RFC: Python Library for ThreatExchange about threatexchange HOT 8 CLOSED

This is fantastic! Thank you for taking the time to write this library. I think it will be a valuable resource to the community and we're glad you're getting involved.

Please let me know if you have any questions. We're going to changing some things around in the coming weeks and will need to make some minor changes to your code.

I'm looking forward to the PR!

from threatexchange.

Thanks! I'm going to continue working on a few things and see if I can get some more eyes on the general concept. If you or anyone there have any opinions on this I'd love to hear about them as well!

Hopefully we can nail down a decent layout for the code so we can be confident it won't change drastically. If all goes well the changes you are all looking to make in the short term should be fairly simple to include :)

from threatexchange.

For anyone who swings by to look I made another branch which uses similar code but is classful:

https://github.com/mgoffin/ThreatExchange/tree/pytx_classful

The goal here is that you instantiate an object once, provide your APP-ID and APP-SECRET, then from there on out you can use that object to do basically everything. Example:

from pytx import ThreatIndicator
from pytx.vocabulary import Status as s
from pytx.vocabulary import ThreatIndicator as t

t = ThreatIndicator(app_id='<app-id>', app_secret='<app-secret>')
i = t.objects(text="www.facebook.com")
for x in i:
    x.set(t.STATUS, s.MALICIOUS)
    x.save()

In this example each object returned is an instantiated instance of ThreatIndicator with your credentials already set, so you can immediately turn around and do things like modify the status to be MALICIOUS and submit the change back.

I'm thinking I like this better so I might push the development in this direction unless people oppose.

from threatexchange.

That sounds great. It'll save us a bunch of time in the end. Can't wait
for the merge request back to master :)

One thing we've been toying with is to build a 'translation toolkit' in
python to support getting data in CSV, STIX/TAXII, OpenIOC or other formats
in/out of ThreatExchange. From what you've built so far, you're making it
easy!

On Fri, Mar 27, 2015 at 1:42 PM, Mike Goffin [email protected]
wrote:

For anyone who swings by to look I made another branch which uses similar
code but is classful:

https://github.com/mgoffin/ThreatExchange/tree/pytx_classful

The goal here is that you instantiate an object once, provide your APP-ID
and APP-SECRET, then from there on out you can use that object to do
basically everything. Example:

from pytx import ThreatIndicatorfrom pytx.vocabulary import Status as sfrom pytx.vocabulary import ThreatIndicator as t

t = ThreatIndicator(app_id='', app_secret='')
i = t.objects(text="www.facebook.com")for x in i:
x.set(t.STATUS, s.MALICIOUS)
x.save()

In this example each object returned is an instantiated instance of
ThreatIndicator with your credentials already set, so you can immediately
turn around and do things like modify the status to be MALICIOUS and
submit the change back.

I'm thinking I like this better so I might push the development in this
direction unless people oppose.

—
Reply to this email directly or view it on GitHub
#1 (comment)
.

from threatexchange.

We could add a "translations" folder to pytx which can contain tools necessary for converting data to/from ThreatExchange. I'll be honest my main focus would not be in this area, but it would at least provide a place for people who want to contribute these types of features. It would surely benefit companies looking to push data into ThreatExchange but have data in weird formats :)

The only thing I would want to make sure of is that pytx doesn't sprawl out of control with requirements. If at all possible I would prefer to make requests the only requirement. Maybe the better route would be for other libraries to include pytx for doing the translations in their code instead?

from threatexchange.

Given that the PR is up and we're conversing there, this issue can be closed :)

from threatexchange.

TIL that Github does not automatically close the issue when the pull request is landed. Thanks!

from threatexchange.

It was my bad not including the issue # in one of the commits!

from threatexchange.