connectors icon indicating copy to clipboard operation
connectors copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

[AlienVault] add an import option to ingest only pulses to which the user subscribed to

Open R3dHash opened this issue 2 years ago • 2 comments

Use case

Alienvault source is no reliable per say, some pulses of specific sources are. It would be relevant to let the choice to the user to ingest either everything from a specific date (curent state) or only pulses to which the user subscribed to.

Current Workaround

No identified workaround except not activating that connector.

Proposed Solution

add an option into the docker-compose to let the user choose whether only pulses to which the user subscribed to is more suited or not.

Additional Information

No addition information

If the feature request is approved, would you be willing to submit a PR?

YES

Yes / No (Help can be provided if you need assistance submitting a PR)

R3dHash avatar Jul 07 '22 20:07 R3dHash

Doesn't the alienvault connector already only pull subscribed pulses? its querying the {base_url}/pulses/subscribed endpoint.

rlynch-ironnet avatar Jul 12 '22 21:07 rlynch-ironnet

You might be right, at least it is not clear at the first glance what the connector does, so having an explicit option into the docker-compose could clarify things without having to study the source code of the connector.

R3dHash avatar Jul 24 '22 12:07 R3dHash

I confirm that the AlienVault connector only pull information your user/API key is subscribed to. Unsubscribe the default AlienVault user if needed on the AlienVault side.

SamuelHassine avatar Oct 02 '22 19:10 SamuelHassine