We’re proud to announce the immediate availability of the first phase of our threat exchange platform. You can check the marketing text on the AlienVault main site.
We’ll be releasing more detail on the inner workings as we go on, or if you can’t wait, just upgrade your OSSIM installation and have a look at the inner workings.
Basically the system, at this point, gathers information about IP addresses external to your network or setup and relates them to events in the database, (count). This information, after making sure none of the defined networks or hosts are going to be leaked, is submitted through a secure communication channel on an hourly basis to the AlienVault servers.
From that moment on the information is completely anonymous since no relation is stored on who submitted what.
Sanity checks are performed on the data and it gets added to the Open Threat Exchange.
This is just one example as how this platform can be used. The information is and will remain free for all users that opt-in to share data to enrich the platform; that is my personal commitment to you. Customers who have paid for the SIEM feed will get this data too without having to opt-in to sharing.
Kudos to the entire lab team that has worked on it and also our devel guys who got this out on time :-)