Document toolboxDocument toolbox

threatintel.alienvault_otx

Introduction

The tags beginning with threatintel.alienvault_otx identify events generated by AlienVault OTX (Open Threat eXchange) belonging to AlienVault.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as threatintel.alienvault_otx. The third level identifies the type of events sent and the fourth indicates the event subtypes.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

AlienVault OTX (Open Threat eXchange)

threatintel.alienvault_otx.pulses.indicators

threatintel.alienvault_otx.pulses.indicators

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

threatintel.alienvault_otx.pulses.indicators

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

int8

 

indicator

str

 

type

str

 

created

timestamp

 

content

str

 

title

str

 

description

str

 

expiration

timestamp

 

is_active

int4

 

role

str

 

pulse_id

str

 

pulse_name

str

 

pulse_description

str

 

pulse_author_name

str

 

pulse_modified

timestamp

 

pulse_created

timestamp

 

pulse_revision

int4

 

pulse_tlp

str

 

pulse_public

int4

 

pulse_adversary

str

 

pulse_tags

str

 

pulse_targeted_countries

str

 

pulse_malware_families

str

 

pulse_attack_ids

str

 

pulse_references

str

 

pulse_industries

str

 

pulse_extract_source

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

How is the data sent to Devo?

To send logs to these tables, Devo provides a collector that you can download and use to send the required events to your Devo domain. You can learn how to use it in the article about AlienVault OTX Pulse collector.