AlienVault Open Threat Exchange

Updated

This article describes the Intelligence Card Extension for AlienVault's Open Threat Exchange (OTX).

About:

AlienVault Open Threat Exchange provides open access to a global community of threat researchers and security professionals. It now has more than 53,000 participants in 140 countries, who contribute over 10 million threat indicators daily. OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.

This extension requires a free OTX Key to be used; the extension is available on IP intelligence cards (and makes 5 API calls), domain intelligence cards (4 API calls), hash intelligence cards (2 API calls), and vulnerability intelligence cards (1 API call). 

Please see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.

 

Extending IP Address Cards

The following information and pivots are available on IP Address Intelligence cards:

Info:

  • Location information
  • Reputation
  • Passive DNS
  • Associated Malware
  • WhoIs
  • Pulses

Pivots:

  • ASN
  • Reputation domains
  • Passive DNS Hostname
  • Passive DNS Address
  • Malware Hash

 

Extending Domain Cards

The following information and pivots are available on Domain Intelligence cards:

Info:

  • Location information
  • Passive DNS
  • Associated Malware
  • WhoIs
  • Pulses
  • Alexa info

Pivots:

  • ASN
  • Passive DNS Hostname
  • Passive DNS Address
  • Malware Hash

Extending Hash Cards

The following information and pivots are available on Hash Intelligence cards:

Info:

  • Hash Type
  • Pulses
  • Malware type
  • Behaviors
  • Signatures

Pivots:

  • Hashes

 

Extending Vuln (CVE) Cards

The following information and pivots are available on Vulnerability Intelligence cards.  Note that AlienVault's vulnerability info is limited to those designated with MITRE's Common Vulnerability Enumeration (CVE) ID.  Searches on other vulnerability types (e.g., vendor specific vulnerability designations) will return an error.

Info:

  • Description
  • Pulses
  • Products
  • CVSS
  • References

Pivots:

  • none

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
2 out of 2 found this helpful

Articles in this section

See more