analyzer: otx
query: ...
api_key: ...
Name | Type | Required? | Default | Desc. |
---|---|---|---|---|
query | String | Yes | Domain or IP address | |
api_key | String | No | ENV[”OTX_API_KEY”] | API key |
The analyzer uses OTX API v1 and /api/v1/indicators/
APII endpoints to search.
Passive DNS data (IP addresses / domains) matched with a query are treated as artifacts.
This rule outputs the following types of artifacts:
Mihari loads your OTX API key via environment variable OTX_API_KEY
by default.