I have Graylog set up with the threat intelligence plug in setup to query the Alienvault OTX data with my Alienvault API key. I am subscribed only to the official Alienvault feed. I am getting tons of threat indicators from pulses I haven’t subscribed to. Mainly it looks like test pulses for 8.8.8.8 and 1.1.1.1. It looks like it’s querying all pulses and not just the one I’m subscribed to. Is there something I’m missing in my setup. I see that this question has been asked a few times but there is no resolution listed that I can find. Thanks.
Does anyone have an answer. Thanks.