We've made a number of improvements to the depth of data in OTX recently, which are now available via the free API tool.
Some of the API functions now include:
- Malware anti-virus and sandbox reports (example)
- A Whois API, including reverse whois and reverse SSL (example)
- View IP addresses that our telemetry indicates a specific network signature has fired on (example)
- The HTTP contents of a domain or URL (example), as well as finding all pages that link to it (example)
- Passive DNS history (example)
- Find malware samples that talk to a domain or ip (example)
- Retrieve malware samples by anti-virus detection (example)
- Lists of malicious URLs on domains (example)
- Download all indicators from users that you subscribe to (example)
- Find pulses based on the adversary, industry or keywords that interest you (example)
What could you build?
This depth of data could be used for countless things, but here are a couple of examples the API could used for:
Actor Tracking
Let’s say you want to get daily updates on an attacker that has targeted your sector before.
With the new API, you will get a daily email on name servers they use, domain registration emails they use, and servers that have fired network alerts for their malware.
Malicious File Alerting
Another common task is when you want to know if files that pass your network or mail gateway (either at the MX or Inbox) are malicious. You can easily extract these files, then check them against OTX to see if they are malicious.
Examples
Our Python SDK page includes some simple examples of using the API, such as:
- Storing a feed of malicious indicators on OTX
- Telling if a Domain, IP, File hash or URL is malicious
- Get all the data we have for an indicator
For more complex examples, check out our API example page that our awesome API users made.
Some example uses of the AlienVault API
Use the API, bag some swag
As if all this data available at no-cost wasn't enough, we're also keen to promote anyone who uses the API.
Drop us a line with a link to your project and we'll add you to the list of API users.
And if you're willing to share your postal address we will send you some AlienVault-branded swag like these fine items:
Example Swag
Article Link: http://feeds.feedblitz.com/~/437689044/0/alienvault-blogs~The-Upgraded-AlienVault-OTX-API-amp-Ways-to-Score-Swag