RST Cloud API - Python Client

Overview

rstapi-python is a Python 3 library designed to interact with various RST Cloud APIs, such as:

RST Threat Feed
RST Report Hub
RST Noise Control
RST IoC Lookup
RST Whois API

Installation

To install the library using pip, run:

pip install rstapi

The package details are here: https://pypi.org/project/rstapi/

Usage

Refer to the GitHub Repository for comprehensive details and example usage. Example code can be found in the test.py file.

Additionally, consult the RST Cloud API Documentation for more information.

API Token

An API token is required to access RST Cloud APIs. You can obtain an API token by:

Contacting trial@rstcloud.net
Generating it online via RST Cloud Free Trial
Reaching out to your account representative

Environment Variable Setup

The recommended approach is to set the RST_API_KEY as an environment variable. This avoids hardcoding the API key in your code:

import rstapi
c = rstapi.ioclookup()
response = c.GetIndicator("1.1.1.1")

Explicit Token Usage

Alternatively, you can explicitly pass the API token when creating the API client:

import rstapi
c = rstapi.ioclookup(APIKEY="YOUR_API_KEY")
response = c.GetIndicator("1.1.1.1")

Examples

1. Import Statements


# common imports
import os
from datetime import date, timedelta
from pprint import pprint
# required imports
from rstapi import ioclookup, noisecontrol, reporthub, threatfeed, whoisapi

2. Replace the Placeholder API Key

USER_APIKEY = "REPLACE_ME"

3. RST Threat Feed

print("\n--- RST Threat Feed ---\n")
# Initialize client
rst_threatfeed = threatfeed(APIKEY=USER_APIKEY)
# Fetch threat feed data
file = rst_threatfeed.GetFeed(ioctype="hash", filetype="csv")
pprint(file)
if "status" in file and file["status"] == "ok":
    os.remove(file["message"])

4. RST IoC Lookup

print("\n--- RST IoC Lookup ---\n")
# Initialize client
rst_ioclookup = ioclookup(APIKEY=USER_APIKEY)
# Get an indicator
pprint(rst_ioclookup.GetIndicator("7eb800559bfa2c1980b0cc711cec120b"))
# Submit an indicator
pprint(rst_ioclookup.SubmitIndicator("1.1.1.1", "detected by sandbox"))
# Submit a false positive
pprint(rst_ioclookup.SubmitFalsePositive("1.1.1.1", "cdn address"))

5. RST Noise Control

print("\n--- RST Noise Control ---\n")
# Initialize client
rst_noisecontrol = noisecontrol(APIKEY=USER_APIKEY)
# Lookup a value
pprint(rst_noisecontrol.ValueLookup("1.1.1.1"))
# Batch lookup
data = "google.com\nmicrosoft.com\ntest.com"
ioc_type = "domain"
token = rst_noisecontrol.BatchLookup(ioctype=ioc_type, data=data)
pprint(token)
# Get batch result
result = rst_noisecontrol.BatchResult(ioctype=ioc_type, token=token)
pprint(result)

6. RST Report Hub

print("\n--- RST Report Hub ---\n")
# Initialize client
rst_reporthub = reporthub(APIKEY=USER_APIKEY)
# Fetch reports
startDate = (date.today() - timedelta(days=1)).strftime("%Y%m%d")
report_digest = rst_reporthub.GetReports(startDate)
print(len(report_digest))
if len(report_digest) > 0:
    # Get report PDF
    report_pdf = rst_reporthub.GetReportPDF(reportid=report_digest[0]["id"])
    print(report_pdf)
    os.remove(report_pdf["message"])
    # Get report JSON
    report_json = rst_reporthub.GetReportJSON(reportid=report_digest[0]["id"])
    print(report_json["id"])
    # Get report STIX
    report_stix = rst_reporthub.GetReportSTIX(reportid=report_digest[0]["id"])
    print(report_stix["id"])

7. RST Whois API

print("\n--- RST Whois API ---\n")
# Initialize client
rst_whois = whoisapi(APIKEY=USER_APIKEY)
# Get domain info
pprint(rst_whois.GetDomainInfo(domain="domain.com", raw=False))
pprint(rst_whois.GetDomainInfo(domain="domain.com", raw=True))