About AlienVault OTX
AlienVault OTX is a community of open-access threat intelligence experts formally collaborating and sharing salient, timely, and accurate information about past, ongoing, and impending cyber-attacks on a common cloud-based platform.
SIRP integrates with AlienVault OTX to enrich the artifacts by getting the information from the AlienVault OTX platform. These actions can also be used in the playbooks to take remedial actions (e.g. blocking an IP that is tagged as Malicious by AlienVault)
Supported Actions
SIRP’s AlienVault integration app allows you to execute the following actions:
S.no | Action | Description |
1 | Get URL Information | Get URL’s reputation and details |
2 | Get IP Information | Get IP’s reputation and details |
3 | Get Domain Information | Get domain’s reputation and details |
4 | Get Hostname Information | Get hostname details |
5 | Get Hash Information | Get hash’s reputation and details |
6 | Get Pulses | Ingest pulses from AlienVault OTX |
Enable and Configure AlienVault OTX App
Getting Credentials
Follow these steps to get your OTX API key:
Either create a new account or log in using https://otx.alienvault.com
Click on the API integration tab and copy the API key for usage.
Configure SIRP Application
Log in to SIRP, then go to Apps from the left navigation bar.
Locate the AlienVault app.
Enable the AlienVault app by clicking on the toggle button.
A new window will pop-up asking for information such as API Key.
Paste the API key procured from AlienVault OTX and click Save.
AlienVault OTX In Action
Once the integration between SIRP and AlienVault is complete, you can execute all the supported actions. For example, click on a hash then select AlienVault > get_hash_otx_info
Once the action is successfully executed, the information on the hash will be available to the user.