List of passive DNS IP addresses pointing to the given domain, as analyzed by AlienVault Labs Number of URL(s) found in the given domain List of IP addresses of the URL(s) in the given domain Host names found in URL(s) analyzed by AlienVault Labs for the given domain SHA256 hashes of malware files connecting to the given domain, as analyzed by AlienVault Labs Number of malware samples connecting to the given domain, as analyzed by AlienVault Labs
#Alienvault threat exchange code
Two-letter code assigned to the country in which the given domain's hosting server is deployed
Postal code assigned to the location at which the given domain's hosting server is deployed Geographic ASN code of the given domain's hosting serverĪrea code assigned to the location in which the given domain's hosting server is deployed Longitude of the location at which the given domain's hosting server is deployedĬontinent code assigned to the location at which the given domain's hosting server is deployedĬountry in which the given domain's hosting server is deployed Latitude of the location at which the given domain's hosting server is deployed Region of the given domain's hosting server List of authors of OTX pulses included in the report returnedĬity of the given domain's hosting server Traffic Light Protocol (TLP) color code category of OTX pulses that reference the given domainClick here to know more about TLP color codes List of tags found in OTX pulses that reference the given domain List of titles given to pulses that reference the given domain
Number of OTX pulses that reference the given domain List of URL(s) and website links that were referenced by individual OTX pulses, for the given domain The output of the lookup call has the following structure (for the available data): Field >_lookup alienvaultotx get_domain_report $DomainĬlick here to view the output of the above example. _fetch $Domain from testingintegrations limit 1 Data returned includes the pulse, geo, URL, passive DNS, and WHOIS analysis results. This function returns a complete report of all threat indicators for a given domain, including data from all the sub-reports. This event store does not exist in DNIF by default. In all the functions explained below, the examples use an event store named testingintegrations. This section explains the details of the functions that can be used with the AlientVault lookup plugin. Outbound access required to resolve AlienVault OTX API Protocol PRE-REQUISITES to use AlienVault OTX and DNIF OTX data can be used to enhance threat detection capabilities of security monitoring systems such as DNIF. OTX provides information on the reliability of threat information, reporter of the threat, and other details of threat investigations. OTX allows anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques. OTX provides access to a global community of threat researchers and security professionals, with more than 50,000 participants in 140 countries, who contribute over four million threat indicators daily. AlienVault Open Threat Exchange (OTX) is the world's most authoritative open threat information sharing and analysis network.
0 kommentar(er)
