OTX stands for Open Threat Exchange, what does it stand for?
Open Threat Exchange® allows security researchers and threat data producers to share research and investigate new threats.
OTX allows you to collaborate with a worldwide community of threat researchers and security professionals.Everyone in the OTX community can share threat data, trends, and techniques through this access.
OTX streamlines the process of updating your security infrastructure by speeding the distribution of the latest threat data.OTX strengthens the defenses of all who use it by offering a platform for the community of security analysts to actively collaborate.
The OTX community reports indicators of compromise, which other community members review and comment on.There is a summary of the threat, a view into the software targeted, and related IoCs reported by the OTX community worldwide.There are indicators of compromise.
Notification of communication between malicious hosts and your assets.See OTX's reputation.
The OTX community reports threat data in the form ofpulses.
An IoC is an artifact observed on a network or in an end point judged with a high degree of confidence to be a threat.Threats include campaigns or infrastructures used by an attacker.The table has a list of IoC types.
The OTX community submits internet addresses and domain names.They are either malicious or suspicious until more data comes in to increase their threat ranking.OTX data is supplemented with valuable data about actively or potentially malicious activity appearing worldwide that can affect your system through the incoming data from all of these sources.
AlienVault makes sure that no data shared with OTX can be traced to the contributor or USM Appliance instance.
If you sign up for an OTX account, you will receive the benefit of IP Reputation data.
If you open an OTX account, you will be able to share the data with other users.Your data is secure and anonymous.
If you want to stop USM Appliance from sharing data with OTX, you have to visit the Open Threat Exchange Configuration page.
OTX updates on an ongoing basis to calculate changing assessments to risk level based on ranking criteria.False positives are prevented by this.
Many data sources have differing reliability.The ranking in this case is based on the number of malicious reports against them.If OTX gets 10 reports on a given address compared to 20 on another, it will give that address a lower reliability ranking.
The behavior of each address listed is used to rank the priority of the address.An address known to be a Botnet server gets a higher priority than an address used as a scanning host.
As new information emerges affecting priority criteria, OTX constantly updates its data.The priority values and threat level of an intellectual property are reprioritized each time an update is released.
Although AlienVault OSSIM has a complete integration of OTX in its environment, the additional alarm context compiled by the AT&T Alien Labs Security Research Team is only available in USM Appliance.