AlienVault Open Threat Exchange

the alienvault open threat exchange connector integrates with swimlane to allow retrieving data about domains, hashes, ips, pulse indicators, and urls prerequisites in order to use this connector, you will need an alienvault otx api key in order to acquire an otx api key, you will need to register an account at https //otx alienvault com/ you should be able to to find your otx key under your account settings after signing up capabilities the alienvault open threat exchange connector has the following capabilities get domain get hash get ip get pulse indicators get url configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x otx api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get domain indicators get domain indicators endpoint url api/v1/indicators/domain/{{domain}}/{{section}} method get input argument name type required description path parameters domain string required parameters for the get domain indicators action path parameters section string required parameters for the get domain indicators action input example {"path parameters" {"domain" "swimlane com","section" "general"}} output parameter type description status code number http status code of the response reason string response reason phrase sections array output field sections whois string output field whois alexa string output field alexa indicator string output field indicator type string type of the resource type title string type of the resource validation array unique identifier validation file name string unique identifier validation file string unique identifier base indicator object output field base indicator pulse info object output field pulse info pulse info count number count value pulse info pulses array output field pulse info pulses pulse info pulses file name string name of the resource pulse info pulses file string output field pulse info pulses file pulse info references array output field pulse info references pulse info references file name string name of the resource pulse info references file string output field pulse info references file pulse info related object output field pulse info related pulse info related alienvault object output field pulse info related alienvault pulse info related alienvault adversary array output field pulse info related alienvault adversary pulse info related alienvault adversary file name string name of the resource pulse info related alienvault adversary file string output field pulse info related alienvault adversary file output example {"status code" 200,"response headers" {"content type" "application/json","content length" "268","connection" "keep alive","date" "fri, 06 jan 2023 00 27 24 gmt","server" "gunicorn","cache control" "max age=0","x frame options" "sameorigin","x remote user name" "swimlane dev","x otx active" "1","content encoding" "gzip","access control allow origin" " ","vary" "accept encoding","x cache" "miss from cloudfront","via" "1 1 e074760d97af50b62db843a4057448cc cloudfront net (cloudfront)","x amz cf pop" get file hash indicators get file hash indicators endpoint url api/v1/indicators/file/{{file hash}}/{{section}} method get input argument name type required description path parameters file hash string required parameters for the get file hash indicators action path parameters section string required parameters for the get file hash indicators action input example {"path parameters" {"file hash" "6c5360d41bd2b14b1565f5b18e5c203cf512e493","section" "general"}} output parameter type description status code number http status code of the response reason string response reason phrase sections array output field sections type string type of the resource type title string type of the resource indicator string output field indicator validation array unique identifier validation file name string unique identifier validation file string unique identifier base indicator object output field base indicator base indicator id number unique identifier base indicator indicator string output field base indicator indicator base indicator type string type of the resource base indicator title string output field base indicator title base indicator description string output field base indicator description base indicator content string response content base indicator access type string type of the resource base indicator access reason string response reason phrase pulse info object output field pulse info pulse info count number count value pulse info pulses array output field pulse info pulses pulse info pulses file name string name of the resource pulse info pulses file string output field pulse info pulses file pulse info references array output field pulse info references pulse info references file name string name of the resource output example {"status code" 200,"response headers" {"content type" "application/json","content length" "323","connection" "keep alive","date" "mon, 09 jan 2023 23 40 19 gmt","server" "gunicorn","cache control" "max age=0","x frame options" "sameorigin","x remote user name" "swimlane dev","x otx active" "1","content encoding" "gzip","access control allow origin" " ","vary" "accept encoding","x cache" "miss from cloudfront","via" "1 1 021fce58f4d2d5cc960cb6a0e0c04fc0 cloudfront net (cloudfront)","x amz cf pop" get ipv4 indicators get ipv4 indicators endpoint url api/v1/indicators/ipv4/{{ip}}/{{section}} method get input argument name type required description path parameters ip string required parameters for the get ipv4 indicators action path parameters section string required parameters for the get ipv4 indicators action input example {"path parameters" {"ip" "8 8 8 8","section" "general"}} output parameter type description status code number http status code of the response reason string response reason phrase whois string output field whois reputation number output field reputation indicator string output field indicator type string type of the resource type title string type of the resource base indicator object output field base indicator base indicator id number unique identifier base indicator indicator string output field base indicator indicator base indicator type string type of the resource base indicator title string output field base indicator title base indicator description string output field base indicator description base indicator content string response content base indicator access type string type of the resource base indicator access reason string response reason phrase pulse info object output field pulse info pulse info count number count value pulse info pulses array output field pulse info pulses pulse info pulses file name string name of the resource pulse info pulses file string output field pulse info pulses file pulse info references array output field pulse info references pulse info references file name string name of the resource pulse info references file string output field pulse info references file pulse info related object output field pulse info related output example {"status code" 200,"response headers" {"content type" "application/json","content length" "646","connection" "keep alive","date" "mon, 09 jan 2023 23 41 34 gmt","server" "gunicorn","cache control" "max age=0","x frame options" "sameorigin","x remote user name" "swimlane dev","x otx active" "1","content encoding" "gzip","access control allow origin" " ","vary" "accept encoding","x cache" "miss from cloudfront","via" "1 1 804a8375579a9f838ab10ed130908180 cloudfront net (cloudfront)","x amz cf pop" get ipv6 indicators get ipv6 indicators endpoint url api/v1/indicators/ipv6/{{ip}}/{{section}} method get input argument name type required description path parameters ip string required parameters for the get ipv6 indicators action path parameters section string required parameters for the get ipv6 indicators action input example {"path parameters" {"ip" "0000 0000 0000 0000 0000\ ffff 0808 0808","section" "general"}} output parameter type description status code number http status code of the response reason string response reason phrase whois string output field whois reputation number output field reputation indicator string output field indicator type string type of the resource type title string type of the resource base indicator object output field base indicator pulse info object output field pulse info pulse info count number count value pulse info pulses array output field pulse info pulses pulse info pulses file name string name of the resource pulse info pulses file string output field pulse info pulses file pulse info references array output field pulse info references pulse info references file name string name of the resource pulse info references file string output field pulse info references file pulse info related object output field pulse info related pulse info related alienvault object output field pulse info related alienvault pulse info related alienvault adversary array output field pulse info related alienvault adversary pulse info related alienvault adversary file name string name of the resource pulse info related alienvault adversary file string output field pulse info related alienvault adversary file pulse info related alienvault malware families array output field pulse info related alienvault malware families pulse info related alienvault malware families file name string name of the resource pulse info related alienvault malware families file string output field pulse info related alienvault malware families file pulse info related alienvault industries array output field pulse info related alienvault industries output example {"status code" 200,"response headers" {"content type" "application/json","content length" "458","connection" "keep alive","date" "mon, 09 jan 2023 23 42 33 gmt","server" "gunicorn","cache control" "max age=0","x frame options" "sameorigin","x remote user name" "swimlane dev","x otx active" "1","content encoding" "gzip","access control allow origin" " ","vary" "accept encoding","x cache" "miss from cloudfront","via" "1 1 e074760d97af50b62db843a4057448cc cloudfront net (cloudfront)","x amz cf pop" get pulse indicators get pulse indicators endpoint url api/v1/pulses/{{pulse id}}/indicators method get input argument name type required description path parameters pulse id string required parameters for the get pulse indicators action input example {"path parameters" {"pulse id" "57204e9b3c4c3e015d93cb12"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results pulse key string result of the operation results id number unique identifier results indicator string result of the operation results type string type of the resource results created string result of the operation results content string response content results title string result of the operation results description string result of the operation results expiration object result of the operation results is active number result of the operation results false positive object result of the operation results false positive assessment object result of the operation results false positive assessment date object result of the operation results false positive report date object result of the operation results slug string result of the operation count number count value previous object output field previous next object output field next output example {"status code" 200,"response headers" {"content type" "application/json","content length" "633","connection" "keep alive","date" "fri, 06 jan 2023 00 23 30 gmt","server" "gunicorn","content encoding" "gzip","x frame options" "sameorigin","x remote user name" "swimlane dev","x otx active" "1","access control allow origin" " ","vary" "accept encoding","x cache" "miss from cloudfront","via" "1 1 3cf6fe633fae664d54600fda39cf3e78 cloudfront net (cloudfront)","x amz cf pop" "for50 p3","x amz cf id" "8 get url indicators get url indicators endpoint url api/v1/indicators/url/{{url}}/{{section}} method get input argument name type required description path parameters url string required parameters for the get url indicators action path parameters section string required parameters for the get url indicators action input example {"path parameters" {"url" "http //www fotoidea com/sport/4x4 san ponso/slides/img 0068 html","section" "general"}} output parameter type description status code number http status code of the response reason string response reason phrase sections array output field sections indicator string output field indicator type string type of the resource type title string type of the resource validation array unique identifier validation file name string unique identifier validation file string unique identifier base indicator object output field base indicator base indicator id number unique identifier base indicator indicator string output field base indicator indicator base indicator type string type of the resource base indicator title string output field base indicator title base indicator description string output field base indicator description base indicator content string response content base indicator access type string type of the resource base indicator access reason string response reason phrase pulse info object output field pulse info pulse info count number count value pulse info pulses array output field pulse info pulses pulse info pulses file name string name of the resource pulse info pulses file string output field pulse info pulses file pulse info references array output field pulse info references pulse info references file name string name of the resource output example {"status code" 200,"response headers" {"content type" "application/json","content length" "375","connection" "keep alive","date" "fri, 06 jan 2023 00 25 46 gmt","server" "gunicorn","cache control" "max age=0","x frame options" "sameorigin","x remote user name" "swimlane dev","x otx active" "1","content encoding" "gzip","access control allow origin" " ","vary" "accept encoding","x cache" "miss from cloudfront","via" "1 1 021fce58f4d2d5cc960cb6a0e0c04fc0 cloudfront net (cloudfront)","x amz cf pop" response headers header description example access control allow origin http response header access control allow origin cache control directives for caching mechanisms max age=0 connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 458 content type the media type of the resource application/json date the date and time at which the message was originated fri, 06 jan 2023 00 23 30 gmt server information about the software used by the origin server gunicorn vary http response header vary accept encoding via http response header via 1 1 021fce58f4d2d5cc960cb6a0e0c04fc0 cloudfront net (cloudfront) x amz cf id http response header x amz cf id r bhm yw66 bjwe4d7s c83xvuysflrm9cdpxmzhf2mo0wehwee1a== x amz cf pop http response header x amz cf pop for50 p3 x cache http response header x cache miss from cloudfront x frame options http response header x frame options sameorigin x otx active http response header x otx active 1 x remote user name http response header x remote user name swimlane dev