AlienVault OTX
TL;DR
To integrate AlienVault OTX API with Query:
- Create you AlienVault OTX API key in your AlienVault OTX account.
- Add a AlienVault OTX connection source in Query with the required connection parameters.
- Test the integration with Test connection link.
- Perform searches for indicators of compromise such as external IP addresses, URLs, File hashes, and domain names.
Overview
AlienVault Open Threat Exchange (OTX) is a global community-based platform where participants can share and collaborate on threat data and indicators of compromise (IOCs). It's widely used for threat intelligence, allowing users to anonymously contribute and benefit from real-time information about emerging threats and attack methodologies. By integrating with Query, you can:
- Get threat intelligence on indicators of compromise such as IP addresses, URLs, domains and file hashes.
Prerequisites
Make sure you have the following connection parameters to add AlienVault OTX as a connection source in Query.
- API Key
AlienVault OTX Setup
AlienVault OTX API Key
-
Create or login to https://otx.alienvault.com.
-
Next click API integration at the top of the page.
-
Next copy the OTX API Key and save it to a secure location
Adding AlienVault OTX as a Connection Source in Query
-
Go to the Connections page and click Add Connections. Select AlienVault OTX from the Threat Intelligence and Enrichment Category.
-
In the General tab, add the following details.
- Name - Give a custom name to your AlienVault OTX connection.
- AlienVault OTX API Key - Enter your API key.
Querying from AlienVault OTX
Support for the following entities from AlienVault OTX API is available today.
- Hostname (NOTE: This entity currently maps to Domain Names for searching from AlienVault OTX)
- Domain Name (e.g.,
amazon.com
) - IP Address (Public IPv4, e.g.
205.251.242.103
) - File Hash (e.g, c0202cf6aeab8437c638533d14563d35)
- URLs (e.g, http : // 171.249.38.135:33677/.i)
Test your connection with search
-
Click the magnifying glass icon on the left pane.
-
In the search box at the top, type File Hash equals c0202cf6aeab8437c638533d14563d35
-
Note the above example has only one connection for AlienVault OTX
-
Results:
If you are receiving results, your first connection is complete!
Resources
Updated about 1 year ago