This document applies to Classic/Legacy Integrations. You may continue to use these integration configurations. While no active development is happening for these integrations, we continue to provide Classic/Legacy Integrations in the product. You do not have to move to MSI Integrations. If your support engineer or TSC recommends or you choose to move to MSI Integrations, you can take advantage of the latest features and functionality. For more information, see the MSI Integration documentation in the Integrations Overview.
API Calls
The following API calls are used by the Validation Platform to bring in the Threat Actor information. Since Anomali allows you to mark Threat Actors as important, this information is also conveyed to the Threat Actor profiles in the platform.
| Purpose | Call |
|---|---|
| Retrieve the Threat Actor list | /api/b1/actors |
| Retrieve Threat Actor details | /api/v1/actor/<threat actor ID> |
Prerequisites
Information to gather before you start:
- Identify the host, port, and protocol.
- Identify the username and authentication token. Any account that has API access can be used.
Configuration
To add the Anomali Threat Intelligence Integration
Go to Settings > Integrations.
- In the Threat Intelligence Platform Integrations table, click Add Integration > Anomali.
Enter the Host.
- Enter the Port.
- Select the Protocol.
- Enter the Username.
- Enter the Auth token.
- Enter the Sync Interval in hours (default: 24 hours).
(Optional) Assign a Name.
- Click Submit. The integration automatically starts to sync after it is added.
Set up Proxy Assignment
If all outbound connections go through a proxy, you may want to set up a proxy definition and assignment for your integration. For information on setting up your proxy rules, see Proxy Rules.