Leveraging OTX Threat Data with AlienVault USM™
OTX + USM™ = Awesome
When you sign up for AlienVault Open Threat Exchange (OTX) and connect it to an AlienVault Unified Security Management (USM) instance, the USM platform will receive threat data directly from OTX pulses. Pulses provide a summary of the threat, a view into the software targeted, and the related Indicators of Compromise (IoC) that you can use to detect the threats. They come from community-created OTX pulses and security events voluntarily contributed by USM and OSSIM users.
Connecting OTX to your USM platform helps you to manage risk better and effectively take action on threats. OTX data complements the Threat Intelligence Subscription delivered by the AlienVault Labs team by providing visibility into emerging threat indicators active in your network:
- You will receive immediate notification in the form of an event or an alarm when a known malicious IP address communicates with any of your system assets, or when USM identifies any other IOCs active in your network.
- USM receives threat updates every 15 minutes from OTX for all pulses to which you subscribe
- You can review a pulse activity feed, containing detailed information about current activity and related pulses reported by the OTX community
- USM shows you which pulses in your environment are most active, as soon as you log into USM