how to add feed (Limo & Staxx) and threat hunting

139 views

Skip to first unread message

Vijay Dig

unread,

Nov 4, 2020, 2:22:41 PM11/4/20

to Wazuh mailing list

Hello Team,

Is there any ways to feed open source threat Intel such as Limo & Staxx anomali feed in wazuh ?

https://www.anomali.com/resources/staxx

https://www.anomali.com/resources/limo

Looking for your feedback

Jesus Linares

unread,

Nov 10, 2020, 12:10:55 PM11/10/20

to Wazuh mailing list

Hi,

Currently, we don't have this integration. It looks really interesting. Could you open an issue in our repository describing the feature?

Meanwhile, it looks like the STAXX client is reading the STIX/TAXII feed. If the client has a log output, you can read that file with the Wazuh agent. Then, you just need to create decoders, rules, and dashboards.

Also, you can try to "deploy STAXX" using the Wazuh group configuration and running it with the command module.