be_ixf;ym_202407 d_12; ct_50

LevelBlue Labs Open Threat Exchange

The world's largest open threat intelligence community that enables collaborative defense with actionable, community-powered threat data.

Join now for free

World's First Open Threat Intelligence Community

Threat sharing in the security industry remains mainly ad-hoc and informal, filled with blind spots, frustration, and pitfalls. Our vision is for companies and government agencies to gather and share relevant, timely, and accurate information about new or ongoing cyberattacks and threats as quickly as possible to avoid major breaches (or minimize the damage from an attack). The LevelBlue Labs® Open Threat Exchange® (OTX™) delivers the first truly open threat intelligence community that makes this vision a reality.

How OTX Works

OTX provides open access to a global community of threat researchers and security professionals. It now has more than 100,000 participants in 140 countries, who contribute over 19 million threat indicators daily. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.

OTX Pulse

Pulses provide you with a summary of the threat, a view into the software targeted, and the related indicators of compromise (IOC) that can be used to detect the threats.

IOCs include:

  • IP addresses
  • Domains
  • Hostnames (subdomains)
  • Email
  • URL
  • URI
  • File Hashes: MD5, SHA1, SHA256, PEHASH, IMPHASH
  • CIDR Rules
  • File Paths
  • MUTEX name
  • CVE number

Pulses make it easy for you to answer questions like:

  • Is my environment exposed to this threat?
  • Is this relevant to my organization?
  • Who is behind this, and what are their motives?
  • What are they targeting in my environment?
Pulse Wizard
Automatically extract IoCs from a variety of sources, including blogs, threat reports, emails, PCAPs, text files and more
Create & Share Pulses
Create a pulse or add additional IoCs into an existing pulse when observing suspicious or malicious behavior
Direct Integration with USM
Connecting OTX to the USM platform helps you to manage risk better and effectively take action on threats. Learn more ›

Open Access to the Threat Intelligence Community

Security research tends to be an insular process and rarely do individuals or groups share threat data with one another. This is due to lack of trust, internal policies, or simply the inability to get the information out to the masses. OTX helps to solve this problem with the ability to subscribe or follow the most trusted pulses in the community.

  • Subscribe to pulses and use the DirectConnect feature to automatically update your security products.
  • Follow OTX contributors and get valuable insight into their recently researched threats.

Openly Research & Collaborate on Emerging Threats

The traditional threat sharing model is a one-way communication between researchers/vendors and subscribers. There is no way for subscribers to interact with peers or threat researchers on emerging threats, as each recipient is isolated from each other. That’s why we built OTX — to change the way we all create, collaborate, and consume threat data.

Go Threat Hunting with OTX Endpoint Security™

When you join OTX, you get instant access to OTX Endpoint Security™ — a free threat-scanning service in OTX that allows you to quickly identify malware and other threats on your endpoints.

Powered by the AlienVault Agent, based on osquery, OTX Endpoint Security scans your endpoints for the presence of known IoCs, alerting you to any active threats. This free service is the first of its kind to natively take advantage of the IoCs catalogued in OTX without using other security products. So, you can immediately use OTX threat intelligence to assess your endpoints against real-world attacks on demand and as new attacks appear in the wild.

Try OTX Endpoint Security now

Analyze Suspicious Files and URLs

OTX makes it easy to submit files and URLs for instant malware analysis in our backend systems. Simply upload a sample via the OTX web portal and view your results within minutes. Additionally, users can utilize our DirectConnect API to submit sample files and URLs.

Learn more

Integrate with Third-Party Security Tools

OTX provides multiple methods for third-party security tools to ingest its valuable threat data. In addition to the web interface, users can utilize the OTX DirectConnect API to automatically synchronize OTX threat intelligence with existing security monitoring tools.

Learn more

Take a Tour of OTX.

Pulse Details
Browse Pulses
Create Pulses
Create Pulse Indicators
Receive Alerts

Integrate OTX Threat Intelligence with External Security Monitoring Tools

Most threat data sharing products or services are limited in what they provide or require users to pay extra for what the provider deems as “premium” features. Moreover, they can be overly complex to integrate with your existing tools. The result is that users often find themselves buying multiple services since the traditional, isolated approach to threat data limits their ability to export threat data from one tool to another.

OTX alleviates that problem by providing a comprehensive threat intelligence service that’s 100% free, along with multiple methods for your security tools to ingest relevant, timely, and accurate threat data.

Direct Integration with the AlienVault USM Platform

Connect OTX to AlienVault USM to correlate raw pulse data with incoming security events within the USM platform.

Ingest OTX Threat Data into Third-Party Security Tools

Easily consume OTX threat intelligence within your own environment by utilizing the OTX DirectConnect API.

Our DirectConnect API enables users to export IoCs automatically into third-party security products, eliminating the need to manually add IP addresses, malware file hashes, URLs, domain names, etc.

In addition to the API, OTX users also have the option of downloading IoCs from a pulse via the web portal -- as CSV, OpenIOC or STIX -- then importing into existing security tools.

Learn more