Attivo BOTsink server is a deception and response platform. BOTsink uses deception techniques and a matrix of distributed decoy systems to turn an entire network into a trap. When an attacker engages, BOTsink generates alerts and visual maps, quarantines the infected device, and then analyzes the attack movement, methods, and actions.
Configuring the Connector for BOTSink #
To configure Lucidum to ingest data from BOTSink:
-
Log in to Lucidum.
-
In the left pane, click Connector.
-
In the Connector page, click Add Connector.
-
Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.
-
In the Settings page, enter the following:
-
URLÂ (required). The URL of the API for Attivo BOTSink/
-
Username (required). User name for an account on Attivo BOTSink that has read-only access to Attivo Botsink data and Access Type is set to API. The Lucidum connector will use this account.
-
Password (required). User name for an account on Attivo BOTSink that has read-only access to Attivo Botsink data and Access Type is set to API. The Lucidum connector will use this account.
-
-
To test the configuration, click Test.
-
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
-
If the connector is not configured correctly, Lucidum displays an error message.
-
