Your cart is currently empty!
Getting The Best From Alienvault OTX
Most of you most likely already are familair with Alienvault, but did you know they also have a dedicated threat intelligence sharing platform dubbed “Alienvault OTX1“? Well, this platform has been around for some while now, and it is one of the threat intelligence feeds we want you to be aware of.
We can argue that there are a lot of duplicates on OTX, and sometimes context is missing, but that does not mean that it is not an valuable resource.
Because it is an open community, everyone is allowed to share their knowledge and findings on the platform.
The chance is there that an indicator might be shared on the platform that can actually help you to defend that specific customer with that specific threat actor… So why would we ignore such an valuable resource? We won’t.
Is it Paid?
The OTX.Alienvault.com platform is free and open to use. You can register for an account, and with that account, you can get access to the full functionality and services the OTX platform provides.
What Can You Expect?
The platform is to be honest quite a mess, a lot of information is being shared, and you need to have some process to filter the data. Still, it remains an valuable resource for IOC.
This includes getting IPv4 addresses, SHA256 checksums of malware, and network indicators.
What about the false positives rates?
Well, you will have false positives if you blindly use any of the indicators in your solution or service. The most important part is to have a good filtering process that will allow you to reduce the false positives.
As we always say, if it is second hand information, you will need to work on it.
How Can I Use The Threat Intelligence Feed?
You can get access to all of the data that is shared on the OTX platform by using their specially made API2 and API key (You do need to sign-up for a free account).
