Forum Discussion
Sentinel Taxii connector
Hi Everyone,
I was experimenting trying to connect Sentinel to Alienvault OTX via the Taxii connector to see if it's worth looking into some extra feeds. Nothing I try seems to work. Has anyone had luck with the TAXII connector with Alienvault or other platforms?
The only information I can find for this particular feed are instructions on doing this with a logic app, such as this post -- https://techcommunity.microsoft.com/t5/microsoft-sentinel/alienvault-otx-taxii-feed/m-p/1877695
The python cabby client has no issue grabbing data from this feed. Trying the below (with the correct username of course) results in an error
TAXII connector already exists with the same API root URL and Collection ID or inputs are not valid.
I know this threat is old, and I apologize in advance for bumping an old thread. However, I'm putting this here so perhaps someone else can find the answer in less time than it took me.
Everything in the above screenshot is valid, except the API Root URL. It should read:
https://otx.alienvault.com/taxii/rootBobbers The Alien Vault TAXII feed is 1.0 or 1.1. Sentinel only supports TAXII 2.0+
Another option is using a playbook to import the IOCs via API call.
