Leveraging OTX Threat Data with USM Anywhere

OTX + USM Anywhere = Awesome

When you sign up for the Alien Labs® Open Threat Exchange® (OTX™) and connect it to a USM Anywhere instance, the USM Anywhere platform will receive threat data directly from OTX pulses. Pulses provide a summary of the threat, a view into the software targeted, and the related Indicators of Compromise (IoC) that you can use to detect the threats. They come from community-created OTX pulses and security events voluntarily contributed by USM Anywhere and OSSIM™ users.

Connecting OTX to your USM platform helps you to manage risk better and effectively take action on threats. OTX data complements the Threat Intelligence Subscription delivered by the AlienVault Labs team by providing visibility into emerging threat indicators active in your network:

• You will receive immediate notification in the form of an event or an alarm when a known malicious IP address communicates with any of your system assets, or when USM Anywhere identifies any other IOCs active in your network.
• USM Anywhere receives threat updates every 15 minutes from OTX for all pulses to which you subscribe
• You can review a pulse activity feed, containing detailed information about current activity and related pulses reported by the OTX community
• USM Anywhere shows you which pulses in your environment are most active, as soon as you log into USM Anywhere