OTX DirectConnect provides a mechanism to automatically pull indicators of compromise from the Open Threat Exchange portal into your environment. The DirectConnect API provides access to all Pulses that you have subscribed to in Open Threat Exchange (https://otx.alienvault.com).
- Clone this repo
- Using maven (https://maven.apache.org/) run
mvn install -DskipTests- Then execute the resulting jar file
java -jar target/DirectConnect-Java-SDK-0.1.0.jar- Edit the file ./src/test/resources/test_application.properties and add your ATX API key to key= property
...
key=<your otx key>
...
- Using maven, run
mvn install| Option | Long Format | Description |
|---|---|---|
| -d | --date | Only pulses modified since the date provided will be downloaded |
| -i | --indicators | Indicator types to save to the file. Provide a comma separated string of indicators (IPV4,IPV6,DOMAIN,HOSTNAME,EMAIL,URL,URI,MD5,SHA1,SHA256,PEHASH,IMPHASH,CIDR,PATH,MUTEX,CVE) |
| -k | --key | API Key from OTX Settings Page (https://otx.alienvault.com/settings/). |
| -o | --output-file | File to save indicators (Optional, default will write to console) |
Example Print all IPV4 and DOMAIN indicators from all pulses that you have subscribed to in the web interface that have been modified since April 15th, 2015.
java -jar target/DirectConnect-Java-SDK-0.1.0.jar -k <your key> -d 2015-04-15 -i IPV4,DOMAIN- Follow installation and usage steps outlined above
- Add the compiled jar file to your classpath (DirectConnect-Java-SDK-0.1.0.jar)
- Create a new OTXConnection object using the constructor that accepts an API key
- Call the utility methods provided by OTXConnection to retrieve Pulses