Threat Intelligence
Integration setup guides for threat intelligence and vulnerability management platforms.
Connect your threat intelligence feeds and vulnerability scanners to Zaun for IOC enrichment, attack surface monitoring, and vulnerability tracking.
AlienVault OTX
Category: Open Threat Exchange | Auth: API Key (Free)
Required Credentials
| Field | Description |
|---|---|
| API Key | From OTX account settings |
Auth: X-OTX-API-KEY: <key>. Rate: 10,000 req/hr. Free tier.
Capabilities
| Feature | Description |
|---|---|
| Pulse Subscriptions | List threat pulses you're subscribed to, with modified_since filtering |
| IOC Lookups | Query indicators by type: IPv4, IPv6, domain, hostname, file hash, URL, CVE |
| Pulse Search | Search and retrieve pulse details, indicators, and related pulses |
Setup Steps
- Create a free account at otx.alienvault.com.
- Subscribe to relevant threat pulses for your industry/region.
- Username > Settings > copy API Key. Paste into Zaun.
Shodan
Category: Internet Intelligence & Attack Surface | Auth: API Key
Required Credentials
| Field | Description |
|---|---|
| API Key | From Shodan account |
Capabilities
| Feature | Description |
|---|---|
| Host Search | Search internet-facing hosts with Shodan query syntax, facets, and filters |
| DNS | Resolve hostnames, reverse lookups, domain information |
| Scanning | List scans, check auto-targets, view scan results |
| Alerts | Monitor network alerts, triggers, and notifiers |
| Bulk Data | Access bulk datasets and open port listings |
Small Business plan ($359/mo) recommended for MDR use (vuln filter requires paid plan).
Setup Steps
- Create account at account.shodan.io, select a plan (Small Business recommended).
- Account > Profile Overview > copy API key. Paste into Zaun.
Free tier allows basic host lookups. Paid plans unlock vulnerability data, network monitoring, and higher rate limits.
Tenable
Category: Vulnerability Management | Auth: API Key
Required Credentials
| Field | Description |
|---|---|
| Access Key | First part of API key pair |
| Secret Key | Second part (shown once at generation) |
Auth: X-ApiKeys: accessKey=...;secretKey=...
Capabilities
| Feature | Description |
|---|---|
| Asset Inventory | List and query assets, attributes, and asset imports |
| Vulnerabilities | Export and query vulnerability findings with plugin details |
| Scans | View scan progress, history, and plugin output |
| Compliance | Export compliance status and audit results |
| Reports | Generate and download vulnerability reports |
Setup Steps
- In cloud.tenable.com > user icon > My Account > API Keys.
- Click Generate. Copy both Access Key and Secret Key immediately (Secret Key is only shown once).
- Paste both keys into Zaun.
Zaun connects to over 125 Tenable API endpoints covering assets, vulnerabilities, scans, compliance, and reporting.
VirusTotal
Category: Threat Intelligence & Malware Analysis | Auth: API Key
Required Credentials
| Field | Description |
|---|---|
| API Key | From VirusTotal account |
Capabilities
| Feature | Description |
|---|---|
| URL Analysis | Submit URLs for scanning and retrieve analysis results |
| File Analysis | Upload files, retrieve reports, and request rescans |
| IP & Domain | Analyze IP addresses and domains for reputation data |
| Search | General search across all indicator types |
Rate Limits
| Tier | Limit |
|---|---|
| Free | 4 req/min, 500 req/day |
| Premium | Per contract (typically 1,000+ req/min) |
Auth: x-apikey: <key>. Submissions are form-encoded; lookups return JSON.
Setup Steps
- Create an account at virustotal.com.
- Profile > API key page. Copy the key.
- Paste into Zaun.
Free tier is heavily rate-limited. For production MDR use, a Premium or Enterprise plan is recommended.