Mandiant Advantage Threat Intel Client for Python
From API Key and Secret Key (preferred)
import mandiant_threatintel
api_key = "API_KEY_GOES_HERE"
secret_key = "SECRET_KEY_GOES_HERE"
mati_client = mandiant_threatintel.ThreatIntelClient(api_key=api_key,
secret_key=secret_key)With an existing Bearer Token
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
indicator = mati_client.Indicators.get('INDICATOR--UUID')import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
indicator = mati_client.Indicators.get_from_value('INDICATOR_VALUE.com')Get all matching Indicators
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
indicators_generator = mati_client.Indicators.get_list()
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
threatactor = mati_client.ThreatActors.get('NAME-OR-UUID')import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
threatactors_generator = mati_client.ThreatActors.get_list()
Accessing Malware Families
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
malware = mati_client.Malware.get('NAME-OR-UUID')import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
malware_generator = mati_client.Malware.get_list()
Accessing Vulnerabilities
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
vulnerability = mati_client.Vulnerabilities.get('CVE-ID-OR-UUID')Get all matching Vulnerabilities
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
vulnerability_generator = mati_client.Vulnerabilities.get_list()
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
report = mati_client.Reports.get('REPORT-ID')import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
reports_generator = mati_client.Reports.get_list()
Save a Report PDF to a File
import mandiant_threatintel
bearer_token = "EXISTING_BEARER_TOKEN"
mati_client = mandiant_threatintel.ThreatIntelClient(bearer_token=bearer_token)
file_name = 'report.pdf'
report_id = 'SOME-REPORT-ID'
report = mati_client.Reports.get(report_id)
with open(file_name, 'wb') as f:
f.write(report.pdf)
- Add support to return attack patterns associated with a Campaign
- Add support to return indicators associated with a Campaign
- Add support for the new Threat Rating and Category fields on an indicator
- Allow passing of kwargs into
threat_intel_client.IndicatorClient.get_list()
- Handle 204 response from
threat_intel_client.IndicatorClient.get_from_value()
- Fix broken Aliases in Threat Actor because of MATI API change
- Began using
include_reports=True for Indicator queries to reduce API calls
- Replaced usage of
| with dict.update() to better support Python 3.7 and Python 3.8
- Fixed an issue where
campaigns were unavailable for indicators retrieved via get_list
- Fixes an issue where a new bearer token is requested from the API before every API request