JSON, XML, STIX, CSV and more!

Analyst

JSON, XML, STIX, CSV and more!

February 19, 2016

By Steve Ginty

A decent portion of PassiveTotal usage comes from the API and other 3rd-party integrations we have, so in building our new API, we wanted to make it easy for developers to get access to our data in as many forms as possible. Packed into our Python client are several libraries representing each major data type we have. The thought behind this was that users could selectively implement only the sources of data they found most interesting or create tools for very specific purposes.

Formats in Action

Each data type inherits XML and JSON output formats from a base class and then selectively implements their own versions of text, CSV, table, and STIX. All of the output formats are exposed through the class properties making it simple for a user to get one or many different formats for the same query.

A good example of a data type supporting all of the output formats is the DNS results object.

The above code highlights how simple it is for a user to run a passive DNS query against PassiveTotal and then get the results back in five different formats without needing parse any of the results.

While the code above is focused on just saving the output, imagine the uses for this data inside of a larger system like one that supports STIX or CSV input. Being able to take a single result set and split it into a number of formats means less work for our users and more flexibility.

Unified Formatting

One of the larger considerations in formatting data is how it will change across different data types. Outputs like JSON and XML are straight-forward and flexible, but formats like CSV, table and STIX tend to require specific implementations. For the first release of our Python toolset, we focused on providing the useful details of results in as many formats as we could. This means that when using formats beyond XML and JSON, you may not see all the data and instead, may only get summary information.

As we continue our development and get feedback from our users, we will make changes to the output formats available. One that's currently getting more work done to it is our STIX output format. Presently, DNS is the only supporter of the format, but we hope to port WHOIS and SSL certificates to a valid STIX output soon.

Featured Posts

External Threat Management

The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need

Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...

#TwitterHack: How RiskIQ Data Exposed Hundreds of Domains Belonging to the Attackers

The discussions in the coming days and weeks surrounding yesterday's large-scale compromise of verified Twitter accounts, including those of Joe Biden, Barack Obama, and Bill G...

Partner Deep-Dive: RiskIQ Security Intelligence Services for Splunk

The average organization's digital presence has exploded in size. Even before COVID-19 spread their staff and operations outside the firewall, businesses were rapidly migrating...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

COVID-19 Solution Brief

Hacker Valley Podcast

Forrester Wave: External Threat Intelligence Services, Q1 2021