About the connector
AlienVault Open Threat Exchange (OTX) is among our most useful threat intelligence tools. It is a repository of Indicators of Compromise (IOCs) supported by the community. It contributes pulses and each pulse contains a collection of IOCs targeted at a particular area.
This document provides information about the AlienVault-OTX connector, which facilitates automated interactions, with an AlienVault-OTX server using FortiSOAR™ playbooks. Add the AlienVault-OTX connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving details for an indicator, creating and retrieving details for a pulse, and running queries on the AlienVault-OTX server.
Version information
Connector Version: 1.0.2
FortiSOAR™ Version Tested on: 7.2.2-1098 and later
Authored By: Fortinet
Certified: Yes
Release Notes for version 1.0.2
Following enhancements have been made to the AlienVault-OTX Connector in version 1.0.2:
- The new version now correctly determines the type of file hash for the Get File Reputation action.
Installing the connector
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-alienvault-otx
Prerequisites to configuring the connector
- You must have the URL of the AlienVault-OTX server to which you will connect and perform the automated operations; you will also need the API key to access that server.
- The FortiSOAR™ server should have outbound connectivity to port 443 on the AlienVault-OTX server.
Configuring the connector
For the procedure to configure a connector, see Configuring a Connector.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the AlienVault-OTX connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server Address |
Address of the AlienVault-OTX server to which you will connect and perform the automated operations. |
| API Key |
API key configured for your account to access the AlienVault-OTX server. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 5.0.0 onwards:
| Function |
Description |
Annotation and Category |
| Create Pulse |
Create new pulse which contains a collection of IOCs targeted at a particular area. |
create_pulse
Investigation |
| Get IP Reputation |
Retrieves the reputation for a specified IP based on parameters such as, the IP address that you have specified. |
get_ip_reputation
Investigation |
| Get Domain Reputation |
Retrieves the reputation for a specified domain based on parameters such as, the domain name that you have specified. |
get_domain_reputation
Investigation |
| Get URL Reputation |
Retrieves the reputation for a specified URL based on the URL that you have specified. |
get_url_reputation
Investigation |
| Get File Reputation |
Retrieves the reputation for a specified file based on parameters such as, the filehash that you have specified. |
get_file_reputation
Investigation |
| Get Hostname Reputation |
Retrieves the reputation for a specified host based on parameters such as, the hostname that you have specified. |
get_hostname_reputation
Investigation |
| Get All Indicators |
Retrieves a list of all indicators based on various parameters such as indicator type and value that you have specified. |
get_indicators
Investigation |
| Get Pulse Indicators |
Retrieves a list of all indicators based on the pulse ID that you have specified. |
get_indicators
Investigation |
| Get Pulse Details |
Retrieves details about a pulse based on the pulse ID that you have specified. |
get_pulse
Investigation |
| Get Related Pulses |
Retrieves a list of pulses that share an indicator with the pulse that you have specified using the pulse ID. |
get_pulses
Investigation |
| Get Subscribed Pulses |
Retrieves a list of all subscribed pulses based on various parameters such as datetime that you have specified.. |
get_pulses
Investigation |
| Run Query |
Runs a query that you have specified and fetches data from your AlienVault-OTX instance, based on the input filters. |
run_query
Investigation |
| Search Pulses |
Searches for pulses that match the text that you have specified in the input parameters. |
search_pulse
Investigation |
| Subscribe to Pulse |
Subscribes to a particular pulse based on the pulse ID that you have specified. |
subscribe_pulse
Investigation |
| Unsubscribe from Pulse |
Unsubscribes from a particular pulse based on the pulse ID that you have specified. |
unsubscribe_pulse
Investigation |
| User Actions |
Allows you to perform actions, such as follow, subscribe, etc for a specified user on the AlienVault-OTX server based on the username that you have specified. |
|
operation: Create Pulse
Input parameters
| Parameter |
Description |
| Name |
Name of the pulse that you want to create. |
| Description |
(Optional) Brief description of the pulse that you want to create and the threat it addresses. |
| Indicators |
(Optional) List of indicators. Each indicator is stored as a dictionary having a key-value pair. Every object in the list must have at least the following three fields:
{"type": "", "indicator": "", "description": ""} |
| Tags |
(Optional) List of tags that categorize the pulse that you want to create. For example, malware, phishing, hacking, etc. |
| References |
(Optional) List of external references to associate with the pulse that you want to create. |
| Public |
Select this field to allow other users to see or subscribe to the pulse that you want to create.
By default, this option is set as True. |
Output
The JSON output contains all the details for the newly created pulse on the AlienVault-OTX server.
{
"subscribers_count": "",
"indicators": [
{
"access_type": "",
"content": "",
"access_groups": [],
"access_reason": "",
"is_active": "",
"title": "",
"type": "",
"description": "",
"expiration": "",
"indicator": "",
"role": ""
}
],
"name": "",
"group_ids": [],
"description": "",
"author_id": "",
"votes_count": "",
"subscribers": [],
"cloned_from": "",
"locked": "",
"references_count": "",
"validators_count": "",
"upvotes": [],
"downvotes": [],
"pulse_name": "",
"TLP": "",
"upvotes_count": "",
"validators": [],
"author_name": "",
"tags_count": "",
"active": "",
"followers_count": "",
"pulse_source": "",
"public": "",
"downvotes_count": "",
"comments_count": "",
"exported_by": [],
"extract_source": [],
"indicators_count": "",
"followers": [],
"references": [],
"export_count": "",
"industries": [],
"created": "",
"targeted_countries": [],
"revision": "",
"tags": [],
"modified": "",
"unsubscribed_users": [],
"adversary": "",
"id": ""
}
operation: Get IP Reputation
Input parameters
| Parameter |
Description |
| Type |
Type of IP for which you want to retrieve reputation from AlienVault-OTX. Choose between IPv4 or IPv6. |
| IP Address |
IP address for which you want to retrieve reputation from AlienVault-OTX. |
Output
The JSON output retrieves the reputation of the IP address you have specified from the AlienVault-OTX server.
{
"reputation": {
"reputation_val": "",
"country": "",
"city": "",
"reputation_rel_checked": "",
"reputation_rel": "",
"status": "",
"matched_wl": [],
"domains": [],
"_id": {
"$id": ""
},
"threat_score": "",
"last_seen": "",
"counts": {
"Malware Domain": "",
"Malware IP": ""
},
"address": "",
"server_type": "",
"activities": [
{
"data": {
"md5": "",
"file": "",
"url": "",
"domain": "",
"vt": {
"Signature": ""
}
},
"first_date": "",
"name": "",
"md5": "",
"visible": "",
"domain": "",
"vt": "",
"last_date": "",
"status": "",
"url": "",
"source": "",
"file": "",
"data_key": ""
}
],
"first_seen": "",
"lat": "",
"up": "",
"matched_bl": [],
"date_added": {
"sec": "",
"usec": ""
},
"as": "",
"allow_ping": "",
"state": "",
"lon": "",
"reputation_val_checked": ""
}
}
operation: Get Domain Reputation
Input parameters
| Parameter |
Description |
| Domain |
Name of the domain for which you want to retrieve reputation from AlienVault-OTX. |
| Section |
(Optional) Section of the indicator, domain in this case, whose details you want to retrieve from AlienVault-OTX.
Choose from the following sections: General, Geo, Malware, URL List, Passive DNS, or Whois. For more information on the sections option, see OTX DirectConnect API. |
Output
The JSON output retrieves the reputation of the domain name you have specified from the AlienVault-OTX server.
{
"malware": {
"count": "",
"previous": "",
"data": [
{
"datetime_int": "",
"_id": "",
"hash": ""
}
],
"size": "",
"next": ""
},
"general": {
"indicator": "",
"alexa": "",
"whois": "",
"type": "",
"pulse_info": {
"count": "",
"references": [],
"pulses": []
},
"base_indicator": {},
"validation": [
{
"source": "",
"message": "",
"name": ""
}
],
"sections": []
},
"geo": {
"flag_url": "",
"city_data": "",
"city": "",
"region": "",
"charset": "",
"area_code": "",
"continent_code": "",
"country_code3": "",
"latitude": "",
"postal_code": "",
"longitude": "",
"country_code": "",
"country_name": "",
"asn": "",
"dma_code": "",
"flag_title": ""
},
"url_list": {
"has_next": "",
"actual_size": "",
"url_list": [
{
"date": "",
"url": "",
"domain": "",
"hostname": "",
"encoded": ""
}
],
"page_num": "",
"limit": "",
"full_size": "",
"paged": ""
},
"passive_dns": {
"passive_dns": [
{
"last": "",
"indicator_link": "",
"hostname": "",
"address": "",
"flag_url": "",
"flag_title": "",
"asset_type": "",
"first": ""
}
],
"count": ""
},
"whois": {
"count": "",
"data": [
{
"value": "",
"name": "",
"key": ""
}
],
"related": [
{
"related_type": "",
"domain": "",
"related": ""
}
]
}
}
operation: Get URL Reputation
Input parameters
| Parameter |
Description |
| URL |
URL for which you want to retrieve reputation from AlienVault-OTX. |
Output
The JSON output retrieves the reputation of the URL you have specified from the AlienVault-OTX server.
{
"url_list": {
"flag_url": "",
"city_data": "",
"city": "",
"url_list": [
{
"url": "",
"httpcode": "",
"secs": "",
"params": {},
"result": {
"urlworker": {
"has_file_analysis": "",
"url": "",
"ip": "",
"filemagic": "",
"http_response": {
"CONTENT-LENGTH": "",
"ACCEPT-RANGES": "",
"VARY": "",
"SERVER": "",
"LAST-MODIFIED": "",
"CONNECTION": "",
"ETAG": "",
"DATE": "",
"CONTENT-TYPE": ""
},
"md5": ""
}
},
"date": "",
"deep_analysis": ""
}
],
"charset": "",
"area_code": "",
"continent_code": "",
"country_code3": "",
"latitude": "",
"postal_code": "",
"longitude": "",
"country_code": "",
"country_name": "",
"net_loc": "",
"region": "",
"dma_code": "",
"flag_title": ""
},
"general": {
"indicator": "",
"alexa": "",
"whois": "",
"sections": [],
"hostname": "",
"pulse_info": {
"count": "",
"references": [],
"pulses": []
},
"domain": "",
"base_indicator": {
"indicator": "",
"description": "",
"title": "",
"access_reason": "",
"access_type": "",
"content": "",
"type": "",
"id": ""
},
"type": "",
"type_title": ""
}
}
operation: Get File Reputation
Input parameters
| Parameter |
Description |
| Filehash |
Value of the filehash for which you want to retrieve reputation from AlienVault-OTX. Can be MD5 / SHA1 / SHA256 of the file. |
Output
The JSON output retrieves the reputation of the filehash you have specified from the AlienVault-OTX server.
{
"analysis": {
"malware": {},
"page_type": "",
"analysis": {
"info": {
"results": {
"sha1": "",
"file_class": "",
"file_type": "",
"filesize": "",
"ssdeep": "",
"sha256": "",
"md5": ""
}
},
"hash": "",
"plugins": {
"cuckoo": {
"result": {
"signatures": [
{
"new_data": [],
"confidence": "",
"families": [],
"severity": "",
"weight": "",
"name": "",
"alert": "",
"references": [],
"data": [],
"description": ""
}
],
"network": {
"udp": [],
"icmp": [],
"http": [],
"smtp": [],
"tcp": [],
"hosts": [],
"pcap_sha256": "",
"dns": [
{
"request": "",
"type": "",
"answers": [
{
"type": "",
"data": ""
}
]
}
],
"domains": [],
"sorted_pcap_sha256": "",
"irc": []
},
"suricata": {},
"hostname": "",
"dropped": [
{
"yara": [],
"sha1": "",
"name": "",
"sha512": "",
"type": "",
"clamav": "",
"guest_paths": [],
"crc32": "",
"path": "",
"ssdeep": "",
"sha256": "",
"data": "",
"md5": "",
"size": ""
},
{
"yara": [],
"sha1": "",
"name": "",
"sha512": "",
"clamav": "",
"guest_paths": [
""
],
"crc32": "",
"path": "",
"ssdeep": "",
"sha256": "",
"type": "",
"md5": "",
"size": ""
}
],
"behavior": {
"files": [],
"write_keys": [],
"keys": [],
"write_files": [],
"read_keys": [],
"delete_keys": [],
"read_files": [],
"mutexes": [],
"resolved_apis": [],
"delete_files": [],
"executed_commands": [],
"started_services": [],
"created_services": []
},
"sha256": "",
"virustotal": {
"scans": {},
"scan_id": "",
"sha1": "",
"resource": "",
"response_code": "",
"scan_date": "",
"results": [
{
"vendor": "",
"sig": ""
}
],
"verbose_msg": "",
"permalink": "",
"total": "",
"positives": "",
"sha256": "",
"md5": ""
}
}
},
"pe32info": {
"process_time": "",
"results": {
"pdbinfo": [],
"exports": [],
"richhash": "",
"imports": [
{
"address": "",
"name": "",
"dll": ""
}
],
"signed": "0",
"resource_strings": [],
"version_information": [
{
"name": "",
"value": ""
}
],
"pehash": "",
"certs": [],
"imphash": "",
"sections": [
{
"SizeOfRawData": "",
"entropy": "",
"Name": "",
"Misc_VirtualSize": "",
"VirtualAddress": ""
}
],
"packers": [
""
]
}
},
"adobemalwareclassifier": {
"process_time": "",
"results": {
"alerts": []
}
},
"exiftool": {
"process_time": "",
"results": {
"Linker_Version": "",
"Product_Version_Number": "",
"Product_Version": "",
"Language_Code": "",
"PE_Type": "",
"File_Version": "",
"Legal_Copyright": "",
"File_Subtype": "",
"Company_Name": "",
"Original_Filename": "",
"Object_File_Type": "",
"File_Version_Number": "",
"Code_Size": "",
"Product_Name": "",
"OS_Version": "",
"Entry_Point": "",
"File_Description": "",
"Machine_Type": "",
"Uninitialized_Data_Size": "",
"Character_Set": "",
"MIME_Type": "",
"Subsystem": "",
"Subsystem_Version": "",
"Image_Version": "",
"File_OS": "",
"File_Inode_Change_Date/Time": "",
"Internal_Name": "",
"Time_Stamp": "",
"Initialized_Data_Size": "",
"File_Flags": "",
"File_Flags_Mask": ""
}
},
"clamav": {
"process_time": "",
"results": {}
},
"yarad": {
"process_time": "",
"results": {
"detection": []
}
},
"disa_entrypoint": {
"process_time": "",
"results": {
"error_disa": "",
"instructions": []
}
},
"peanomal": {
"process_time": "",
"results": {
"detection": [
{
"name": "",
"value": ""
}
],
"anomalies": ""
}
},
"avg": {
"process_time": "",
"results": {}
}
},
"datetime_int": "",
"_id": "",
"metadata": {}
}
},
"general": {
"indicator": "",
"sections": [],
"pulse_info": {
"count": "",
"references": [],
"pulses": []
},
"base_indicator": {},
"validation": [],
"type": "",
"type_title": ""
}
}
operation: Get Hostname Reputation
Input parameters
| Parameter |
Description |
| Hostname |
Name of the host for which you want to retrieve reputation from AlienVault-OTX. |
| Section |
(Optional) Section of the indicator, the hostname in this case, whose details you want to retrieve from AlienVault-OTX.
Choose from the following sections: General, Geo, Malware, URL List, or Passive DNS. For more information on the sections option, see OTX DirectConnect API. |
Output
The JSON output retrieves the reputation of the hostname you have specified from the AlienVault-OTX server.
{
"geo": {
"flag_url": "",
"city_data": "",
"city": "",
"region": "",
"charset": "",
"area_code": "",
"continent_code": "",
"country_code3": "",
"latitude": "",
"postal_code": "",
"longitude": "",
"country_code": "",
"country_name": "",
"asn": "",
"dma_code": "",
"flag_title": ""
},
"malware": {
"count": "",
"previous": "",
"data": [
{
"datetime_int": "",
"_id": "",
"hash": ""
}
],
"size": "",
"next": ""
},
"general": {
"indicator": "",
"alexa": "",
"whois": "",
"type_title": "",
"base_indicator": {
"indicator": "",
"description": "",
"title": "",
"access_reason": "",
"access_type": "",
"content": "",
"type": "",
"id": ""
},
"pulse_info": {
"count": "",
"references": [],
"pulses": []
},
"domain": "",
"type": "",
"validation": [],
"sections": []
},
"url_list": {
"has_next": "",
"actual_size": "",
"url_list": [
{
"date": "",
"url": "",
"domain": "",
"hostname": "",
"encoded": ""
}
],
"page_num": "",
"limit": "",
"full_size": "",
"paged": ""
},
"passive_dns": {
"passive_dns": [
{
"last": "",
"indicator_link": "",
"hostname": "",
"address": "",
"flag_url": "",
"flag_title": "",
"asset_type": "",
"first": ""
}
],
"count": ""
}
}
operation: Get All Indicators
Input parameters
| Parameter |
Description |
| Indicator Type |
(Optional) Type of indicator whose details you want to retrieve from AlienVault-OTX.
Choose from the following indicator types: IPv4, IPv6, CIDR, Domain, Hostname, URL, URI, Email, CVE, FileHash-MD5, FileHash-SHA1, FileHash-SHA256, FileHash-IMPHASH, FileHash-PEHASH, FilePath, or Mutex. |
| Number Of Records |
(Optional) Number of records that the operation should include per page. |
| Page Number |
(Optional) Page number from which you want to retrieve records. |
| From |
(Optional) Datetime from which you want to retrieve indicators. The datetime must be in the ISO format (UTC). If you specify a datetime, then only the indicators that were created or modified from the specified datetime are retrieved.
Note: If you receive the error, 'Exceeded maximum number of retries', then, try to define a shorter date range using the From parameter. The date range spans from the date that you selected to the current date.
|
| Export in JSON |
Select this option to export the complete result in the JSON format and save the result in the Attachment module in FortiSOAR™.
By default, this option is set as True. |
Output
The JSON output retrieves a list of all the indicators you have specified, based on the input parameters, from the AlienVault-OTX server.
Output schema when export_json checkbox is selected.
{
"id": "",
"@id": "",
"file": {
"id": "",
"@id": "",
"file": [],
"size": "",
"@type": "",
"@context": "",
"filename": "",
"metadata": [],
"mimeType": "",
"thumbnail": "",
"uploadDate": ""
},
"name": "",
"type": "",
"@type": "",
"@context": "",
"createDate": "",
"createUser": {
"id": "",
"@id": "",
"name": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"@settings": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"modifyDate": "",
"modifyUser": {
"id": "",
"@id": "",
"name": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"@settings": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"recordTags": "",
"description": ""
}
Output schema when export_json checkbox is not selected.
{
"next": "",
"count": "",
"results": [
{
"id": "",
"type": "",
"title": "",
"content": "",
"indicator": "",
"description": ""
}
],
"previous": ""
}
operation: Get Pulse Indicators
Input parameters
| Parameter |
Description |
| Pulse ID |
ID of the pulse based on which you want to retrieve the list of all indicators from AlienVault-OTX. |
| Include Inactive |
(Optional) Check this box if you want to include inactive indicators as a part of the response. Default is set to unchecked (which means that the value is False). |
| Limit |
(Optional) Number of items to include in the response. Default limit is 1000. |
| Page Number |
(Optional) Page number from which you want to retrieve records. |
Output
The JSON output retrieves a list of all the indicators based on the pulse ID that you have specified.
{
"description": "",
"content": "",
"type": "",
"title": "",
"created": "",
"indicator": "",
"id": "",
"slug": "",
"pulse_key": ""
}
operation: Get Pulse Details
Input parameters
| Parameter |
Description |
| Pulse ID |
ID of pulse whose details you want to retrieve from AlienVault-OTX. |
Output
The JSON output retrieves the details of the pulse based on the pulse ID that you have specified.
{
"public": "",
"modified": "",
"name": "",
"author_name": "",
"created": "",
"tags": [],
"references": [],
"id": "",
"TLP": "",
"description": "",
"targeted_countries": [],
"revision": "",
"adversary": "",
"industries": [],
"indicators": [
{
"description": "",
"access_groups": [],
"created": "",
"expiration": "",
"id": "",
"indicator": "",
"content": "",
"role": "",
"access_type": "",
"observations": "",
"title": "",
"is_active": "",
"type": "",
"access_reason": ""
}
]
}
operation: Get Related Pulses
Input parameters
| Parameter |
Description |
| Pulse ID |
ID of pulse based on which you want to retrieve related pulses, i.e. pulses that share an indicator, from AlienVault-OTX. |
| Page Number |
(Optional) Page number from which you want to retrieve records. |
Output
The JSON output retrieves a list of pulses that share an indicator with the pulse that you have specified using its pulse ID.
{
"count": "",
"previous": "",
"next": "",
"results": [
{
"public": "",
"id": "",
"industries": [],
"name": "",
"adversary": "",
"TLP": "",
"description": "",
"created": "",
"indicators": [
{
"id": "",
"description": "",
"created": "",
"content": "",
"indicator": "",
"type": "",
"title": ""
}
],
"author_name": "",
"references": [],
"tags": [],
"revision": "",
"targeted_countries": [],
"modified": ""
}
]
}
operation: Get Subscribed Pulses
Input parameters
| Parameter |
Description |
| Number of records |
(Optional) Number of records that the operation should include per page. |
| Page Number |
(Optional) Page number from which you want to retrieve records. |
| From |
(Optional) Datetime from which you want to retrieve pulses. The datetime must be in the ISO format (UTC). If you specify the datetime then only those pulses that are created or modified later then the specified datetime are retrieved. |
Output
The JSON output retrieves a list of all the pulses you have subscribed to and which you have specified, based on the input parameters, from the AlienVault-OTX server.
{
"previous": "",
"count": "",
"next": "",
"results": [
{
"id": "",
"created": "",
"industries": [],
"targeted_countries": [],
"adversary": "",
"indicators": [
{
"id": "",
"type": "",
"created": "",
"description": "",
"content": "",
"title": "",
"indicator": ""
}
],
"public": "",
"author_name": "",
"tlp": "",
"references": [],
"modified": "",
"description": "",
"extract_source": [],
"revision": "",
"tags": [],
"name": ""
}
]
}
operation: Run Query
Input parameters
Output
The JSON output retrieves the data from your AlienVault-OTX instance, based on the input query you have specified.
The output varies depending on the URL provided as a parameter.
operation: Search Pulses
Input parameters
| Parameter |
Description |
| Text |
Pulses that you want to search for on AlienVault-OTX. |
| Number of Records |
(Optional) Number of records that the operation should include per page. |
| Page Number |
(Optional) Page number from which you want to retrieve records. |
Output
The JSON output retrieves a list of all the pulses that match the text that you have specified in the input parameters, from the AlienVault-OTX server.
{
"exact_match": "",
"next": "",
"results": [
{
"created": "",
"TLP": "",
"author_name": "",
"industries": [],
"revision": "",
"id": "",
"tags": [],
"indicators": [
{
"created": "",
"indicator": "",
"type": "",
"content": "",
"id": "",
"title": "",
"description": ""
}
],
"description": "",
"name": "",
"modified": "",
"references": [],
"public": "",
"adversary": "",
"targeted_countries": []
}
],
"count": "",
"previous": ""
}
operation: Subscribe to Pulse
Input parameters
| Parameter |
Description |
| Pulse ID |
ID of pulse to which you want to subscribe. |
Output
The JSON output returns a Success message if you could successfully subscribe to the pulse you have specified using the pulse ID or an Error message containing the reason for failure.
{
"status": "",
"subscriber_count": ""
}
operation: Unsubscribe from Pulse
Input parameters
| Parameter |
Description |
| Pulse ID |
ID of pulse from which you want to unsubscribe. |
Output
The JSON output returns a Success message if you could successfully unsubscribe from the pulse you have specified using the pulse ID or an Error message containing the reason for failure.
{
"status": "",
"subscriber_count": ""
}
operation: User Actions
Input parameters
| Parameter |
Description |
| Username |
Name of the user on whom you want to perform the selected action. |
| Action |
Action that you want to perform on the select user. Choose from the following actions: Subscribe, Unsubscribe, Follow, or Unfollow. |
Output
The JSON output returns a Success message if you could successfully perform the selected action on the selected user or an Error message containing the reason for failure.
{
"status": ""
}
Included playbooks
The Sample - AlienVault-OTX - 1.0.2 playbook collection comes bundled with the AlienVault-OTX connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AlienVault-OTX connector.
- Create Pulse
- Get All Indicators
- Get Domain Reputation
- Get File Reputation
- Get Hostname Reputation
- Get IP Reputation
- Get Pulse Details
- Get Pulse Indicators
- Get Related Pulses
- Get Subscribed Pulses
- Get URL Reputation
- Run Query
- Search Pulses
- Subscribe to Pulse
- Unsubscribe from Pulse
- User Actions
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
