Mandiant Advantage Threat Intel Client for Python

Quickstart

Initializing the client

From API Key and Secret Key (preferred)

import mandiant_threatintel

api_key = "API_KEY_GOES_HERE"
secret_key = "SECRET_KEY_GOES_HERE"

mati_client = mandiant_threatintel.ThreatIntelClient(api_key=api_key,
                                                    secret_key=secret_key)

With an existing Bearer Token

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"

mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

Accessing Indicators

By UUID

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

indicator = mati_client.Indicators.get('INDICATOR--UUID')

By Value

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

indicator = mati_client.Indicators.get_from_value('INDICATOR_VALUE.com')

Get all matching Indicators

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

indicators_generator = mati_client.Indicators.get_list()

Accessing Threat Actors

By Name or UUID

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

threatactor = mati_client.ThreatActors.get('NAME-OR-UUID')

Get all Threat Actors

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

threatactors_generator = mati_client.ThreatActors.get_list()

Accessing Malware Families

By Name or UUID

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

malware = mati_client.Malware.get('NAME-OR-UUID')

Get all Malware Families

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

malware_generator = mati_client.Malware.get_list()

Accessing Vulnerabilities

By CVE ID or UUID

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

vulnerability = mati_client.Vulnerabilities.get('CVE-ID-OR-UUID')

Get all matching Vulnerabilities

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

vulnerability_generator = mati_client.Vulnerabilities.get_list()

Accessing Reports

By Report ID

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

report = mati_client.Reports.get('REPORT-ID')

Get all matching Reports

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

reports_generator = mati_client.Reports.get_list()

Save a Report PDF to a File

import mandiant_threatintel

bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)

file_name = 'report.pdf'
report_id = 'SOME-REPORT-ID'

report = mati_client.Reports.get(report_id)
with open(file_name, 'wb') as f:
  f.write(report.pdf)

Change Log

0.1.20 (2023-09-01)

Add support to return attack patterns associated with a Campaign

0.1.19 (2023-08-30)

Add support to return indicators associated with a Campaign

0.1.18 (2023-08-23)

Add support for the new Threat Rating and Category fields on an indicator

0.1.17 (2023-05-26)

Allow passing of kwargs into threat_intel_client.IndicatorClient.get_list()

0.1.16 (2023-05-24)

Handle 204 response from threat_intel_client.IndicatorClient.get_from_value()

0.1.14 (2023-04-04)

Fix broken Aliases in Threat Actor because of MATI API change

0.1.12 (2023-03-03)

Began using include_reports=True for Indicator queries to reduce API calls

0.1.11 (2023-01-31)

Replaced usage of | with dict.update() to better support Python 3.7 and Python 3.8

0.1.10 (2023-01-31)

Fixed an issue where campaigns were unavailable for indicators retrieved via get_list

0.1.9 (2023-01-31)

Fixes an issue where a new bearer token is requested from the API before every API request

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
docs		docs
mandiant_threatintel		mandiant_threatintel
tests		tests
.gitignore		.gitignore
LICENSE		LICENSE
Pipfile		Pipfile
Pipfile.lock		Pipfile.lock
README.md		README.md
requirements.txt		requirements.txt
setup.py		setup.py

License

google/mandiant-ti-client

Folders and files

Latest commit

History

Repository files navigation

Mandiant Advantage Threat Intel Client for Python

Quickstart

Initializing the client

From API Key and Secret Key (preferred)

With an existing Bearer Token

Accessing Indicators

By UUID

By Value

Get all matching Indicators

Accessing Threat Actors

By Name or UUID

Get all Threat Actors

Accessing Malware Families

By Name or UUID

Get all Malware Families

Accessing Vulnerabilities

By CVE ID or UUID

Get all matching Vulnerabilities

Accessing Reports

By Report ID

Get all matching Reports

Save a Report PDF to a File

Change Log

0.1.20 (2023-09-01)

0.1.19 (2023-08-30)

0.1.18 (2023-08-23)

0.1.17 (2023-05-26)

0.1.16 (2023-05-24)

0.1.14 (2023-04-04)

0.1.12 (2023-03-03)

0.1.11 (2023-01-31)

0.1.10 (2023-01-31)

0.1.9 (2023-01-31)

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Languages