Need help with OTX-Python-SDK?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

234 Stars 129 Forks Apache License 2.0 178 Commits 29 Opened issues


The Python SDK for AlienVault OTX

Services available


Need anything else?

Contributors list

Build Status


Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.

OTX Direct Connect agents provide a way to automatically update your security infrastructure with pulses you have subscribed to from with Open Threat Exchange. By using Direct Connect, the indicators contained within the pulses you have subscribed to can be downloaded and made locally available for other applications such as Intrusion Detection Systems, Firewalls, and other security-focused applications.

OTX Direct Connect provides a mechanism to automatically pull indicators of compromise from the Open Threat Exchange portal into your environment. The DirectConnect API provides access to all Pulses that you have subscribed to in Open Threat Exchange (


You can install with

pip install OTXv2
or alternatively:
  1. Clone this repo
  2. Run (from the root directory)
    pip install .
    python install
  3. Integrate into your codebase (see Python Notebook example below)

For more information about the particular API calls see (Endpoint details on 'docs' tab)

Installation with Python Notebook

  1. Clone this repo
  2. Install pandas

pip install pandas
  1. Install python notebook (

pip install jupyter
  1. Run notebook

jupyter notebook howto_use_python_otx_api.ipynb


Reading contents from OTX: ``` from OTXv2 import OTXv2 from OTXv2 import IndicatorTypes otx = OTXv2("API_KEY")

Get all the indicators associated with a pulse

indicators = otx.getpulseindicators("pulse_id") for indicator in indicators: print indicator["indicator"] + indicator["type"]

Get everything OTX knows about

otx.getindicatordetailsfull(IndicatorTypes.DOMAIN, "")

Adding content to OTX:
from OTXv2 import OTXv2 otx = OTXv2("APIKEY") name = 'Test Pulse' indicators = [ {'indicator': '', 'type': 'IPv4'}, {'indicator': '', 'type': 'Domain'} ] response = otx.create_pulse(name=name ,public=True ,indicators=indicators ,tags=[] , references=[]) print str(response) ```

Additional Examples: - Simple command line interface to OTX - - Use OTX to determine if files, domains, IPs or URLs are malicious - - Store all the indicators from pulses you are subscribed to in a CSV file - - Maintain a feed of indicators in a pulse for users - - Adding domains to an existing pulse -

More examples are at

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.