Subscribed Pulses
Fetches subscribed threat-intelligence pulses from AlienVault OTX, including inline IOC indicators.
Sync Type: Incremental
Overview
The AlienVault OTX Subscribed Pulses input retrieves threat-intelligence pulses that your OTX account subscribes to, along with all embedded Indicators of Compromise (IOCs). Each pulse record includes metadata such as TLP classification, attributed adversary, targeted industries and countries, and the full list of indicators (IP addresses, domains, URLs, file hashes, CVEs, and more) inline — no additional API call per pulse is required. The connector syncs incrementally using the modified_since query parameter, advancing a watermark after every complete page run so that only newly modified pulses are fetched on subsequent runs.
Requirements
1. AlienVault OTX Account
You need a free or commercial AlienVault OTX account at https://otx.alienvault.com.
Important: The API key is not visible in your account settings until you have subscribed to at least one pulse. Subscribe to any public pulse before attempting to retrieve your key.
2. Obtain an API Key
- Log in to https://otx.alienvault.com.
- Click your username in the top-right corner and select Settings.
- In the left navigation, click API Integration.
- Copy the key shown under Your OTX Key.
The key is a plain string — no Bearer prefix or Base64 encoding is needed. Keep it secret; it grants access to all endpoints your account is entitled to.
Configuration
The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.
Settings
| Setting | Type | Required | Default | Description |
|---|---|---|---|---|
| Backfill Start Time | string | No | — | RFC 3339 UTC timestamp (e.g. 2024-01-01T00:00:00Z) that bounds the initial full fetch. When set, only pulses modified at or after this time are fetched on the first run. When left empty, all subscribed pulses are retrieved after the current date time. |
| Use Synthetic Data | boolean | No | false | When enabled, the connector generates demo data instead of calling the real OTX API. Useful for testing pipeline configuration without consuming API quota. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| API Key | string | Yes | OTX API key sent as the X-OTX-API-KEY request header. Found at https://otx.alienvault.com → Settings → API Integration. |
Rate Limits
AlienVault OTX allows 10,000 authenticated requests per hour per API key. The limit is per-hour, not per-second, so bursty pagination during a backfill is generally fine within that envelope. If the limit is exceeded the API returns HTTP 429 Too Many Requests. No Retry-After header is documented; the connector will surface the error and retry on the next scheduled run.
See AT&T Cybersecurity Success Center — API requests limit for further details.
Setup Walk-through
- Create or log into your OTX account at https://otx.alienvault.com.
- Subscribe to at least one pulse so your API key becomes visible. Use the search bar to find public pulses and click Subscribe.
- Retrieve your API key: navigate to Settings → API Integration and copy the key.
- Open Monad and navigate to Inputs.
- Click Add Input and search for AlienVault OTX — Subscribed Pulses.
- Fill in the Settings form:
- Backfill Start Time (optional): enter an RFC 3339 UTC timestamp if you want to limit the initial sync window (e.g.
2024-01-01T00:00:00Z). Leave blank for a full historical sync. - Use Synthetic Data (optional): enable to generate synthetic data instead of calling the real API, useful for testing.
- Backfill Start Time (optional): enter an RFC 3339 UTC timestamp if you want to limit the initial sync window (e.g.
- Under Secrets, paste your OTX API key into the API Key field.
- Click Save. The connector will perform an initial sync on its next scheduled run, then continue incrementally.
Related Articles
Sample Record
Code