YARA Support and Other Recent Additions to OTX

August 21, 2017 | Chris Doman

AlienVault OTX now supports YARA rules!

YARA rules are a great way of detecting, classifying and hunting for malware. We are happy to announce you can now develop, test and share YARA rules on AlienVault OTX.

If you'd like to deploy these rules on your own network, here is a script to download the rules (and a big sample set of rules here).

But Yara isn't the only addition to OTX since our last update.

More HTTP data

We have data on malicious and suspicious URLs going back a number of years. But now you can also see the analysis and relationships with links within the HTML, Whois or SSL Certificate fields. 

More users

The value in a platform like OTX is in its users, with each added user an exponential gain for the other users of the community.

We now have over 65,000 registered users, and the number of visitors browsing the site has more than doubled since the beginning of the year. In addition to that, there are hundreds of groups, including 70 public groups where you can collaborate and share information about specific topics or threat actors.

More AlienVault-generated reports

Users that subscribe to the AlienVault user, and particularly those that have the AlienVault threat intelligence subscription, may have noticed we're starting to add a lot more of our own reports on attacks to OTX:

Our analysts create this content by tracking and analyzing multiple threat actors. They are able to do this with the help of an system (internally referred as SkyChip), that identifies clusters of malware that we haven't encountered before.

Integrations and API users

We had another blog discussing all the extensions to the API. It's great to see integrations in several places, and this week Hybrid-Analysis.com has built some awesome integrations utilizing the OTX API:

What's coming

We're hard at work adding new features to make OTX even more valuable including new ways to personalize OTX, visualizations, and tools to help with malware analysis. If you have thoughts on what you would like to see added to OTX, tweet us @AlienVault or drop an email otx-support@alienvault.com.

Chris Doman

About the Author: Chris Doman, AT&T Alien Labs

I've had a long interest in security, but joined the industry after winning the civilian section of the Department of Defense's forensics competition. I run a popular threat intelligence portal (ThreatCrowd.org) in my spare time, and hold a CCHIA (Certified Host Intrusion Analyst) from CREST and a degree in Computer Science from the University of Cambridge.

Read more posts from Chris Doman ›

TAGS: yara, otx


Get price Free trial