AlienVault Open Threat Exchange (OTX) Intro

AlienVault Open Threat Exchange (OTX) (aka AlientVault OTX or AT&T Alien Labs Open Threat Exchange [OTX]) is a free, open threat intelligence community for sharing indicators and details about malware and threat actors. OTX has over 100,000 participants, and over 19 million threat indicators are contributed daily.

You can subscribe to pulses which are threat summaries, detailing the reference (external report or blog post), adversary (threat actor), affected industries, malware family, associated ATT&CK techniques, IoCs, and related pulses. You can also follow contributors to monitor their OTX contributions.

AlienVault OTX dashboard

AlienVault Open Threat Exchange (OTX) Tour

• Dashboard: View a graph of malware clusters reported within a timeframe. Clicking a malware cluster shows features of the malware, and associated pulses.
• Browse: Browse pulses, users, groups, indicators, malware families, industries, and adversaries, with ability to filter and sort.
• Scan Endpoints: Shows how to use OTX Endpoint Security, free software that scans endpoints for IoCs in OTX.
• Create Pulse: Create a new pulse by having OTX extract IoCs from a source that you provide (website, blog post, PDF report, email, PCAP, STIX, OpenIOC, CSV, or text file), or by manually adding IoCs.
• Submit Sample: Submit a URL or file for analysis. OTX will scan the content at submitted URLs, and will perform static (and possibly dynamic) analysis on submitted files.
• API Integration: Provides info on using the OTX DirectConnect API to integrate OTX with Bro-IDS, STIX/TAXII, Suricata, and other third-party tools.
• Search: Search within all of OTX, or narrow search to indicators, malware families, adversaries, etc.

AlienVault OTX pulse

Additional Resources

Open Threat Exchange (OTX) | AT&T Cybersecurity