Guides

AlienVault OTX

Suggest Edits

📘

TL;DR

To integrate AlienVault OTX API with Query:

  • Create you AlienVault OTX API key in your AlienVault OTX account.
  • Add a AlienVault OTX connection source in Query with the required connection parameters.
  • Test the integration with Test connection link.
  • Perform searches for indicators of compromise such as external IP addresses, URLs, File hashes, and domain names.

Overview

AlienVault Open Threat Exchange (OTX) is a global community-based platform where participants can share and collaborate on threat data and indicators of compromise (IOCs). It's widely used for threat intelligence, allowing users to anonymously contribute and benefit from real-time information about emerging threats and attack methodologies. By integrating with Query, you can:

  • Get threat intelligence on indicators of compromise such as IP addresses, URLs, domains and file hashes.

Prerequisites

Make sure you have the following connection parameters to add AlienVault OTX as a connection source in Query.

  • API Key

AlienVault OTX Setup

AlienVault OTX API Key

  • Create or login to https://otx.alienvault.com.

  • Next click API integration at the top of the page.

  • Next copy the OTX API Key and save it to a secure location

Adding AlienVault OTX as a Connection Source in Query

  1. Go to the Connections page and click Add Connections. Select AlienVault OTX from the Threat Intelligence and Enrichment Category.

  2. In the General tab, add the following details.

    • Name - Give a custom name to your AlienVault OTX connection.
    • AlienVault OTX API Key - Enter your API key.

Querying from AlienVault OTX

Support for the following entities from AlienVault OTX API is available today.

  • Hostname (NOTE: This entity currently maps to Domain Names for searching from AlienVault OTX)
  • Domain Name (e.g., amazon.com)
  • IP Address (Public IPv4, e.g. 205.251.242.103)
  • File Hash (e.g, c0202cf6aeab8437c638533d14563d35)
  • URLs (e.g, http : // 171.249.38.135:33677/.i)

Test your connection with search

  • Click the magnifying glass icon on the left pane.

  • In the search box at the top, type File Hash equals c0202cf6aeab8437c638533d14563d35

  • Note the above example has only one connection for AlienVault OTX

  • Results:

If you are receiving results, your first connection is complete!

Resources

Updated 11 months ago