AT&T Alien Labs and the Open Threat Exchange (OTX) development team have been hard at work, continuing our development of the OTX platform. As some of you may have noticed, we’ve added some exciting new features and capabilities this last year to improve understanding within the OTX community of evolving and emerging threats.
Malware analysis to benefit all
The biggest (and latest) new feature within OTX is the ability to submit samples to be analyzed in our backend AT&T Alien Labs systems. (Alien Labs is the threat intelligence unit of AT&T Cybersecurity.) You can now upload files and URLs for analysis, with access to results within minutes. Submissions can be made through the OTX portal (as shown below) or programmatically through the API.
From the Submit Sample page, you’ll be able to see all of your submissions with a link to the results. And, if you’re concerned about a sample containing sensitive information, OTX gives you the ability to make your submitted files and URLs private by using the Traffic Light Protocol (TLP).
Pulse creation enhancements
But it doesn’t stop there! You can easily add the resulting indicator to a new pulse with the click of a button. In fact, you can utilize the new “Add to Pulse” button from any indicator details page.
And, speaking of pulses, we’ve added to the list of file types that OTX can automatically extract IOCs from, which now includes PCAPs and emails.
You can also edit multiple indicators at once, making pulse creation even easier.
We’ve also made it simpler to add more details to pulses with auto-suggestions for malware family and threat actor. Simply start typing in the associated fields, and OTX will provide a list of suggestions. Additionally, OTX will now identify MITRE ATT&CK IDs from a resource, such as a blog or threat report, and automatically add this information to the pulse.
CVSS v3 Severity Scores
We’ve also added support for CVSS v3, so you can now easily reference both CVSS v2 and v3 severity information.
We’ve also made improvements to Passive DNS data, as well as added Linux sandbox support for ARM, x86, and x64.
What’s coming next...
We’re currently working on:
- Redesign and enhancements to file indicator detail pages
- Improved search capabilities for IoCs
- Ability to kick-off an endpoint scan from pulse emails
Stay tuned because we have a lot more great stuff coming!
Join OTX today and start taking advantage of all these new capabilities and more -- for FREE!