Leveraging OTX Threat Data with AlienVault USM™

OTX + USM™ = Awesome

When you sign up for AlienVault Open Threat Exchange (OTX) and connect it to an AlienVault Unified Security Management (USM) instance, the USM platform will receive threat data directly from OTX pulses. Pulses provide a summary of the threat, a view into the software targeted, and the related Indicators of Compromise (IoC) that you can use to detect the threats. They come from community-created OTX pulses and security events voluntarily contributed by USM and OSSIM users.

The USM platform correlates the OTX data and alerts you when it detects IOCs from the OTX system interacting with assets in your environment. The alerts could include communication with known malicious IPs, detection of malware used in an emerging threat in your network , or outbound communication with command and control (C&C) servers.

Connecting OTX to your USM platform helps you to manage risk better and effectively take action on threats. OTX data complements the Threat Intelligence Subscription delivered by the AlienVault Labs team by providing visibility into emerging threat indicators active in your network:

  • You will receive immediate notification in the form of an event or an alarm when a known malicious IP address communicates with any of your system assets, or when USM identifies any other IOCs active in your network.
  • USM receives threat updates every 15 minutes from OTX for all pulses to which you subscribe
  • You can review a pulse activity feed, containing detailed information about current activity and related pulses reported by the OTX community
  • USM shows you which pulses in your environment are most active, as soon as you log into USM

Existing USM & OSSIM
Users, Get Started Now!

Learn more about how to connect OTX to
USM or OSSIM.

New to AlienVault?

Download a free 30-day trial of AlienVault
USM to check it out!

Learn HowStart a Free Trial
Chat