Liberty91

AlienVault OTX module.

Last updated 14 Jun 20261 min read

The AlienVault OTX module is one of the quickest, free ways to start enriching the IOCs that come in from your other sources. OTX is free to use: create an account, generate an API key, and paste it into the module. Every time a new IOC is created, Liberty91 runs it through OTX to check for hits and surfaces the available data, including pulse counts, tags, and any linked threat actors or malware. You need a free AlienVault OTX account.

Before you start

You need a free AlienVault OTX account, which gives you the API key this module uses.

How to connect AlienVault OTX

  1. Log in to AlienVault OTX and create a free account if you do not already have one.
  2. Generate an API key in your OTX account settings.
  3. In Liberty91, go to Modules and open the AlienVault OTX module, then paste the API key into the field and validate it.
Liberty91 AlienVault OTX module screen showing the API key field and the validation control

What you get from OTX enrichment

For every new IOC, Liberty91 checks OTX for hits and pulls back pulse counts and tags. It also looks for mentions of threat actors or malware the IOC is connected to and adds that context as enrichment, so the indicators tied to your Events carry more meaning.

After you validate your key, the module also shows how many IOCs it has enriched in total, so you can confirm it is working and pulling its weight.

Was this page helpful?
← PreviousFullHunt moduleNext →MISP module