OTX | Notion

Official website

analyzer: otx
query: ... 
api_key: ...

Name	Type	Required?	Default	Desc.
query	String	Yes		Domain or IP address
api_key	String	No	ENV[”OTX_API_KEY”]	API key

The analyzer uses OTX API v1 and /api/v1/indicators/ APII endpoints to search.

Passive DNS data (IP addresses / domains) matched with a query are treated as artifacts.

This rule outputs the following types of artifacts:

Mihari loads your OTX API key via environment variable OTX_API_KEY by default.