Call a Specialist Today! 800-886-5369

AlienVault Open Threat Exchange (OTX)
The world’s largest open threat intelligence community that enables collaborative defense with actionable, community-powered threat data


AlienVault Open Threat Exchange (OTX)

AlienVault Products
AlienVault Open Threat Exchange (OTX)
AlienVault Open Threat Exchange (OTX)
Contact us for Pricing!

Click here to jump to more pricing!

Overview:

Threat sharing in the security industry remains mainly ad-hoc and informal, filled with blind spots, frustration, and pitfalls. Our vision is for companies and government agencies to gather and share relevant, timely, and accurate information about new or ongoing cyberattacks and threats as quickly as possible. Armed with this information, organizations of all sizes can avoid major breaches or minimize the damage from an attack. AlienVault’s Open Threat Exchange (OTX) delivers the first truly open threat intelligence community that makes this vision a reality.

AlienVault OTX provides open access to a global community of threat researchers and security professionals. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OTX enables anyone in the security community to actively discuss, research, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.

AlienVault OTX Pulse

Pulses are the format for the OTX community to share information about threats. Pulses provide you with a summary of the threat, a view into the software targeted, and the related indicators of compromise (IOC) that can be used to detect the threats.

IOCs include:

  • IP addresses
  • Domains
  • Hostnames (subdomains)
  • Email
  • URL
  • URI
  • File Hashes: MD5, SHA1, SHA256, PEHASH, IMPHASH
  • CIDR Rules
  • File Paths
  • MUTEX name
  • CVE number

Pulses make it easy for you to answers questions like:

  • Is my environment exposed to this threat?
  • Is this relevant to my organization?
  • Who is behind this, and what are their motives?
  • What are they targeting in my environment?

Pulse Wizard
Drag & drop any blog post or threat report from any source to create new pulses

Create & Share Pulses
Create a pulse or add additional IoCs into an existing pulse when observing suspicious or malicious behavior

Direct Integration with Alienvault USM
Automatically instrument the USM platform's built-in IDS with latest actionable threat data

Open Access

Security research tends to be an insular process and rarely do individuals or groups share threat data with one another. This is due to lack of trust, internal policies, or simply the inability to get the information out to the masses. The Open Threat Exchange (OTX) helps to solve this problem with the ability to subscribe or follow the most trusted pulses in the community.

  • Subscribe to pulses and use the DirectConnect feature to automatically instrument your security products to detect the latest IOCs.
  • Follow OTX contributors and get valuable insight into their recently researched threats.

Openly Research & Collaborate on Emerging Threats

The traditional threat sharing model is a one-way communication between researchers/vendors and subscribers. There is no way for subscribers to interact with peers or threat researchers on emerging threats, as each recipient is isolated from each other. That’s why we built OTX — to change the way we all create, collaborate, and consume threat data.

Integrate with the AlienVault USM Platform & Export IOCs to Any Security Product

Most threat data sharing products or services are expensive and/or overly complex. Users often find themselves buying multiple services since the traditional, isolated, approach to threat data limits their ability to export threat data from one tool to another. OTX provides several methods for your security tools to ingest pulse data, allowing you to react quickly and more efficiently to any threats.

Direct Integration with the AlienVault USM Platform
Automatically instrument your built-in IDS capability within the AlienVault USM platform deployments, as well as third party security tools, with the latest actionable threat data from community-generated pulses.

OTX DirectConnect API
Export IOCs automatically into your existing security tools, eliminating the need to manually add IP addresses, MD5 hashes of malware files, domain names, etc. in the following formats: OpenIoC, STIX, and CSV.

Export to Third Party Security Tools
Import IOCs from pulses into third party security tools.

AlienVault Open Threat Exchange (OTX)

Features:




Open Access to the Threat Intelligence Community

Security research tends to be an insular process and rarely do individuals or groups share threat data with one another. This is due to lack of trust, internal policies, or simply the inability to get the information out to the masses. OTX helps to solve this problem with the ability to subscribe or follow the most trusted pulses in the community.

  • Subscribe to pulses and use the DirectConnect feature to automatically update your security products.
  • Follow OTX contributors and get valuable insight into their recently researched threats.
Open Access to the Threat Intelligence Community
Openly Research & Collaborate on Emerging Threats



Openly Research & Collaborate on Emerging Threats

The traditional threat sharing model is a one-way communication between researchers/vendors and subscribers. There is no way for subscribers to interact with peers or threat researchers on emerging threats, as each recipient is isolated from each other. That’s why we built OTX — to change the way we all create, collaborate, and consume threat data.

Go Threat Hunting with OTX Endpoint Security

When you join OTX, you get instant access to OTX Endpoint Security — a free threat-scanning service in OTX that allows you to quickly identify malware and other threats on your endpoints.

Powered by the AlienVault Agent, based on osquery, OTX Endpoint Security scans your endpoints for the presence of known IoCs, alerting you to any active threats. This free service is the first of its kind to natively take advantage of the IoCs catalogued in OTX without using other security products. So, you can immediately use OTX threat intelligence to assess your endpoints against real-world attacks on demand and as new attacks appear in the wild.

Go Threat Hunting with OTX Endpoint Security

Integrate with AlienVault USM & Export IoCs to Any Security Product

Integrate with AlienVault USM & Export IoCs to Any Security Product

Most threat data sharing products or services are expensive and/or overly complex. Users often find themselves buying multiple services since the traditional, isolated, approach to threat data limits their ability to export threat data from one tool to another. OTX provides several methods for your security tools to ingest pulse data, allowing you to react quickly and more efficiently to any threats.

Direct Integration with the AlienVault USM Platform
Automatically instrument the built-in IDS security capabilities within the AlienVault USM platform, as well as third party security tools, with the latest actionable threat data from community-generated OTX pulses.

OTX Endpoint Security
With its direct OTX integration, OTX Endpoint Security allows you to hunt for threats on your endpoints without using other security products. So, you can immediately take advantage of the community-powered threat intelligence of OTX.

OTX Endpoint Security uses the same agent-based approach as expensive endpoint security tools, giving you meaningful threat visibility of your critical endpoints without the cost and complexity. With other free, open source approaches to endpoint agents, it can be difficult to deploy, to know what to query, and to correlate this information with the latest threat data. OTX Endpoint Security removes this complexity and guesswork while providing a free security service available to all.

OTX DirectConnect API
Export IoCs automatically into your existing security tools, eliminating the need to manually add IP addresses, MD5 hashes of malware files, domain names, etc.

Export to Third Party Security Tools
Import IoCs from pulses into third party security tools.

How It Works:

AlienVault OTX provides open access to a global community of threat researchers and security professionals. It now has more than 100,000 participants in 140 countries, who contribute over 19 million threat indicators daily. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.

Leveraging OTX Threat Data with AlienVault USM:

Put AlienVault USM to Work in Your Environment

When you sign up for the AlienVault Open Threat Exchange (OTX) and connect it to an AlienVault Unified Security Management (USM) instance, the USM platform will receive threat data directly from OTX pulses. Pulses provide a summary of the threat, a view into the software targeted, and the related Indicators of Compromise (IoC) that you can use to detect the threats. They come from community-created OTX pulses and security events voluntarily contributed by AlienVault USM and AlienVault OSSIM users.

Connecting OTX to your USM platform helps you to manage risk better and effectively take action on threats. OTX data complements the Threat Intelligence Subscription delivered by the AlienVault Labs team by providing visibility into emerging threat indicators active in your network:

  • You will receive immediate notification in the form of an event or an alarm when a known malicious IP address communicates with any of your system assets, or when AlienVault USM identifies any other IOCs active in your network.
  • AlienVault USM receives threat updates every 15 minutes from OTX for all pulses to which you subscribe
  • You can review a pulse activity feed, containing detailed information about current activity and related pulses reported by the OTX community
  • AlienVault USM shows you which pulses in your environment are most active, as soon as you log into AlienVault USM

Leveraging OTX Threat Data with AlienVault USM

Screenshots:


Pulses are collections of Indicators of Compromise, IPs, urls, and file hashes related to potentially malicious activity, contributed by the AlienVault Labs research team as well as other members of the OTX community.

Pulses are collections of Indicators of Compromise, IPs, urls, and file hashes related to potentially malicious activity, contributed by the AlienVault Labs research team as well as other members of the OTX community.

Browse through pulses on the most recent threats researched by the OTX community. Subscrible to those that are interest to you or your organization.

Browse through pulses on the most recent threats researched by the OTX community. Subscrible to those that are interest to you or your organization.

Create your own pulses from security blogs, reports, whitepapers or other text based docs and share your finding with the OTX community.

Create your own pulses from security blogs, reports, whitepapers or other text based docs and share your finding with the OTX community.

OTX will exclude any IoCs that it feels are false positives but you have the final say in what is included in your pulse.

OTX will exclude any IoCs that it feels are false positives but you have the final say in what is included in your pulse.

Any events or alarms containing IoCs pulses in OTX will be designated as such, allowing you to quickly prioritize threats and deal with them efficienty.

Any events or alarms containing IoCs pulses in OTX will be designated as such, allowing you to quickly prioritize threats and deal with them efficienty.

Pulses are integrated within the USM platform, accelerating threat detection and providing the best method of leveraging the OTX threat data.

Pulses are integrated within the USM platform, accelerating threat detection and providing the best method of leveraging the OTX threat data.


Documentation:

Download the AlienVault Open Threat Exchange (OTX) Datasheet (.PDF)

Pricing Notes:

AlienVault Products
AlienVault Open Threat Exchange (OTX)
AlienVault Open Threat Exchange (OTX)
Contact us for Pricing!