Anomali Limo using Elastic Agent

Just updated to v8 and enabled the Anomali Limo API using the Elastic Agent, not sure if anyone else has had success using this integration but it doesn't seem to pull any data using the default settings?

Hello @samoz83

Anomali Limo requires you to set a specific collection ID, and will fetch the latest TI information from it. However not all those collections are updated by Anomali frequently, and there might be that the default collection for some reason does not have newer entries.

I noticed a small bug the UI for that specific integration, because the amount of lookback in hours is supposed to be configurable, I will push an update for that specific package today, and you should be able to see it tomorrow.

In the meantime, I would also recommend for example AbuseCH, which has everything working out of the box, and does not require any configuration at all.

Related PR: [Anomali] adding initial interval to manifest by P1llus · Pull Request #2677 · elastic/integrations · GitHub.

Once the update has been pushed, you should then have version 1.2.1 available tomorrow.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.