JSON, XML, STIX, CSV and more!

Analyst

JSON, XML, STIX, CSV and more!

February 19, 2016

By Steve Ginty

A decent portion of PassiveTotal usage comes from the API and other 3rd-party integrations we have, so in building our new API, we wanted to make it easy for developers to get access to our data in as many forms as possible. Packed into our Python client are several libraries representing each major data type we have. The thought behind this was that users could selectively implement only the sources of data they found most interesting or create tools for very specific purposes.

Formats in Action

Each data type inherits XML and JSON output formats from a base class and then selectively implements their own versions of text, CSV, table, and STIX. All of the output formats are exposed through the class properties making it simple for a user to get one or many different formats for the same query.

A good example of a data type supporting all of the output formats is the DNS results object.

The above code highlights how simple it is for a user to run a passive DNS query against PassiveTotal and then get the results back in five different formats without needing parse any of the results.

While the code above is focused on just saving the output, imagine the uses for this data inside of a larger system like one that supports STIX or CSV input. Being able to take a single result set and split it into a number of formats means less work for our users and more flexibility.

Unified Formatting

One of the larger considerations in formatting data is how it will change across different data types. Outputs like JSON and XML are straight-forward and flexible, but formats like CSV, table and STIX tend to require specific implementations. For the first release of our Python toolset, we focused on providing the useful details of results in as many formats as we could. This means that when using formats beyond XML and JSON, you may not see all the data and instead, may only get summary information.

As we continue our development and get feedback from our users, we will make changes to the output formats available. One that's currently getting more work done to it is our STIX output format. Presently, DNS is the only supporter of the format, but we hope to port WHOIS and SSL certificates to a valid STIX output soon.

Featured Posts

External Threat Management | Labs

Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

RiskIQ's Team Atlas has uncovered still more infrastructure actively serving WellMess/WellMail. The timing here is notable. Only one month ago, the American and Russian he...

Joining Microsoft is the Next Stage of the RiskIQ Journey

Today Microsoft announced its intent to acquire RiskIQ, representing the next stage of our journey that's been more than a decade in the making. We couldn't be more ...

Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appea...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event