Connecting to AlienVault Open Threat Exchange®

Applies to Product: USM Appliance™ AlienVault OSSIM®

AlienVault Open Threat Exchange® (OTX™) is an open information sharing and analysis network, created to put effective security measures within the reach of all organizations. Unlike invitation-only threat sharing networks, OTX provides real-time, actionable information to all who want to participate.

Enabling AlienVault OTX in your installation will allow you to automatically share anonymous threat information with the OTX community. In return you will receive crowd-sourced threat updates every 30 minutes. The image below shows a sample of the data being sent from an AlienVault USM Appliance installation to OTX.

The following data are collected

  • The source and/or destination IP address of an event.
  • The name of the event.
  • The number of times such event occurred.

Data collected for AlienVault OSX.

After you finish installing and configuring AlienVault USM Appliance (with OTX enabled), you will be able to quickly see which alarms indicate malicious activity from a known bad actor on the Alarms page. For more information, see Using OTX in USM Appliance.

To enable OTX in your USM Appliance installation, you must enter the OTX key and connect to your OTX account. If you do not have an OTX account and would like to sign up for it, you can do so from the Getting Started Wizard.

To join OTX from the Getting Started Wizard

  1. On the Join OTX screen, click Sign Up Now.

    A popup takes you to the sign-up page on https://otx.alienvault.com/accounts/signup/.

  2. Fill out the information (username, emaill address, and password) and click Sign Up.

    A page appears informing you that a verification email with a link to OTX was sent to the email address you provided.

  3. After you receive the email, click the link and, on the confirmation page for logged-in USM Appliance users, click Login.

    A USM Appliance key page appears, displaying your OTX key and stating that the username you used to register for OTX is logged in.

  4. Copy the OTX key and paste it into the Enter OTX Key field shown in the following illustration.
  5. Click Next.

    The Thank You for Joining the Open Threat Exchange page appears.

  6. Click Finish.

    Join the Open Threat Exchanage welcome window.

    Important: After you click Finish, you cannot run the Getting Started Wizard again.