size (default 50) - **page** (int) - Optional - Page number (default 1) - **modified_since** (ISO 8601) - Optional - Filter by modification date - **author_name** (str) - Optional - Filter by author username ### Response #### Success Response (200) - **count** (int) - The total number of pulses. - **next** (string) - URL for the next page of results. - **previous** (null) - URL for the previous page of results. - **results** (array) - An array of pulse objects. - **id** (string) - The unique identifier for the pulse. - **name** (string) - The name of the pulse. - **description** (string) - A description of the threat. - **author_name** (string) - The username of the pulse author. - **public** (boolean) - Indicates if the pulse is public. - **created** (string) - The creation timestamp of the pulse. - **modified** (string) - The last modification timestamp of the pulse. - **TLP** (string) - The Traffic Light Protocol (TLP) setting. - **tags** (array) - An array of tags associated with the pulse. - **references** (array) - An array of URLs for references. - **indicators** (array) - An array of indicator objects associated with the pulse. - **id** (string) - The unique identifier for the indicator. - **indicator** (string) - The indicator value. - **type** (string) - The type of the indicator (e.g., IPv4). - **title** (string) - A title for the indicator. - **description** (string) - A description of the indicator. - **created** (string) - The creation timestamp of the indicator. - **modified** (string) - The last modification timestamp of the indicator. - **is_active** (integer) - Indicates if the indicator is active. - **expiration** (null) - The expiration timestamp of the indicator. ### Response Example ```json { "count": 1234, "next": "/api/v1/pulses/subscribed?limit=50&page=2", "previous": null, "results": [ { "id": "5a7e5c2f1234567890abcdef", "name": "Dridex Botnet", "description": "Threat description...", "author_name": "AlienVault", "public": true, "created": "2024-01-01T10:00:00.000000", "modified": "2024-01-15T14:30:00.000000", "TLP": "green", "tags": ["trojan", "botnet"], "references": ["https://example.com"], "indicators": [ { "id": "indicator_id_123", "indicator": "192.168.1.1", "type": "IPv4", "title": "C2 Server", "description": "Command and control server", "created": "2024-01-01T10:00:00.000000", "modified": "2024-01-15T14:30:00.000000", "is_active": 1, "expiration": null } ] } ] } ``` ### Status Codes - **200** - Success - **403** - Invalid API key - **429** - Rate limited ``` -------------------------------- ### getsince Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/README.md Retrieves threat intelligence pulses created since a specified date and time. Useful for getting recent updates. ```APIDOC ## getsince ### Description Fetches pulses created after a specified timestamp. This is useful for retrieving recent threat intelligence. ### Method `getsince(since: datetime.datetime)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```python import datetime recent = otx.getsince( datetime.datetime.now() - datetime.timedelta(days=30) ) ``` ### Response #### Success Response (200) A list of pulse dictionaries, each containing threat intelligence data. #### Response Example ```json [ { "name": "Example Pulse", "author_name": "Example Author", "indicators": [ { "indicator": "1.1.1.1", "type": "IPv4" } ] } ] ``` ``` -------------------------------- ### Get User Profile Information Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieve detailed information about a specific OTX user by their username. You can optionally include detailed statistics. ```http GET /api/v1/users/AlienVault?detailed=1 ``` -------------------------------- ### GET /pulses/{pulse_id}/indicators Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Retrieves all indicators associated with a specific pulse ID. Supports pagination and filtering for inactive indicators. ```APIDOC ## GET /pulses/{pulse_id}/indicators ### Description Get all indicators in a pulse. This endpoint allows you to fetch a list of indicators belonging to a specific pulse, with options to control the number of results and whether to include inactive indicators. ### Method GET ### Endpoint /api/v1/pulses/{pulse_id}/indicators ### Parameters #### Query Parameters - **limit** (int) - Optional - Results per page (default 1000) - **include_inactive** (int) - Optional - Include inactive indicators (0 or 1) ### Response #### Success Response (200) - **count** (int) - The total number of indicators found. - **next** (string) - URL for the next page of results, or null if none. - **previous** (string) - URL for the previous page of results, or null if none. - **results** (array) - A list of indicator objects. - **id** (string) - The unique identifier for the indicator. - **indicator** (string) - The indicator value (e.g., IP address, domain). - **type** (string) - The type of the indicator (e.g., IPv4, domain). - **title** (string) - A title or alias for the indicator. - **description** (string) - A description of the indicator. - **created** (string) - Timestamp when the indicator was created. - **modified** (string) - Timestamp when the indicator was last modified. - **is_active** (int) - Indicates if the indicator is active (1) or inactive (0). - **expiration** (string) - Expiration date of the indicator, or null. ### Response Example ```json { "count": 42, "next": null, "previous": null, "results": [ { "id": "indicator_id_1", "indicator": "192.168.1.1", "type": "IPv4", "title": "C2 Server", "description": "Command and control", "created": "2024-01-01T10:00:00.000000", "modified": "2024-01-01T10:00:00.000000", "is_active": 1, "expiration": null } ] } ``` ``` -------------------------------- ### OTXv2 Configuration Schema Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Defines the parameters for initializing the OTXv2 client. Requires an API key and allows optional configuration for proxies, server, user agent, and certificates. ```python { 'api_key': str, # Required 'proxy': str | None = None, 'proxy_https': str | None = None, 'server': str = 'https://otx.alienvault.com', 'project': str = 'SDK', 'user_agent': str | None = None, 'verify': bool = True, 'cert': str | tuple | None = None, } ``` -------------------------------- ### Get All Cached Pulses as Generator Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2Cached.md Retrieves all cached pulses specifically as a generator, which is memory-efficient for large datasets. Supports filtering by author. ```python for pulse in otx.getall_iter(author_name="AlienVault"): print(f"Pulse: {pulse['name']}") ``` -------------------------------- ### OTXv2Cached Constructor Options Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Initialize the OTXv2Cached client with these options for API interaction with local caching. Includes all OTXv2 options plus cache-specific parameters. ```python OTXv2Cached(api_key, cache_dir=None, max_age=None, proxy=None, proxy_https=None, server="https://otx.alienvault.com", project="SDK", user_agent=None, verify=True, cert=None) ``` -------------------------------- ### Get Pulse Indicators Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/api-reference/OTXv2.md Fetches all indicators associated with a specific pulse ID. This is useful for examining the details of a particular threat intelligence report. ```APIDOC ## get_pulse_indicators ### Description Fetches all indicators associated with a specific pulse ID. ### Method GET ### Endpoint /api/v1/pulses/{id}/indicators ### Parameters #### Path Parameters - **id** (string) - Required - The ID of the pulse. ``` -------------------------------- ### Complete OTXv2Cached Client Configuration Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Demonstrates a comprehensive configuration for the OTXv2Cached client, including caching options, network settings (proxy), server details, TLS verification, and HTTP headers (project, user_agent). ```python from OTXv2 import OTXv2Cached import datetime otx = OTXv2Cached( api_key="your-api-key", # Caching options cache_dir="/data/otx_cache", max_age=datetime.timedelta(days=90), # Network options proxy="http://corp-proxy:8080", proxy_https="https://corp-proxy:8080", # Server options server="https://otx.example.com", # TLS options verify=True, cert=("/etc/ssl/certs/client.crt", "/etc/ssl/private/client.key"), # HTTP options project="SecurityMonitor", user_agent="SecurityMonitor/1.0 Corporate Edition" ) ``` -------------------------------- ### OTXv2Cached Configuration Schema Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/configuration.md Defines the parameters for initializing the OTXv2Cached client. Includes all OTXv2 parameters plus options for cache directory and maximum cache age. ```python { 'api_key': str, # Required 'cache_dir': str | None = None, # Defaults to ~/.otxv2_cache 'max_age': timedelta | None = None, 'proxy': str | None = None, 'proxy_https': str | None = None, 'server': str = 'https://otx.alienvault.com', 'project': str = 'SDK', 'user_agent': str | None = None, 'verify': bool = True, 'cert': str | tuple | None = None, } ``` -------------------------------- ### Remove Pulse from Group Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Removes a specified pulse from a given group. This operation is accessible via an SDK method and an HTTP GET request. ```APIDOC ## GET /groups/{group_id}/remove_pulse ### Description Removes a specified pulse from a given group. ### Method GET ### Endpoint /groups/{group_id}/remove_pulse ### Parameters #### Path Parameters - **group_id** (string) - Required - The ID of the group from which the pulse will be removed. ### Request Example (No request body or query parameters explicitly documented for this GET request) ### Response #### Success Response (200) (Success response details not explicitly documented in the source) #### Response Example (No success response example provided in the source) ``` -------------------------------- ### Configuration Reference Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/README.md Documents the configuration options available for the OTX Python SDK, including constructor parameters, environment variables, and HTTP/SSL settings. ```APIDOC ## Configuration ### Description This document details the various configuration options available for the OTX Python SDK, allowing users to customize its behavior. ### Options - **OTXv2 constructor parameters**: Configuration options specific to the `OTXv2` client. - **OTXv2Cached constructor parameters**: Configuration options specific to the `OTXv2Cached` client. - **Environment variables**: SDK behavior can be influenced by specific environment variables. - **HTTP configuration**: Settings related to HTTP requests, including retries and custom headers. - **SSL/TLS configuration**: Options for configuring SSL/TLS connections. - **Logging setup**: Guidance on configuring logging for the SDK. - **Rate limiting information**: Details on API rate limits and how the SDK handles them. - **Complete configuration examples**: Provides practical examples of SDK configuration. ``` -------------------------------- ### Add Pulse to Group Source: https://github.com/alienvault-otx/otx-python-sdk/blob/master/_autodocs/endpoints.md Adds a specified pulse to a given group. This operation is accessible via an SDK method and an HTTP GET request. ```APIDOC ## GET /groups/{group_id}/add_pulse ### Description Adds a specified pulse to a given group. ### Method GET ### Endpoint /groups/{group_id}/add_pulse ### Parameters #### Path Parameters - **group_id** (string) - Required - The ID of the group to which the pulse will be added. ### Request Example (No request body or query parameters explicitly documented for this GET request) ### Response #### Success Response (200) (Success response details not explicitly documented in the source) #### Response Example (No success response example provided in the source) ```