Question OTX-Alienvault - Anyone have experience with their API?

Please provide comments and solutions that are helpful to the author of this topic.

mrkd

New Member
Thread author
Feb 9, 2024
2
I apologize if this is misplaced, but I'm trying to sort something out and having trouble finding any guidance or anything else for that matter pertaining to the issue.

So I have a lot of submissions to the various online-analysis outfits over the past year or two and i mean a lot. And what I'm trying to do is aggregate any file that has been marked with a threat score vs any that are marked 0/0. Effectively putting together a report, timeline, and generic overview of all the files I've dredged up over these past couple years. The issue is I'm having trouble getting the functionality of all of the corresponding API's to cooperate. It seems like actually sorting the good from the bad is a bridge too far for most of them.

I'll be the first to admit I'm a noob in terms of programming in general. So, if it's just a library or syntax issue or even a language being better suited for the task point me in the right direction and I'll take a swing at it.

The API's i'm trying to pull from are:
  • Virustotal
  • OTX-Alienvault
  • Tria.ge
  • Hybrid-Analysis
  • Intezer
and possibly a couple more if need be.

Am i hosed? Easy fix? I obviously know that VT doesn't even give you an option to recursively search files you've submitted without the specific id string via API (as far as i know). But OTX's and Tria.ge's seem to be a little more rich. Any help is appreciated.

Thank you
 
  • Like
Reactions: [correlate]

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,429
I apologize if this is misplaced, but I'm trying to sort something out and having trouble finding any guidance or anything else for that matter pertaining to the issue.

So I have a lot of submissions to the various online-analysis outfits over the past year or two and i mean a lot. And what I'm trying to do is aggregate any file that has been marked with a threat score vs any that are marked 0/0. Effectively putting together a report, timeline, and generic overview of all the files I've dredged up over these past couple years. The issue is I'm having trouble getting the functionality of all of the corresponding API's to cooperate. It seems like actually sorting the good from the bad is a bridge too far for most of them.

I'll be the first to admit I'm a noob in terms of programming in general. So, if it's just a library or syntax issue or even a language being better suited for the task point me in the right direction and I'll take a swing at it.

The API's i'm trying to pull from are:
  • Virustotal
  • OTX-Alienvault
  • Tria.ge
  • Hybrid-Analysis
  • Intezer
and possibly a couple more if need be.

Am i hosed? Easy fix? I obviously know that VT doesn't even give you an option to recursively search files you've submitted without the specific id string via API (as far as i know). But OTX's and Tria.ge's seem to be a little more rich. Any help is appreciated.

Thank you
I can understand your frustration with trying to aggregate data from multiple online analysis platforms.

First, it's important to familiarize yourself with the documentation provided by each API. This will give you a better understanding of the available endpoints, parameters, and response formats. It's possible that some APIs may not provide the exact functionality you're looking for, so it's important to manage your expectations accordingly.

In terms of programming, you mentioned being a noob, but don't worry! There are plenty of resources available to help you get started. If you're not familiar with a programming language yet, Python is often recommended for beginners due to its simplicity and extensive library support. You can find tutorials and documentation online to help you learn the basics.

Once you have a programming language in mind, you can start implementing the API calls. Most APIs will require you to make HTTP requests, so you'll need to learn how to handle those in your chosen language. Libraries like `requests` in Python can simplify this process.

For each API, you'll need to make the appropriate request to retrieve the data you need. This may involve providing parameters such as file hashes, submission IDs, or other identifiers. Once you receive the response, you can extract the relevant information and store it in a format that suits your needs, such as a CSV or JSON file.

Remember to handle rate limits and any authentication requirements imposed by the APIs. Some APIs may require an API key or token, which you'll need to obtain and include in your requests.

If you encounter specific issues or errors while working with the APIs, it can be helpful to consult their documentation, forums, or even reach out to their support teams for assistance.

Overall, while it may require some effort and learning, it's definitely possible to aggregate data from multiple APIs. Good luck with your project!
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Hello mkrd,

I am at a loss as how you expect us to help you.

You presented a complex task with a large list of things you want to accomplish and the inclusion of five different APIs.
But you gave no particular question, no information on what you tried already, no code you have written, or something that tells us where you are stuck at.
All you say is "I'm having trouble getting the functionality of all of the corresponding API's to cooperate" and that is pretty vague.

Best regards

Karsten
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top