Anomali ThreatStream

introduction this guide explains how to authenticate the anomali threatstream connector in swimlane using api key authentication you will generate an api key in anomali threatstream, collect the required authentication details, and configure the connector in swimlane prerequisites anomali threatstream access requirements you must have permissions to access the anomali threatstream platform generate and manage api credentials access threatstream intelligence apis retrieve observables and threat intelligence data required credentials during setup, you will collect api url api key api user authentication method overview the anomali threatstream connector supports api key authentication anomali threatstream setup take the following steps to generate an api key log in to your anomali threatstream instance navigate to settings or user profile locate the api access or api credentials section generate a new api key if one does not already exist copy and securely store api key api user take the following steps to identify the api url the api url is typically your threatstream tenant url example https //\<your instance> anomali com example api endpoint https //\<your instance> anomali com/api/v2/intelligence connector configuration in swimlane log in to turbine from the left hand navigation pane, click orchestration and click assets asset homepage opens click the plus icon to open the configure your connector asset window select anomali threatstream from the asset type list fill in the asset settings and asset input as shown configuration – api key authentication field description required url anomali threatstream api url yes x apikey api key generated in threatstream yes api user api username associated with the api key yes verify ssl enable or disable ssl verification no http proxy proxy configuration no troubleshooting authentication issues may occur due to invalid api key incorrect api user incorrect threatstream url expired or revoked credentials ssl verification failures fix regenerate the api key verify the api user associated with the key confirm the correct tenant url ensure api access is enabled for the account disable ssl verification temporarily for testing if required result you have successfully authenticated the anomali threatstream connector in swimlane sources anomali threatstream api documentation https //docs anomali com/platform/docs/rest api https //docs anomali com/platform/docs/rest api anomali threatstream main documentation https //docs anomali com/ https //docs anomali com/