kibana
AlienVault OTX connector
Serverless Stack
The AlienVault OTX (Open Threat Exchange) connector communicates with the AlienVault OTX API to retrieve community-driven threat intelligence.
You can create connectors in Stack Management > Connectors. For example:
AlienVault OTX connectors have the following configuration properties:
- API Key
- The AlienVault OTX API key for authentication.
You can test connectors as you're creating or editing the connector in Kibana.
The AlienVault OTX connector has the following actions:
- Get Indicator
-
Retrieve information about a specific indicator (IP, domain, hash, URL).
- Indicator Type (required): Type of indicator (IPv4, IPv6, domain, hostname, url, FileHash-MD5, FileHash-SHA1, FileHash-SHA256).
- Indicator (required): The indicator value to look up.
- Section (optional): Specific section to retrieve.
- Search Pulses
-
Search for threat pulses (threat intelligence reports).
- Query (optional): Search query string.
- Page (optional): Page number (default 1).
- Limit (optional): Results per page (1-100, default 20).
- Get Pulse
-
Retrieve detailed information about a specific pulse by ID.
- Pulse ID (required): The pulse identifier.
- Get Related Pulses
-
Find pulses related to a specific indicator.
- Indicator Type (required): Type of indicator (IPv4, IPv6, domain, hostname, url, FileHash-MD5, FileHash-SHA1, FileHash-SHA256).
- Indicator (required): The indicator value.
Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.
To use the AlienVault OTX connector, you need an API key:
- Go to AlienVault OTX.
- Sign up for an account or log in.
- Navigate to your account settings.
- Find your OTX API Key in the API Integration section.
- Copy the API key to configure the connector.