Integrating threat intelligence with Splunk is an important functionality. There are many different ways to accomplish this, but with Dataflect you can pull indicators of compromise directly via API and store in a Splunk lookup file. You can then use these indicators for proactive monitoring and alerting or in dashboards and reports. This demonstration will show you how to accomplish this by integrating with Alienvault OTX.
Sign up for an Alienvault OTX Account
Navigate to https://otx.alienvault.com/api and sign up in order to obtain an API Key. Once you have this API Key store it in a secure place, you will need this later.
Find at least one Pulse that interests you, and subscribe
Navigate to https://otx.alienvault.com/browse/global/pulses?include_inactive=0&sort=-modified&page=1&limit=10 while signed in to your previously created account, find at least one Pulse that you are interested in, and subscribe.
Add otx.alienvault.com to the list of Allowed Domains in Dataflect
Create a credential in Dataflect with your OTX API Key
Now you have the ability to search indicators added to the pulses you subscribe to
This information can be formatted as a lookup that you can then use in searches, alerts, reports, or dashboards
With Dataflect it's that easy. Contact us at sales@dataflect.com for a demo today!
Comments