The information is divided into so-called pulses, each pulse a set of information items considered part of the same malicious activity. OTX is based on registered users sharing security information, for instance domains and hostnames involved in phishing scams, IP addresses performing brute force SSH login attempts, etc.
They also provide a platform for sharing threat intelligence, namely Open Threat Exchange (OTX). Adding an information feed like AlienVault OTX (Open Threat Exchange) to the mix further extends the awareness and detection capabilities.ĪlienVault is probably most known for their SIEM (Security Information and Event Management) named Unified Security Management™, with a scaled-down open source version named Open Source Security Information and Event Management (OSSIM).
#Ossim otx how to#
I’ve already described how to use lists of malicious domain names in a BIND RPZ ( Response Policy Zone). Shared information about malicious behaviour allows you to detect and sometimes prevent activity from – and to – Internet resources that could compromise your systems’ security. Building a toolbox around threat intelligence can be done with freely available tools.
0 kommentar(er)
