Ask the Community
Groups
Setup Alienvault OTX Threat Intel API Key - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="this-article-explains-how-to-set-up-and-use-the-alienvault-otx-threat-intelligence-feed-with-the-rocketcyber-soc-platform">This article explains how to set up and use the Alienvault OTX threat intelligence feed with the RocketCyber SOC platform.</h2> <p>Alienvault's Open Threat Exchange® (OTX™) is one of the world’s largest open threat intelligence communities, with 1,000's of threat researchers and security professionals across the globe. This threat intelligence feed contains more than 19 million threat indicators and is consumed with your RocketCyber SOC subscription, then put into action across your endpoints under management, delivering an extra layer to your security stack's continuous monitoring strategy.</p> <h3 data-id="getting-started">Getting Started</h3> <ol><li>Register for a free Alienvault API Key at <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fotx.alienvault.com%2F" rel="noopener nofollow">https://otx.alienvault.com</a> </li> <li>Navigate to <strong>API Integration</strong> and copy <strong>Your OTX Key</strong><br><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/R2XXO5U4DPRZ/alienvault-api-1.png" alt="alienvault-api-1.png" class="embedImage-img importedEmbed-img"></img></li> <li>In your RocketCyber console, now navigate to Integrations / Threat Intel (Make sure you are logged in context at the root MSP level for this threat feed to be applied across your fleet of customers.)<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/KFGD3IUQ8ILV/rocketcyber-integrations-threat-intel.png" alt="rocketcyber-integrations-threat-intel.png" class="embedImage-img importedEmbed-img"></img></li> <li> <strong>Paste</strong> the <strong>OTX API Key</strong> and <strong>Click Update - </strong>Success! Your RocketCyber SOC Platform now has a threat intelligence API integration with Alienvault.</li> <li>Now, <strong>Navigate</strong> to Threat Hunting /<strong>click</strong> Manage Threat Intel Feeds and <strong>click New Hunt Feed</strong><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/TICA92Z1IUVR/new-hunt-feed.png" alt="new-hunt-feed.png" class="embedImage-img importedEmbed-img"></img></li> <li>Click <strong>Create Feed</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/BPVQXFLXTV9P/create-threathunt-feed.png" alt="create-threathunt-feed.png" class="embedImage-img importedEmbed-img"></img></li> <li>Congratulations!! You have no configured one of the largest threat intelligence feeds, consuming real-time threat indicators where the RocketCyber converts these into real-time hunts and returns a verdict.</li> </ol><div data-hs-callout-type="tip"> <p>Your default Alienvault API subscribes to "Pulses" authored by the security team at Alienvault/AT&T Cybersecurity. When you subscribe to new "Pulses", these threats will be added to your integrated feed and apply further threat detection across your fleet of endpoints under management with RocketCyber's SOC.</p> </div> <div data-hs-callout-type="caution"> <p>To maintain a reliable threat intel feed, refrain from subscribing to unknown sources publishing threat indicators that have not been vetted. When in doubt, stick with the default feed and/or speak with your RocketCyber SOC Analyst.</p> </div> </article> </main>