Skip to main content
Skip table of contents

Attivo BOTSink

Attivo BOTsink server is a deception and response platform. The Attivo deception solution projects decoys that appear indistinguishable from real production assets and are designed to engage and misdirect an attacker. When an attacker engages, BOTsink analyzes their movement, methods, and actions, generating alerts and visual maps.

Configuring the Connector for BOTSink

To configure Lucidum to ingest data from BOTSink:

  1. Log in to Lucidum.

  2. In the left pane, click Connector.

  3. In the Connector page, click Add Connector.

  4. Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.

  5. In the Settings page, enter the following:

    • URL (required). The URL of the API for Attivo BOTSink/

    • Username (required). User name for an account on Attivo BOTSink that has read-only access to Attivo Botsink data and Access Type is set to API. The Lucidum connector will use this account.

    • Password (required). User name for an account on Attivo BOTSink that has read-only access to Attivo Botsink data and Access Type is set to API. The Lucidum connector will use this account.

  6. To test the configuration, click Test.

    • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

    • If the connector is not configured correctly, Lucidum displays an error message.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.