AlienVault OTX Python SDK

1.5.12 verified Fri May 01 auth: no python

Official Python SDK for AlienVault OTX (Open Threat Exchange) API. Current version 1.5.12, maintained by AT&T Cybersecurity. Provides access to pulses, indicators, and threat intelligence feeds. Release cadence is irregular with periodic bugfixes and feature additions.

pip install otxv2

Common errors

error ModuleNotFoundError: No module named 'otxv2' ↓

cause Attempted import using all-lowercase module name.

fix

Use from OTXv2 import OTXv2 (note capital O, T, X, v, 2).

error OTXv2.exceptions.BadRequest: 400 Client Error: Bad Request ↓

cause Invalid or missing API key when making requests.

fix

Ensure you provide a valid API key to the OTXv2 constructor. Obtain from https://otx.alienvault.com.

error AttributeError: 'OTXv2' object has no attribute 'search_pulses' ↓

cause Method `search_pulses` was added in version 1.5.8. Using an older version.

fix

Upgrade to version 1.5.8 or later: pip install --upgrade otxv2.

Warnings

gotcha The module name is case-sensitive: `from OTXv2 import OTXv2`, not `otxv2`. Many users incorrectly import using lowercase and get ImportError. ↓

fix Use correct case: `from OTXv2 import OTXv2`.

breaking In version 1.5.11, default page limit sizes were changed, which may cause scripts expecting a different default limit to receive fewer or more results. ↓

fix Explicitly pass `limit` parameter to `getall()` or `search_pulses()` to control page size.

deprecated The `get_pulse_indicators` method's `include_inactive` parameter was added in 1.5.6. Older versions do not have it, and omitting it only returns active indicators. ↓

fix Upgrade to >=1.5.6 to use `include_inactive=True`.

Imports

OTXv2
wrong
```
from otxv2 import OTXv2
```
correct
```
from OTXv2 import OTXv2
```
Module name is case-sensitive: OTXv2, not otxv2.
IndicatorTypes
```
from OTXv2 import IndicatorTypes
```

Quickstart

Initialize with API key, fetch user pulses, and search for pulses by keyword.

from OTXv2 import OTXv2
from OTXv2 import IndicatorTypes

otx = OTXv2('YOUR_API_KEY')
# Get pulses by user
pulses = otx.getall(limit=10)
for pulse in pulses:
    print(pulse['name'])
# Search for indicators
results = otx.search_pulses('malware')
print(len(results))