![]() ![]() CVE - a hover module to give more information about a vulnerability (CVE).DNS - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes.DomainTools - a hover and expansion module to get information from DomainTools whois.EUPI - a hover and expansion module to get information about an URL from the Phishing Initiative project.Farsight DNSDB Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information.GeoIP - a hover and expansion module to get GeoIP information from geolite/maxmind.IPASN - a hover and expansion to get the BGP ASN of an IP address.iprep - an expansion module to get IP reputation from.passivetotal - a passivetotal module that queries a number of different PassiveTotal datasets.rbl - a module to get RBL (Real-Time Blackhost List) values from an attribute.shodan - a minimal shodan expansion module.sourcecache - a module to cache a specific link from a MISP instance.ThreatCrowd - an expansion module for ThreatCrowd.threatminer - an expansion module to expand from ThreatMiner.virustotal - an expansion module to pull known resolutions and malware samples related with an IP/Domain from virusTotal (this modules require a VirusTotal private API key).wikidata - a wikidata expansion module.The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:Ĭreate new pulse which contains a collection of IOCs targeted at a particular area. Specifies whether the SSL certificate for the server is to be verified or not. In FortiSOAR™, on the Connectors page, select the AlienVault-OTX connector and click Configure to configure the following parameters:Īddress of the AlienVault-OTX server to which you will connect and perform the automated operations.ĪPI key configured for your account to access the AlienVault-OTX server. To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.įor the procedure to configure a connector, click here.You must have the URL of the AlienVault-OTX server to which you will connect and perform the automated operations and the API key to access that server.Prerequisites to configuring the connector Yum install cyops-connector-alienvault-otxįor the detailed procedure to install a connector, click here. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors: Add the AlienVault-OTX connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving details for an indicator, creating and retrieving details for a pulse, and running queries on the AlienVault-OTX server.Ĭompatibility with FortiSOAR™ Versions: 4.10.0 and laterĪll connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. This document provides information about the AlienVault-OTX connector, which facilitates automated interactions, with an AlienVault-OTX server using FortiSOAR™ playbooks. It contributes “pulses” and each pulse contains a collection of IOCs targeted at a particular area. It is an open source of Indicators of Compromise (IOCs) supported by the community. AlienVault Open Threat Exchange (OTX) is among our most useful threat intelligence tools. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |