necrose99
commented
6 years ago Open necrose99 opened 6 years ago
necrose99
commented
6 years ago necrose99
commented
5 years ago Getting set up To consume the OTX STIX/TAXII feed you'l need to enter the following details into your TAXII client:
Discovery URL [url=https://otx.alienvault.com/taxii/discovery]https://otx.alienvault.com/taxii/discovery[/url]
Username:(Your API key)
Password: (Blank)
since open can add as a feed without much of their old Go-lang tools
howeer could be quite useful...
https://github.com/iamgoangle/go-elk-stack
https://github.com/treasure-data/td-client-go often for Greylog TD "massages logs"... into a hertogeious format.. ie Cisco , your syslog/s bsd logs On-Crazy-LSD-syslogs >>> = into sane prasable logs.. in a way one could push pull from other items..
https://github.com/Graylog2/go-gelf push logs to greylog2/3 option.
STIX/TAXII Alienvault https://github.com/AlienVault-OTX/OTX-Go-SDK https://github.com/jheise/go-otx
pull your system is exposed ie from shodan.io https://github.com/ns3777k/go-shodan https://www.shodan.io
DNSDUMPSTER dive etc.. https://github.com/caffix/amass https://github.com/subfinder/subfinder finds pastebin leeks also..
https://snyk.io/docs/snyk-for-golang vuln connector. & you can add to Scan the repo on Github/Gitlab for vulns also.
point being most SIEM's use ELK backends. and or syslog..