Working with AlienVault OTX
This section describes how to configure FortiSIEM to work with AlienVault OTX malware domains, IPs, URLs, and hashes.
- Working with AlienVault OTX Malware Domains
- Working with AlienVault OTX Malware IPs
- Working with AlienVault OTX Malware URLs
- Working with AlienVault OTX Malware Hash
Working with AlienVault OTX Malware Domains
Enabling the AlienVault OTX Service
To start the AlienVault OTX service, follow these steps once you have defined the feeds:
- Go to Resources > Malware Domains> select the OTX service you defined.
- Click More > Update. In the Update AlienVault OTX Service dialog box, select Enable AlienVault OTX Service.
- (Optional) Schedule the starting of the service. See Specifying a schedule.
- Click Save.
Disabling the AlienVault OTX Service
To stop the AlienVault OTX service, follow these steps:
- Go to Resources > Malware Domains and select the AlienVault OTX Malware Domain folder.
- Click More > Update.
- Disable any schedule you have defined.
- Click Save.
Working with AlienVault OTX Malware IPs
For AlienVault OTX Malware IPs, go to Resources > Malware IPs, select the AlienVault OTX Malware IP folder, and repeat the same steps as for AlienVault OTX Malware Domains.
Use the following values to configure AlienVault OTX Malware IPs for FortiSIEM.
| Parameter | Value |
|---|---|
| URL | https://otx.alienvault.com/taxii |
| Username | user key |
| Password | leave it blank |
| Plugin Class | com.accelops.service.threatfeed.impl.OTXMalwareIPUpdateService |
| Data Format | Select STIX/TAXII Format |
| Collection | user_AlienVault |
| Data Update | Select Full |
Working with AlienVault OTX Malware URLs
For AlienVault OTX Malware URLs, go to Resources > Malware URLs, select the AlienVault OTX Malware URL folder, and repeat the same steps as for AlienVault OTX Malware Domains.
Use the following values to configure AlienVault OTX Malware URLs for FortiSIEM.
| Parameter | Value |
|---|---|
| URL | https://otx.alienvault.com/taxii |
| Username | user key |
| Password | leave it blank |
| Plugin Class | com.accelops.service.threatfeed.impl.OTXMalwareUrlUpdateService |
| Data Format | Select STIX/TAXII Format |
| Collection | user_AlienVault |
| Data Update | Select Full |
Working with AlienVault OTX Malware Hash
For AlienVault OTX Malware Hash, go to Resources > Malware Hash, select the AlienVault OTX Malware Hash folder, and repeat the same steps as for AlienVault OTX Malware Domains.
Use the following values to configure AlienVault OTX Malware Hash for FortiSIEM.
| Parameter | Value |
|---|---|
| URL | https://otx.alienvault.com/taxii |
| Username | user key |
| Password | leave it blank |
| Plugin Class | com.accelops.service.threatfeed.impl.OTXMalwareHashUpdateService |
| Data Format | Select STIX/TAXII Format |
| Collection | user_AlienVault |
| Data Update | Select Full |
Copyright © 2022 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
