• Support
  • Forums
  • Blogs

Graylog Pulling Random Pulses from OTX API

multipliermultipliermultipliermultiplier

New Life Form
I have a Graylog SIEM platform set up and am using the Alient Vault OTX API to compare IP addresses in my log file against known threats. I seem to be pulling all pulses from Alien Vault as I am getting a threat detected on 8.8.8.8 which the threat name: "RiskDiscovery Twitter feeds - 2017-12-24, My Case, Test de indicadores de Google, dont subscribe" The only user I have subscribed to with my account on Alien Vault OTX is Alient Vault themselves, so why are these test pulses coming through as well? Does Graylog just pull everything from the API and is there a way to just pull from Alien Vault's own pulse?

Cheers,

G
Kotresha

Share post:

Sign In or Register to comment.