1. Help Center
  2. Threat Intelligence

Setup Alienvault OTX Threat Intel API Key

This article explains how to setup and use the Alienvault OTX threat intelligence feed with the RocketCyber SOC platform.

Alienvault's Open Threat Exchange® (OTX™) is one of the world’s largest open threat intelligence communities, with 1,000's of threat researchers and security professionals across the globe. This threat intelligence feed contains more than 19 million threat indicators and is consumed with your RocketCyber SOC subscription, then put into action across your endpoints under management, delivering an extra layer to your security stack's continuous monitoring strategy.

Getting Started

  1. Register for a free Alienvault API Key at https://otx.alienvault.com
  2. Navigate to API Integration and copy Your OTX Key

    alienvault-api-1
  3. In your RocketCyber console, now navigate to Integrations / Threat Intel (Make sure you are logged in context at the root MSP level for this threat feed to be applied across your fleet of customers.)
    rocketcyber-integrations-threat-intel
  4. Paste the OTX API Key and Click Update - Success! Your RocketCyber SOC Platform now has a threat intelligence API integration with Alienvault.
  5. Now, Navigate to Threat Hunting /click Manage Threat Intel Feeds and click New Hunt Feed
    new-hunt-feed
  6. Click Create Feed.
    create-threathunt-feed
  7. Congratulations!! You have no configured one of the largest threat intelligence feeds, consuming real time threat indicators where the RocketCyber converts these into real-time hunts and returns a verdict.

Your default Alienvault API subscribes to "Pulses" authored by the security team at Alienvault/AT&T Cybersecurity. When you subscribe to new "Pulses", these threats will be added to your integrated feed and apply further threat detection across your fleet of endpoints under management with RocketCyber's SOC.

To maintain a reliable threat intel feed, refrain from subscribing to unknown sources publishing threat indicators that have not been vetted. When in doubt, stick with the default feed and/or speak with your RocketCyber SOC Analyst.