· 6 years ago · Mar 19, 2020, 01:32 AM
1$tags = @("carona virus","covid19")
2$otxkey = "YOUR API KEY"
3$next = "https://otx.alienvault.com/api/v1/pulses/subscribed/?limit=10&page=1"
4$regex = "[^a-zA-Z]"
5$results = @()
6do {
7 write-progress "Pulling all AlienVault indicators and exporting to CSVs. Processing page: $page"
8 $indicators = invoke-webrequest -URI $next -UseBasicParsing -Headers @{"X-OTX-API-KEY"="$otxkey"} -UseDefaultCredentials
9 # Convert JSON data received into powershell object.
10 $data = $indicators.Content | ConvertFrom-Json
11 # Populate the next page into $next variable.
12 $next = $data.next
13 $page = $next.split("&")[1].split("=")[1]
14 foreach ($indicator in $data.results) {
15 foreach ($tag in $tags) {
16 if ($indicator.tags | where {$_ -eq $tag}) {
17 foreach ($ioc in $indicator.indicators) {
18 $results += new-object PSObject -Property @{
19 "industries"="$($indicator.industries)";
20 "tlp"="$($indicator.tlp)";
21 "description"="$($indicator.description)";
22 "created"="$($indicator.created)";
23 "tags"="$($indicator.tags)";
24 "malware_families"="$($indicator.malware_families)";
25 "modified"="$($indicator.modified)";
26 "author_name"="$($indicator.author_name)";
27 "public"="$($indicator.public)";
28 "extract_source"="$($indicator.extract_source)";
29 "references"="$($indicator.references)";
30 "targeted_countries"="$($indicator.targeted_countries)";
31 "attack_ids"="$($indicator.attack_ids)";
32 "more_indicators"="$($indicator.more_indicators)";
33 "revision"="$($indicator.revision)";
34 "advesary"="$($indicator.advesary)";
35 "id"="$($indicator.id)";
36 "name"="$($indicator.name)";
37 "indicator_type"="$($ioc.type)";
38 "indicator_created"="$($ioc.created)";
39 "indicator_id"="$($ioc.indicators.id)";
40 "indicator"="$($ioc.indicator)"
41 }
42 }
43
44 }
45 }
46
47 }
48} while ($next -ne $null)
49$results | Select industries,tlp,description,created,tags,malware_families,modified,author_name,public,extract_source,references,targeted_countries,attack_ids,more_indicators,revision,advesary,id,name,indicator_type,indicator_created,indicator_id,indicator | Export-CSV C:\results.csv