Feb 13 2023 01:35 AM - edited Feb 13 2023 01:40 AM
I am trying to add the Threat intelligence - TAXII connector in Sentinel. Upon entering the asked details such as mentioned below:
Friendly Name: TAXIIFeeds
API: https://limo.anomali.com/api/v1/taxii2/feeds/
Collection ID: 107 (tried by entering 135, 136 as well)
Username: guest
Password: guest
Selected Import Indicator as All Available(tried other options as well) and Polling Frequency as Once a day (tried other options as well).
Post entering the above mentioned details, when I click Add, I am getting error as "TAXII connector already exists with the same API root URL and Collection ID or inputs are not valid."
It seems the API https://limo.anomali.com/api/v1/taxii2/feeds/ is no more valid. When I try to open, it throws an error as "This site can’t be reached". Also, this URL (https://www.anomali.com/resources/limo) it says the API URL is changed.
Not sure where the issue is. Can someone help on this please.
Best regards.
Feb 13 2023 03:05 AM
Hello @mujju016,
It seems that Limo has reached the end of the road.
Limo - Free Intel Feed by Anomali - Learn More
Are you trying to use the free version of Limo?
Feb 13 2023 03:13 AM
Feb 13 2023 03:53 AM
Feb 13 2023 04:56 AM
Feb 13 2023 09:28 AM
Feb 13 2023 10:14 AM - edited Feb 13 2023 10:17 AM
There are also 2 options to ingest TI from Alien Vault:
1. Using Logic App:
Ingesting Alien Vault OTX Threat Indicators into Azure Sentinel - Microsoft Community Hub
Azure-Sentinel/Playbooks/Get-AlienVault_OTX at master · Azure/Azure-Sentinel · GitHub
2. Using TAXII:
You need to create an account on Alien Vault, generate an API key, and then connect Alien Vault TAXI.