Dear blog readers,
Did you already pull my public and free STIX STIX2 TAXII threat intelligence feed using your and your organization's Lifetime API Key?
In this post I've decided to elaborate more and offer practical advice and links in terms of how you can pull and integrate my daily updated STIX STIX2 TAXII threat intelligence feed in your firewall or security solution and how you can actually use your Lifetime API Key for my feed in Maltego for possible enrichment of your IoCs (Indicators of Compromise).
Here's your Lifetime API Key for you and your organization - f8aa0cca-a0ac-4eff-9c03-1c86ad7aee93
Portal: https://ddanchev.ngrok.io
API Documentation: https://luatix.notion.site/GraphQL-API-cfe267386c66492eb73924ef059d6d59
TAXII Collection: https://ddanchev.ngrok.io/taxii2/root/collections/c2259b20-9c60-4ddd-8931-8de970440f06/objects
Bearer Token Authentication Required: https://github.com/OpenCTI-Platform/opencti/issues/1198
Maltego transforms available: - https://www.maltego.com/downloads/ - https://www.maltego.com/transform-hub/opencti/ - https://www.maltego.com/transform-hub/stix/
As always feel free to drop me a line at dancho.danchev@hush.com in case you have any questions.
- Full list of solutions compatible with STIX STIX2 and TAXII
- EventLog Analyzer
- ThreatConnect
- Azure Sentinel
- Splunk
- Cisco
- Elemendar
- Cortex XSOAR
- TrendMicro
- ArcSight
- Microsoft Sentinel
- EventTracker
- Plixer Scrutinizer
- Sumo Logic
- Kaspersky CyberTrace
- ServiceNow
- CheckPoint ThreatCloud
- Carbon Black EDR
- Cisco Email Gateway
- ThreatConnect
- LogPoint
- Tanium
- Symantec
- LogRhythm
- Infoblox
- Cloudera
Sample screenshots of my STIX STIX2 TAXII Threat Intelligence feed in combination with Maltego:
Enjoy!
No comments:
Post a Comment