Alienvault OTX Missing - Threat Intel Plugin - Graylog 2.4.4

(Chris) #1

I was working to deploy the Alienvault OTX Threat Intel feed listed here:
However In my DEV and Prod 2.4.4 Graylog servers I do not see the AlienVault OTX feeds as available.
I read that the plugin can be downloaded from Github here:, but I’m not seeing pre-built JAR files. Do I need to build the JAR files from scratch or was the OTX removed from the plugin purposefully?

(Jochen) #2

How exactly have you installed Graylog 2.4.4 and where did you look for the AlienVault OTX feed?

The Threat Intel plugin has been included as a default plugin since Graylog 2.4.0.

(Chris) #3

I followed the setup procedures in the manual here:

Both are a clustered setup with separate Elasticsearch cluster and MongoDB cluster off-box.
My primary confusion is that when I configure the Threat Intelligence plugin I do not see the AlienVault OTX as an option to configure like the blog post. All I see is the Tor exit nodes, spamhaus and options.


Not sure if I’m missing something or if it’s something I haven’t enabled in the config.

(Jochen) #4

There is no configuration setting for AlienVault OTX in the Threat Intelligence plugin configuration (at System / Configurations).

There should be, however, two lookup tables named “Open Thread Exchange (OTX) - IP” and “Open Thread Exchange (OTX) - Domain” on the System / Lookup Tables page.

(Chris) #5

Ok, I see those. Thanks very much for pointing them out.
Looking around at those settings I don’t see an option to enter an AlienVault OTX API key. Does Graylog come with its own API keys built-in?

(Jochen) #6

You can configure your OTX API key in the configuration of the data adapters of the AlienVault OTX lookup tables (see System/Lookup Tables/Data Adapters).

(Chris) #7

Well thanks very much for this. I guess that should have been obvious but I missed it a solid six or so times.
Much appreciated!

(system) closed #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.