You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello. I have been using SO for a few months at home and now I'm installing it in a Business.
During this time I have had many issues and I have learned many things but, one of the thinks I have not been able to know is how "AlienVault OTX integration" works with SO.
I have used it as Analyzer and it's great but, what about the pulses?
I have added it in Fleet Integrations and I have some pulses actives in AlienVault site and... what now? Is it suppoused I'm receiving more IOCs or something similar?
I have seen in Kibana that the system is receiving info from OTX. Looking inside one of the documents I see things like this: threat.indicator.url.full | http://94.131.108.78:7118/B/desktop/
Does it mean that my system is better protected now? If so, may I test it? I have put the urls referenced in threat.indicator.url.full of some documents in the browser, waitting for an alert, but they didn't appear.
I guess this is an obvious think for those experienced users but I'd like any help for this. I've been looking for information in SO Docs, google and youtube.. but I haven't found a full explanation.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello. I have been using SO for a few months at home and now I'm installing it in a Business.
During this time I have had many issues and I have learned many things but, one of the thinks I have not been able to know is how "AlienVault OTX integration" works with SO.
I have used it as Analyzer and it's great but, what about the pulses?
I have added it in Fleet Integrations and I have some pulses actives in AlienVault site and... what now? Is it suppoused I'm receiving more IOCs or something similar?
I have seen in Kibana that the system is receiving info from OTX. Looking inside one of the documents I see things like this:
threat.indicator.url.full | http://94.131.108.78:7118/B/desktop/Does it mean that my system is better protected now? If so, may I test it? I have put the urls referenced in threat.indicator.url.full of some documents in the browser, waitting for an alert, but they didn't appear.
I guess this is an obvious think for those experienced users but I'd like any help for this. I've been looking for information in SO Docs, google and youtube.. but I haven't found a full explanation.
I'll thank your time to help me
Best regards,
Carlos
Beta Was this translation helpful? Give feedback.
All reactions