· 6 years ago · Mar 18, 2020, 02:14 PM
1$tags = @("phishing","docusign")
2$otxkey = "YOUR API KEY"
3# Define export location.
4$exports = "C:\Exports"
5$next = "https://otx.alienvault.com/api/v1/pulses/subscribed/?limit=10&page=1"
6$regex = "[^a-zA-Z]"
7$results = @()
8do {
9 write-progress "Pulling all AlienVault indicators and exporting to CSVs. Processing page: $page"
10 $indicators = invoke-webrequest -URI $next -UseBasicParsing -Headers @{"X-OTX-API-KEY"="$otxkey"} -UseDefaultCredentials
11 # Convert JSON data received into powershell object.
12 $data = $indicators.Content | ConvertFrom-Json
13 # Populate the next page into $next variable.
14 $next = $data.next
15 $page = $next.split("&")[1].split("=")[1]
16 foreach ($indicator in $data.results) {
17 foreach ($tag in $tags) {
18 if ($indicator.tags | where {$_ -eq $tag}) {
19 foreach ($ioc in $indicator.indicators) {
20 $results += new-object PSObject -Property @{
21 "industries"="$($indicator.industries)";
22 "tlp"="$($indicator.tlp)";
23 "description"="$($indicator.description)";
24 "created"="$($indicator.created)";
25 "tags"="$($indicator.tags)";
26 "malware_families"="$($indicator.malware_families)";
27 "modified"="$($indicator.modified)";
28 "author_name"="$($indicator.author_name)";
29 "public"="$($indicator.public)";
30 "extract_source"="$($indicator.extract_source)";
31 "references"="$($indicator.references)";
32 "targeted_countries"="$($indicator.targeted_countries)";
33 "attack_ids"="$($indicator.attack_ids)";
34 "more_indicators"="$($indicator.more_indicators)";
35 "revision"="$($indicator.revision)";
36 "advesary"="$($indicator.advesary)";
37 "id"="$($indicator.id)";
38 "name"="$($indicator.name)";
39 "indicator_type"="$($ioc.type)";
40 "indicator_created"="$($ioc.created)";
41 "indicator_id"="$($ioc.indicators.id)";
42 "indicator"="$($ioc.indicator)"
43 }
44 }
45
46 }
47 }
48
49 }
50} while ($next -ne $null)
51$results | Select industries,tlp,description,created,tags,malware_families,modified,author_name,public,extract_source,references,targeted_countries,attack_ids,more_indicators,revision,advesary,id,name,indicator_type,indicator_created,indicator_id,indicator | Export-CSV C:\results.csv