Open Threat Exchange®

Connecting to the OTX API Using DirectConnect Agents

If you have an USM Appliance/AlienVault OSSIM installation, you can get the benefits of the DirectConnect API immediately simply by entering your OTX API key on the Open Threat Exchange Configuration page in the USM Appliance web UI. In addition to DirectConnect support for USM Appliance and AlienVault OSSIM, AlienVault currently also provides DirectConnect Agents for the following platforms:

  • Bro-IDS
  • Suricata

To connect to the OTX API using a DirectConnect Agent

1. From the OTX UI Home page, select the API menu option.

Domain IOC summary display

2. Click the box corresponding to the DirectConnect agent you want to use.

If you clicked the label for USM Appliance, the following popup appears:

If you clicked the label for AlienVault OSSIM, a similar popup appears specific to AlienVault OSSIM. For the third-party products, you are directed to the GitHub page for your connector selection.

3. Copy your OTX key, located in the upper right corner of the DirectConnect API page, and follow the instructions provided to register your OTX key with your USM Appliance installation.