About AlienVault OTX
AlienVault OTX is a community of open-access threat intelligence experts formally collaborating and sharing salient, timely, and accurate information about past, ongoing, and impending cyber-attacks on a common cloud-based platform.
SIRP integrates with AlienVault OTX to enrich the artifacts by getting the information from the AlienVault OTX platform. These actions can also be used in the playbooks to take remedial actions (e.g. blocking an IP that is tagged as Malicious by AlienVault)
SIRP’s AlienVault integration app allows you to execute the following actions:
Get URL Information
Get URL’s reputation and details
Get IP Information
Get IP’s reputation and details
Get Domain Information
Get domain’s reputation and details
Get Hostname Information
Get hostname details
Get Hash Information
Get hash’s reputation and details
Ingest pulses from AlienVault OTX
Enable and Configure AlienVault OTX App
Follow these steps to get your OTX API key:
Either create a new account or log in using https://otx.alienvault.com
Click on the API integration tab and copy the API key for usage.
Configure SIRP Application
Log in to SIRP, then go to Apps from the left navigation bar.
Locate the AlienVault app.
Enable the AlienVault app by clicking on the toggle button.
A new window will pop-up asking for information such as API Key.
Paste the API key procured from AlienVault OTX and click Save.
AlienVault OTX In Action
Once the integration between SIRP and AlienVault is complete, you can execute all the supported actions. For example, click on a hash then select AlienVault > get_hash_otx_info
Once the action is successfully executed, the information on the hash will be available to the user.