infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update OTX script to pull last 30 days

keyword-vs-text-changes
Roberto Rodriguez 2017-12-17 17:03:20 -05:00
parent 04695170b2
commit ed5665926d
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/otx_helk.py
View File

@ -3,9 +3,12 @@ from OTXv2 import OTXv2
from pandas.io.json import json_normalize
otx = OTXv2("API Key")
time_range = 30
timedelta_days = timedelta(days=int(time_range))
pull_time = (datetime.now() - timedelta_days).isoformat()
def OTXEnrichment():
pulses = otx.getall()
pulses = otx.getsince(pull_time)
data = []
object = {}
for p in pulses:
@ -62,8 +65,11 @@ def OTXEnrichment():
iocs = [IPV4, IMPHASH, MD5, SHA1, SHA256]
for i in iocs:
df = json_normalize(i)
df.to_csv(('/opt/otx/otx_'+i[0]['ioc_name']+'_.csv'), index=False, header=False, encoding='utf-8', columns=("indicator_name", "pulse_name"))
try:
df = json_normalize(i)
df.to_csv(('/opt/otx/otx_'+i[0]['ioc_name']+'_.csv'), index=False, header=False, encoding='utf-8', columns=("indicator_name", "pulse_name"))
except:
print "Not available Intelligence for one indicator in the past 30 days"
if __name__=="__main__":
OTXEnrichment()