AlienVault Open Threat Exchange

the alienvault open threat exchange connector integrates with swimlane to allow retrieving data about domains, hashes, ips, pulse indicators, and urls prerequisites in order to use this connector, you will need an alienvault otx api key in order to acquire an otx api key, you will need to register an account at https //otx alienvault com/ https //otx alienvault com/ you should be able to to find your otx key under your account settings after signing up capabilities the alienvault open threat exchange connector has the following capabilities get domain get hash get ip get pulse indicators get url configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x otx api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get domain indicators get domain indicators endpoint url api/v1/indicators/domain/{{domain}}/{{section}} method get input argument name type required description domain string required parameter for get domain indicators section string required parameter for get domain indicators output parameter type description status code number http status code of the response reason string response reason phrase sections array output field sections whois string output field whois alexa string output field alexa indicator string output field indicator type string type of the resource type title string type of the resource validation array unique identifier file name string name of the resource file string output field file base indicator object output field base indicator pulse info object output field pulse info count number count value pulses array output field pulses file name string name of the resource file string output field file references array output field references file name string name of the resource file string output field file related object output field related alienvault object output field alienvault adversary array output field adversary file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "268", "connection" "keep alive", "date" "fri, 06 jan 2023 00 27 24 gmt", "server" "gunicorn", "cache control" "max age=0", "x frame options" "sameorigin", "x remote user name" "swimlane dev", "x otx active" "1", "content encoding" "gzip", "access control allow origin" " ", "vary" "accept encoding", "x cache" "miss from cloudfront", "via" "1 1 e074760d97af50b62db843a4057448cc cloudfront net (cloudfront)", "x amz cf pop" "for50 p3" }, "reason" "ok", "json body" { "sections" \[], "whois" "http //whois domaintools com/swimlane com", "alexa" "http //www alexa com/siteinfo/swimlane com", "indicator" "swimlane com", "type" "domain", "type title" "domain", "validation" \[], "base indicator" {}, "pulse info" {}, "false positive" \[] } } ] get file hash indicators get file hash indicators endpoint url api/v1/indicators/file/{{file hash}}/{{section}} method get input argument name type required description file hash string required parameter for get file hash indicators section string required parameter for get file hash indicators output parameter type description status code number http status code of the response reason string response reason phrase sections array output field sections type string type of the resource type title string type of the resource indicator string output field indicator validation array unique identifier file name string name of the resource file string output field file base indicator object output field base indicator id number unique identifier indicator string output field indicator type string type of the resource title string output field title description string output field description content string response content access type string type of the resource access reason string response reason phrase pulse info object output field pulse info count number count value pulses array output field pulses file name string name of the resource file string output field file references array output field references file name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "323", "connection" "keep alive", "date" "mon, 09 jan 2023 23 40 19 gmt", "server" "gunicorn", "cache control" "max age=0", "x frame options" "sameorigin", "x remote user name" "swimlane dev", "x otx active" "1", "content encoding" "gzip", "access control allow origin" " ", "vary" "accept encoding", "x cache" "miss from cloudfront", "via" "1 1 021fce58f4d2d5cc960cb6a0e0c04fc0 cloudfront net (cloudfront)", "x amz cf pop" "for50 p3" }, "reason" "ok", "json body" { "sections" \[], "type" "sha1", "type title" "filehash sha1", "indicator" "6c5360d41bd2b14b1565f5b18e5c203cf512e493", "validation" \[], "base indicator" {}, "pulse info" {}, "false positive" \[] } } ] get ipv4 indicators get ipv4 indicators endpoint url api/v1/indicators/ipv4/{{ip}}/{{section}} method get input argument name type required description ip string required parameter for get ipv4 indicators section string required parameter for get ipv4 indicators output parameter type description status code number http status code of the response reason string response reason phrase whois string output field whois reputation number output field reputation indicator string output field indicator type string type of the resource type title string type of the resource base indicator object output field base indicator id number unique identifier indicator string output field indicator type string type of the resource title string output field title description string output field description content string response content access type string type of the resource access reason string response reason phrase pulse info object output field pulse info count number count value pulses array output field pulses file name string name of the resource file string output field file references array output field references file name string name of the resource file string output field file related object output field related example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "646", "connection" "keep alive", "date" "mon, 09 jan 2023 23 41 34 gmt", "server" "gunicorn", "cache control" "max age=0", "x frame options" "sameorigin", "x remote user name" "swimlane dev", "x otx active" "1", "content encoding" "gzip", "access control allow origin" " ", "vary" "accept encoding", "x cache" "miss from cloudfront", "via" "1 1 804a8375579a9f838ab10ed130908180 cloudfront net (cloudfront)", "x amz cf pop" "for50 p3" }, "reason" "ok", "json body" { "whois" "http //whois domaintools com/8 8 8 8", "reputation" 0, "indicator" "8 8 8 8", "type" "ipv4", "type title" "ipv4", "base indicator" {}, "pulse info" {}, "false positive" \[], "validation" \[], "asn" "as15169 google llc", "city data" true, "city" null, "region" null, "continent code" "na", "country code3" "usa" } } ] get ipv6 indicators get ipv6 indicators endpoint url api/v1/indicators/ipv6/{{ip}}/{{section}} method get input argument name type required description ip string required parameter for get ipv6 indicators section string required parameter for get ipv6 indicators output parameter type description status code number http status code of the response reason string response reason phrase whois string output field whois reputation number output field reputation indicator string output field indicator type string type of the resource type title string type of the resource base indicator object output field base indicator pulse info object output field pulse info count number count value pulses array output field pulses file name string name of the resource file string output field file references array output field references file name string name of the resource file string output field file related object output field related alienvault object output field alienvault adversary array output field adversary file name string name of the resource file string output field file malware families array output field malware families file name string name of the resource file string output field file industries array output field industries example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "458", "connection" "keep alive", "date" "mon, 09 jan 2023 23 42 33 gmt", "server" "gunicorn", "cache control" "max age=0", "x frame options" "sameorigin", "x remote user name" "swimlane dev", "x otx active" "1", "content encoding" "gzip", "access control allow origin" " ", "vary" "accept encoding", "x cache" "miss from cloudfront", "via" "1 1 e074760d97af50b62db843a4057448cc cloudfront net (cloudfront)", "x amz cf pop" "for50 p3" }, "reason" "ok", "json body" { "whois" "http //whois domaintools com/0 0 0 0 0\ ffff 808 808", "reputation" 0, "indicator" "0 0 0 0 0\ ffff 808 808", "type" "ipv6", "type title" "ipv6", "base indicator" {}, "pulse info" {}, "false positive" \[], "validation" \[], "city data" true, "city" null, "region" null, "continent code" "na", "country code3" "usa", "country code2" "us" } } ] get pulse indicators get pulse indicators endpoint url api/v1/pulses/{{pulse id}}/indicators method get input argument name type required description pulse id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation pulse key string output field pulse key id number unique identifier indicator string output field indicator type string type of the resource created string output field created content string response content title string output field title description string output field description expiration object output field expiration is active number output field is active false positive object output field false positive assessment object output field assessment assessment date object date value report date object date value slug string output field slug count number count value previous object output field previous next object output field next example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "633", "connection" "keep alive", "date" "fri, 06 jan 2023 00 23 30 gmt", "server" "gunicorn", "content encoding" "gzip", "x frame options" "sameorigin", "x remote user name" "swimlane dev", "x otx active" "1", "access control allow origin" " ", "vary" "accept encoding", "x cache" "miss from cloudfront", "via" "1 1 3cf6fe633fae664d54600fda39cf3e78 cloudfront net (cloudfront)", "x amz cf pop" "for50 p3", "x amz cf id" "89jvx2eyjrrvhrjds1c1atbtrmwazduxzlnlekicqcq3 ucy8zeybw==" }, "reason" "ok", "json body" { "results" \[], "count" 13, "previous" null, "next" null } } ] get url indicators get url indicators endpoint url api/v1/indicators/url/{{url}}/{{section}} method get input argument name type required description url string required url endpoint for the request section string required parameter for get url indicators output parameter type description status code number http status code of the response reason string response reason phrase sections array output field sections indicator string output field indicator type string type of the resource type title string type of the resource validation array unique identifier file name string name of the resource file string output field file base indicator object output field base indicator id number unique identifier indicator string output field indicator type string type of the resource title string output field title description string output field description content string response content access type string type of the resource access reason string response reason phrase pulse info object output field pulse info count number count value pulses array output field pulses file name string name of the resource file string output field file references array output field references file name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "content length" "375", "connection" "keep alive", "date" "fri, 06 jan 2023 00 25 46 gmt", "server" "gunicorn", "cache control" "max age=0", "x frame options" "sameorigin", "x remote user name" "swimlane dev", "x otx active" "1", "content encoding" "gzip", "access control allow origin" " ", "vary" "accept encoding", "x cache" "miss from cloudfront", "via" "1 1 021fce58f4d2d5cc960cb6a0e0c04fc0 cloudfront net (cloudfront)", "x amz cf pop" "for50 p3" }, "reason" "ok", "json body" { "sections" \[], "indicator" "http //www fotoidea com/sport/4x4 san ponso/slides/img 0068 html", "type" "url", "type title" "url", "validation" \[], "base indicator" {}, "pulse info" {}, "false positive" \[], "alexa" "http //www alexa com/siteinfo/fotoidea com", "whois" "http //whois domaintools com/fotoidea com", "domain" "fotoidea com", "hostname" "www fotoidea com" } } ] response headers header description example access control allow origin http response header access control allow origin cache control directives for caching mechanisms max age=0 connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 323 content type the media type of the resource application/json date the date and time at which the message was originated fri, 06 jan 2023 00 25 46 gmt server information about the software used by the origin server gunicorn vary http response header vary accept encoding via http response header via 1 1 021fce58f4d2d5cc960cb6a0e0c04fc0 cloudfront net (cloudfront) x amz cf id http response header x amz cf id sjmiw6z8irm 7bqeajt3wyglf9zrt8bsyu oh5iwzha2qrrj fn1ba== x amz cf pop http response header x amz cf pop for50 p3 x cache http response header x cache miss from cloudfront x frame options http response header x frame options sameorigin x otx active http response header x otx active 1 x remote user name http response header x remote user name swimlane dev