What’s new in OTX

October 9, 2019 | Amy Pace

AT&T Alien Labs and the Open Threat Exchange (OTX) development team have been hard at work, continuing our development of the OTX platform. As some of you may have noticed, we’ve added some exciting new features and capabilities this last year to improve understanding within the OTX community of evolving and emerging threats.

Malware analysis to benefit all

The biggest (and latest) new feature within OTX is the ability to submit samples to be analyzed in our backend AT&T Alien Labs systems. (Alien Labs is the threat intelligence unit of AT&T Cybersecurity.) You can now upload files and URLs for analysis, with access to results within minutes. Submissions can be made through the OTX portal (as shown below) or programmatically through the API.

submit files for analysis in OTX screen

From the Submit Sample page, you’ll be able to see all of your submissions with a link to the results. And, if you’re concerned about a sample containing sensitive information, OTX gives you the ability to make your submitted files and URLs private by using the Traffic Light Protocol (TLP).

Pulse creation enhancements

But it doesn’t stop there!  You can easily add the resulting indicator to a new pulse with the click of a button. In fact, you can utilize the new “Add to Pulse” button from any indicator details page.

OTX pulse creation screen

And, speaking of pulses, we’ve added to the list of file types that OTX can automatically extract IOCs from, which now includes PCAPs and emails.

pcap and email can be included in OTX pulses

You can also edit multiple indicators at once, making pulse creation even easier.

multiple indicators being entered in OTX pulse

We’ve also made it simpler to add more details to pulses with auto-suggestions for malware family and threat actor. Simply start typing in the associated fields, and OTX will provide a list of suggestions. Additionally, OTX will now identify MITRE ATT&CK IDs from a resource, such as a blog or threat report, and automatically add this information to the pulse.

MITRE included

CVSS v3 Severity Scores

We’ve also added support for CVSS v3, so you can now easily reference both CVSS v2 and v3 severity information.

CVSS v3 now supported in OTX

And more!

We’ve also made improvements to Passive DNS data, as well as added Linux sandbox support for ARM, x86, and x64.

What’s coming next...

We’re currently working on:

  • Redesign and enhancements to file indicator detail pages
  • Improved search capabilities for IoCs
  • Ability to kick-off an endpoint scan from pulse emails

Stay tuned because we have a lot more great stuff coming!

We'd love to hear any feedback or thoughts you might have around how to improve OTX. There's a survey you can fill out, or just drop us an email.

Join OTX today and start taking advantage of all these new capabilities and more -- for FREE!

Amy Pace

About the Author: Amy Pace

Amy is Lead Product Development Manager for AlienVault’s Open Threat Exchange (OTX). She has over 15 years of hands-on experience in information technology and security, holding lead roles in Sales Engineering, Technical Sales Enablement, Product Management, and Product Marketing. Prior to joining AlienVault, she worked at NSS Labs, heading up the Product Marketing team for their cloud security platform.

Read more posts from Amy Pace ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial