A decent portion of PassiveTotal usage comes from the API and other 3rd-party integrations we have, so in building our new API, we wanted to make it easy for developers to get access to our data in as many forms as possible. Packed into our Python client are several libraries representing each major data type we have. The thought behind this was that users could selectively implement only the sources of data they found most interesting or create tools for very specific purposes.
Formats in Action
Each data type inherits XML and JSON output formats from a base class and then selectively implements their own versions of text, CSV, table, and STIX. All of the output formats are exposed through the class properties making it simple for a user to get one or many different formats for the same query.
A good example of a data type supporting all of the output formats is the DNS results object.
The above code highlights how simple it is for a user to run a passive DNS query against PassiveTotal and then get the results back in five different formats without needing parse any of the results.
While the code above is focused on just saving the output, imagine the uses for this data inside of a larger system like one that supports STIX or CSV input. Being able to take a single result set and split it into a number of formats means less work for our users and more flexibility.
One of the larger considerations in formatting data is how it will change across different data types. Outputs like JSON and XML are straight-forward and flexible, but formats like CSV, table and STIX tend to require specific implementations. For the first release of our Python toolset, we focused on providing the useful details of results in as many formats as we could. This means that when using formats beyond XML and JSON, you may not see all the data and instead, may only get summary information.
As we continue our development and get feedback from our users, we will make changes to the output formats available. One that's currently getting more work done to it is our STIX output format. Presently, DNS is the only supporter of the format, but we hope to port WHOIS and SSL certificates to a valid STIX output soon.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...