
Security Fundamentals
Turtles, Clams, and Cyber Threat Actors: Shell Usage
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
The ODSBox is a lightweight Python wrapper on the standardized ASAM ODS REST API. Using intuitive JAQuel queries and pandas.DataFrames the ODSBox makes dealing with ASAM ODS data in Python more fun.
from odsbox.con_i import ConI
with ConI(url="https://MY_SERVER/api", auth=("sa", "sa")) as con_i:
measurements = con_i.query_data(
{
"AoMeasurement": {"name": {"$like": "*"}},
"$attributes": {"name": 1, "id": 1},
"$options": {"$rowlimit": 50},
}
)
print(measurements)
The ASAM ODS server is called using HTTP calls defined by the ASAM ODS standard.
The messages are encode/decoded using ASAM ODS protobuf message definitions provided at
ASAM-ODS-Interfaces. As content type application/x-asamods+protobuf
is used.
JAQuel allows you to query your data in a simple and intuitive way inspired by MongoDB Query Language (MQL). The definition of query expression as JSON easily integrates with the Python language – a win-win situation.
ODSBox is available on.
github | https://github.com/peak-solution/odsbox/ |
PyPI | https://pypi.org/project/odsbox/ |
github docs | https://peak-solution.github.io/odsbox |
# access ASAM ODS server
pip install odsbox
# access ASAM ODS EXD-API plugin
pip install odsbox[exd-data]
FAQs
Toolbox for accessing ASAM ODS servers using the HTTP API
We found that odsbox demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.