Monitoring Splunk

Taxii API Feeds

aalhabbash1
Path Finder

Hi splunker;

I want to pull feeds from (https://otx.alienvault.com/taxii/discovery) url for Taxii feeds, and I have got the API key from (https://www.alienvault.com/blogs/security-essentials/otx-is-now-a-free-stix-taxii-server), and this kind of feeds splunk can't monitor url by use threat intelligent or rest API app, because the url which i want to monitoring don't work on browser, I think for pull this feeds must connect by connector (API).

Please how can pull these feeds to splunk?

Best Regards;
Abdullah Al-Habbash

Tags (2)
0 Karma

vikramyadav
Contributor

Hi @aalhabbash1
you can use curl to onboard the logs curl https://otx.alienvault.com:443/api/v1/pulses/subscribed?page=1 -H "X-OTX-API-KEY: "

In fact, you can use "Rest API Modular input app " to pull data into Splunk.

0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...