Every USM Appliance deployment receives a threat intelligence update approximately every 30 minutes. ![]() Applicable MetricsĪlienVault OTX receives an average of 10 million indicators of compromise each day. ![]() Markets and Use CasesĪlthough focused on meeting the needs of smaller IT security teams (1-20), the AlienVault USM approach attracts companies of all sizes, from every industry and geography, said Dawes. Data can be collected using agents or without agents. ![]() AgentsĪlienVault OTX provides a web portal, an API, agents, SDK and command-line interface (CLI) through which the community can interact, and which can also be used to export threat intelligence from OTX into other applications. “AlienVault USM includes built-in asset discovery, vulnerability assessment, intrusion detection (host and network), behavioral monitoring and SIEM (log management and event correlation),” said Sacha Dawes, Principal Product Marketing Manager, AlienVault. OTX threat data feeds directly into AlienVault Unified Security Management (USM) Appliance and AlienVault USM Anywhere, as well as third-party security tools. OTX provides free access to 53,000 threat researchers and security professionals who contribute more than 10 million threat indicators daily. The AlienVault platform imports and stores threat indicators, analyzes them and exports indicators to security products that can apply them. Product Descriptionīy integrating essential security capabilities into a Unified Security Management (USM) platform, and powering that platform with up-to-the-minute threat intelligence from AlienVault Labs and its Open Threat Exchange (OTX) crowd-sourced collaborative threat exchange, AlienVault provides more than 5,000 commercial customers with centralized threat detection, incident response and compliance management for cloud and on-premises environments. To date the company has raised $116 million in funding. Headquartered in San Mateo, Calif., it also has offices in Austin, Texas Madrid, Spain Granada, Spain and Cork, Ireland. Write-host "Opening exports folder.See the complete list of top threat intelligence companies.įounded in 2007, AlienVault employs more than 300 people worldwide. # Open exports folder and complete the operation. $counts | Export-csv "$($exports)Total_Numbers_$($date.month)_$($date.day)_$($date.year).csv" -NoTypeInformation $IPv4WL = Import-CSV "$whitelists\IPv4s.csv" | where | Select Hostnames,IPv4s,URLs,FileHashes,Emails,CVEs,Total Write-host "No previous CSV's to archive. Write-host "Archived previous CSVs into the archive folder" -foregroundcolor "Green" Move-Item $archive "$exports\archive\" -Force $archive = get-childitem "$exports\*.csv" # Archive previous days export into the archive folder. $ErrorActionPreference = "Silentl圜ontinue" Write out pretty ascii art to the screen. $hostnames = our awesome ascii art into an array # How old are indicators allowed to be in days # Define Main Function, set variables to Null, and then define as arrays. # Powershell script to pull indicators from Alien Vault Opensource Threat Exchange(OTX) and export to CSVs for importing into Arcsight or other SIEM. This script is located on my Github, and will have the most recent updated version. It gathers each indicator by type, IE: IPv4, URL, Hostname etc, and then exports each seperate indicator type into CSV files that can be imported into another system like your SIEM. ![]() I work in a primarily windows workstation environment and Powershell is my goto language for just about everything since since it is native on every system since Windows 7.īelow is a script I developed to gather indicators from all subscribed pulses on OTX with powershell. So I wanted to automate IoC(Indicators of Compromise) collection and discovered AlienVault OTX product.
0 Comments
Leave a Reply. |