AlienVault Open Threat Exchange (OTX)

introduction this guide explains how to authenticate the alienvault open threat exchange (otx) connector in swimlane using api key authentication you will create or retrieve your otx api key, collect the required connection details, and configure the connector in swimlane turbine prerequisites otx access requirements you must have access to an alienvault otx account with permissions to access the otx threat intelligence platform generate or retrieve an api key query indicators such as domains, ip addresses, urls, and file hashes required credentials during setup you will collect otx api base url otx api key authentication method overview the alienvault otx connector authenticates using api key authentication the api key is included in requests using the header x otx api key alienvault otx api setup take the following steps to obtain your otx api key navigate to https //otx alienvault com/ click sign up to create a new account, or log in to an existing account after logging in, open your user profile menu navigate to account settings locate the api key section in the account settings page copy the api key value store the api key securely for use in swimlane connector configuration in swimlane take the following steps to configure the alienvault otx connector asset in swimlane log in to turbine from the left hand navigation pane click orchestration and then assets the asset homepage opens click the plus icon to open the configure your connector asset window select alienvault open threat exchange from the asset type list fill in the asset settings and asset input as shown below click create configuration parameters true 220,220,221 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type troubleshooting if authentication fails ensure the api key is copied correctly from the otx account settings page verify the base url is correct and does not include trailing spaces confirm that the api key has not been regenerated or revoked check ssl verification settings if using internal proxies or inspection validate proxy configuration if outbound api traffic is routed through a proxy sources alienvault otx api documentation https //otx alienvault com/api/ alienvault open threat exchange platform https //otx alienvault com/ result you have successfully authenticated the alienvault open threat exchange connector in swimlane