Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Taxii API Feeds

aalhabbash1
Path Finder
‎05-20-2019 05:02 AM

Hi splunker;

I want to pull feeds from (https://otx.alienvault.com/taxii/discovery) url for Taxii feeds, and I have got the API key from (https://www.alienvault.com/blogs/security-essentials/otx-is-now-a-free-stix-taxii-server), and this kind of feeds splunk can't monitor url by use threat intelligent or rest API app, because the url which i want to monitoring don't work on browser, I think for pull this feeds must connect by connector (API).

Please how can pull these feeds to splunk?

Best Regards;
Abdullah Al-Habbash

Tags (2)
0 Karma
Reply

vikramyadav
Contributor
‎05-20-2019 09:15 AM

Hi @aalhabbash1
you can use curl to onboard the logs curl https://otx.alienvault.com:443/api/v1/pulses/subscribed?page=1 -H "X-OTX-API-KEY: "

In fact, you can use "Rest API Modular input app " to pull data into Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...