Monitoring Splunk

Taxii API Feeds

aalhabbash1
Path Finder

Hi splunker;

I want to pull feeds from (https://otx.alienvault.com/taxii/discovery) url for Taxii feeds, and I have got the API key from (https://www.alienvault.com/blogs/security-essentials/otx-is-now-a-free-stix-taxii-server), and this kind of feeds splunk can't monitor url by use threat intelligent or rest API app, because the url which i want to monitoring don't work on browser, I think for pull this feeds must connect by connector (API).

Please how can pull these feeds to splunk?

Best Regards;
Abdullah Al-Habbash

Tags (2)
0 Karma

vikramyadav
Contributor

Hi @aalhabbash1
you can use curl to onboard the logs curl https://otx.alienvault.com:443/api/v1/pulses/subscribed?page=1 -H "X-OTX-API-KEY: "

In fact, you can use "Rest API Modular input app " to pull data into Splunk.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...