Open kcreddy opened 1 year ago
rustybrooks
commented
1 year ago I think the easiest thing would be... just try it? If it works then you'll have your answer and if not, that's not a definitive answer but probably indicates it's not there any more.
kcreddy
commented
1 year ago Actually its still working even though not present in the official API doc. But, I am really interested in expiration time of indicators, hence would like to use /api/v1/pulses/subscribed.
kcreddy
commented
1 year ago @rustybrooks, I have few questions on expiration field contained inside /api/v1/pulses/subscribed response
null. Does that mean the indicator is never expired? null, is there any default expiration values that you would propose/suggest to end users?null to some date-time value, is this updated value available through the API via pulse's modified_since parameter?rustybrooks
commented
1 year ago I haven't worked on OTX for over 2 years now, so I can't comment on anything that's changed since then and I can't see the code any more.
My memory says that expired should always be present on an indicator - are you sure you only sometimes see it?
expired of null means no expiration
When an indicator is expired, it won't show up in a pulse's indicators, I believe, unless it's specifically requested. I believe the default is to not include them, but I'd have to check.
If the expiration is changed from null to some value then it will be available through the expiration parameter. Maybe I don't understand what you're asking.
kcreddy
commented
1 year ago Thanks for the details!
The API:
https://otx.alienvault.com/api/v1/indicators/exportwas earlier being used to fetch all the indicators. As per latest docs, the API isn't listed under https://otx.alienvault.com/assets/static/external_api.html#HomeIs the API removed? If so, what is the alternate API to use to fetch all indicators? If this is not the correct repository to post in, please direct me to appropriate repository to create this issue in.