OTX domain lookup requested but OTX is not enabled in configuration. Please enable it first

Basically, that’s it. I’m getting this error on graylog’s internal log and have no idea how to solve it - Google gives me the first entry as the ThreatIntel plugin github

https://github.com/graylog-labs/graylog-plugin-threatintel/blob/master/src/main/java/org/graylog/plugins/threatintel/providers/otx/OTXLookupProvider.java

and the rest are two Cisco results, an OpenDNS, and other unrelated stuff.

I remember installing the ThreatIntel plugin, because @ionstorm’s Syslog threat intel pipeline uses it, but this error didn’t used to appear… and I think it started right after applying the omnibus to 2.2.3-2, from 2.2.3-1 OVA.

You need to get an API key and add this to the configuration in the webinterface

2 Likes

Got it! =D Thanks @jan
https://otx.alienvault.com/api/

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.