You need to sign up for an AT&T Alien Labs™ Open Threat Exchange® (OTX™) account and have an OTX key if you want USM Anywhere to receive alerts based on threats identified in OTXThe world’s first truly open threat intelligence community. Enables collaborative defense with open access, collaborative research, and seamless integration with USM Anywhere and USM Appliance, and plugin capabilities for other security products..
To enter your OTX key in USM Anywhere
- Go to Settings > OTX.
- Enter the OTX key you obtained from the OTX API page.
- Select the look-back period. See The Look-back Period for more information.
- Click Validate OTX Subscription Key.
USM Anywhere enables you to configure a period of time, called a look-back period, for receiving raw pulse data from OTX. The look-back period helps your environment to be more effective and agile. Threats are continuously changing and it is important to have this data updated. In addition, Indicators of Compromise (IOCs) get old quickly and an IP address that was a threat three months ago may not be now.
Note: The configuration of a look-back period helps you to avoid alarms generated by old pulses and without a current value.
You can define a look-back period, which uses pulses from the current date back for a certain range of time that you choose. These are the look-back period options from which you can choose:
- 1 month: Select this option to use pulses from the current day to the previous month.
- 3 months: Select this option to use pulses from the current day to the previous 3 months.
- 6 months: Select this option to use pulses from the current day to the previous 6 months.
- 1 year: Select this option to use pulses from the current day to the previous year.
- Unlimited: Select this option to use pulses without a restriction of time.
Important: The longer the selected period is, the longer time it takes to receive the pulses.
Note: Keep in mind that the range of the look-back period that you choose adjusts according to what is the current day of the month. This means that, for example, if you have chosen the 1 month option and it is the first day of the month, you will receive pulses from the previous month, and when it is the fifth day of the month, you will receive pulses from that fifth day of the month to the fifth day of the previous month.
To update the look-back period
- Go to Settings > Threat Intelligence.
- Change the look-back period.
- Click Update.
In the upper side of the page, a green message displays informing you that the OTX Subscription has been updated.
Important: Keep in mind that it takes some time if you update the look-back period, depending on your selection.