top of page
Search

Integrate Splunk with Alienvault OTX Threat Intelligence Feed

Integrating threat intelligence with Splunk is an important functionality. There are many different ways to accomplish this, but with Dataflect you can pull indicators of compromise directly via API and store in a Splunk lookup file. You can then use these indicators for proactive monitoring and alerting or in dashboards and reports. This demonstration will show you how to accomplish this by integrating with Alienvault OTX.


Sign up for an Alienvault OTX Account

Navigate to https://otx.alienvault.com/api and sign up in order to obtain an API Key. Once you have this API Key store it in a secure place, you will need this later.


Find at least one Pulse that interests you, and subscribe

Navigate to https://otx.alienvault.com/browse/global/pulses?include_inactive=0&sort=-modified&page=1&limit=10 while signed in to your previously created account, find at least one Pulse that you are interested in, and subscribe.


Add otx.alienvault.com to the list of Allowed Domains in Dataflect


Create a credential in Dataflect with your OTX API Key

Now you have the ability to search indicators added to the pulses you subscribe to


This information can be formatted as a lookup that you can then use in searches, alerts, reports, or dashboards


With Dataflect it's that easy. Contact us at sales@dataflect.com for a demo today!

79 views

Recent Posts

See All

Comments


bottom of page