The Upgraded AlienVault OTX API & Ways to Score Swag!

August 17, 2017 | Chris Doman
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

We've made a number of improvements to the depth of data in OTX recently, which are now available via the free API tool.

Some of the API functions now include:

  • Malware anti-virus and sandbox reports (example)
  • A Whois API, including reverse whois and reverse SSL (example)
  • View IP addresses that our telemetry indicates a specific network signature has fired on  
  • The HTTP contents of a domain or URL (example), as well as finding all pages that link to it (example)
  • Passive DNS history (example)
  • Find malware samples that talk to a domain or ip (example)
  • Retrieve malware samples by anti-virus detection (example)
  • Lists of malicious URLs on domains (example)
  • Download all indicators from users that you subscribe to (example)
  • Find pulses based on the adversary, industry or keywords that interest you (example)

Most of these API requests will work without authentication. However it's worth using an API key, as it allows 10,000 requests per hour rather than just 1,000 requests per hour. Exceeding 10,000 requests per hour is normally fine so long as you let us know in advance. You can also use the API key to choose to only get data from users you have said you trust.

You can get an API key by creating a free account here.  

The SDK deals with authentication for you, or you can simply add it as a parameter in any requests: curl https://otx.alienvault.com:443/otxapi/indicator/nids/2003068/ip_list -H "X-OTX-API-KEY: e989..."

What could you build?

This depth of data could be used for countless things, but here are a couple of examples the API could used for:

Actor Tracking

Let’s say you want to get daily updates on an attacker that has targeted your sector before.

With the new API, you will get a daily email on name servers they use, domain registration emails they use, and servers that have fired network alerts for their malware.

Malicious File Alerting

Another common task is when you want to know if files that pass your network or mail gateway (either at the MX or Inbox) are malicious. You can easily extract these files, then check them against OTX to see if they are malicious.

Examples

Our Python SDK page includes some simple examples of using the API, such as:

For more complex examples, check out our API example page that our awesome API users made.

Some example uses of the AlienVault API

Use the API, bag some swag

As if all this data available at no-cost wasn't enough, we're also keen to promote anyone who has a project that uses the OTX API on Github or similar.

Send an email to [email protected] with a link to your project that uses the API on Github or similar and we'll add you to the list of API users. Make sure you send us a link to your github page with a script using the API.

And if you're willing to share your postal address we will send you some AlienVault-branded swag like these fine items:

Example Swag

Chris Doman

About the Author: Chris Doman, AlienVault
I've had a long interest in security, but joined the industry after winning the civilian section of the Department of Defense's forensics competition. I run a popular threat intelligence portal (ThreatCrowd.org) in my spare time, and hold a CCHIA (Certified Host Intrusion Analyst) from CREST and a degree in Computer Science from the University of Cambridge.
Read more posts from Chris Doman ›

TAGS: otx, otx api

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL