Integration of AlientVault OTX with ManageEngine Log360

 

Integration of AlientVault OTX with ManageEngine Log360

AlienVault Open Threat Exchange (OTX) is a community-powered threat intelligence platform that provides actionable threat data to improve security measures. ManageEngine Log360 ingests these threat feeds to enhance its threat detection and investigation capabilities.

How the integration works

  • STIX/TAXII format: Log360 uses structured threat information expression (STIX) and trusted automated exchange of intelligence information (TAXII) to communicate with AlienVault OTX.
  • Scheduled sync: Once configured, Log360 periodically syncs with AlienVault OTX to fetch the latest threat intelligence data.
  • Threat data storage: The retrieved threat data is stored in Log360’s threat store.
  • Threat detection: During log processing, Log360 uses the threat data to identify and mitigate security threats more effectively.
  • Seamless integration: ManageEngine Log360 seamlessly integrates with AlienVault OTX through the standardized STIX/TAXII protocol. This enables the automatic ingestion of the latest threat intelligence feeds from OTX.
  • Synchronized updates: Log360 offers configurable scheduled synchronization options. This ensures that your threat intelligence remains uptodate by regularly fetching the latest information from OTX.
  • Centralized threat repository: Log360 maintains a comprehensive threat intelligence repository. This repository stores all ingested threat feeds, including those obtained from open-source providers like AlienVault OTX.
  • Automated correlation and enrichment: Upon ingestion, threat intelligence feeds are automatically correlated with your network data. This allows Log360 to identify and alert you to potential security threats associated with malicious sources. Additionally, these feeds provide more context for the analyzing alerts and events within Log360.
How the integration works

How to enable AlienVault OTX

To enable the AlienVault OTX integration in ManageEngine Log360:

  • Navigate to Settings > Admin Settings.
  • Go to Threatfeeds and click the Add New Server option.
  • In the pop-up window, choose AlienVault OTX from the Select Serversdrop-down menu.
  • Key in your AlienVault OTX API key and click Add Server to complete the configuration. To get an API Key from AlienVaultOTX, navigate to otx.alienvault.com and sign up for an account. From there, navigate to settings and copy the OTX API Key.
  • After successful configuration, Log360 polls STIX data from the AlienVault OTX server during each sync schedule. This data is stored in Log360's threat store for use in log processing.

Top benefits of this integration

Enhanced threat detection

By leveraging up-to-date threat intelligence from AlienVault OTX, Log360 can detect and mitigate potential security threats more effectively. This continuous stream of the latest threat data, including IoCs like malicious IP addresses and file hashes, enables quicker and more accurate threat recognition and response.

Automated threat intelligence integration

The integration ensures that the latest threat data is automatically incorporated into Log360's analysis processes without manual intervention. This automation streamlines workflows, reduces administrative burdens, and keeps Log360 current with evolving threats.

Comprehensive security

Combining Log360's log analysis capabilities with AlienVault OTX's threat intelligence provides a more comprehensive security solution, enabling the identification of sophisticated attack patterns and vulnerabilities.

Improved response time

Faster detection and identification of threats enables quicker response and remediation, reducing potential damage from security incidents. Real-time threat intelligence allows for rapid threat understanding, prioritization, and action, minimizing the impact of security incidents.

About AlienVault OTX

AlienVault OTX is a collaborative threat intelligence platform where users share and access real-time data on cyberthreats. It features Pulses, which are curated collections of IoCs, such as IP addresses, domains, and file hashes, associated with specific threats. OTX integrates with various security tools, including SIEMs like ManageEngine Log360, to enhance threat detection and response. It offers APIs for automated workflows and is free to use, fostering a global community of security professionals that are working together to improve collective cybersecurity.