Alienvault OTX Pulse

Updated 1 month ago by TruSTAR

This document explains how to set up Alienware OTX Pulse premium intelligence source in the TruSTAR platform.

Alien Labs® Open Threat Exchange® (OTX™) is the world’s first and largest truly open threat intelligence community of more than 100,000 threat researchers and security professionals in 140 countries. The OTX delivers more than 19 million threat indicators daily. 

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Time to Install: 10 minutes

Observables Supported

Requirements

  • A subscription to Alienware OTX
  • Alienware OTX API Key
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side navigation bar.
  3. Click Premium Intel to view the feeds available.
  4. Click Subscribe on the Alienware OTX Pulse box.
  5. Enter your Alienvault API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the Alienvault OTX Enclave using this format.

Fiel

Explanation

Report Title

Name field of json response (e.g New Exploit Kit Novidade Found Targeting Home and SOHO Routers)

External ID

Encoded value of (id) field of json response

Example: XXXXX568e3307b26b191XXXX)

Report Body

Complete JSON response

Time Begun

Created field of response (example: 2019-12-07T09:23:11)

Tags

Tags field of response, if present

Deeplink

None

Client Type

PYTHON SDK

Client Meta Tag

trustash

Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.


How Did We Do?