Example 1 – Open Threat Exchange – AlienVault

AlienVault proclaims that its Open Threat Exchange is The world's first truly open threat intelligence community. This tool is used globally by over 65,000 people that include security enthusiasts, researchers, and security professionals. It is community driven, meaning that information is provided by the users. This can have its own set of challenges, so beware! (https://otx.alienvault.com/)

AlienVault dashboard

The dashboard that is provided is relatively easy to understand:

Users can use the Visualization of Malware Clusters in two ways:

  • BY CATEGORY:

The preceding example is based on activity that has been reported within the last 24 hours. If we click on a specific bubble within a cluster, we will get more information about the type of malware that has been reported.

In the following example, the Password Stealer and Backdoor cluster have been selected. Notice the Features and Related Pulses sections:

Features show the names that are specific to the nUFS_pdf malware being reported.

Related Pulses shows the pulses that have been reported on this specific malware.

  • COMBINE: This view is another view that shows that clusters' all malware reported in the last 24 hours. Notice that in the bottom-right corner, there is Report count, which is represented by the size of the bubble. The larger the bubble, the more reports there have been. This means that we can visualize what is hot and what is cold, or not as hot, on the malware that is being reported on our feeds:

AlienVault pulses

AlienVault OTX uses a pulse to provide a high-level view of the threats and their IoCs. These pulses can be later integrated into some network security tools such as pfSense, an open source firewall, and Suricata, another open source threat detection engine:

Pulses can be broken down further by:

  • User-specific user contributions: Security researchers post their findings for other users to use in their threat intelligence analysis processes:
  • Groups-based on interest: Groups of security researchers post their research findings for other users to use in their threat intelligence analysis processes:
  • Indicators: The use of indicators to narrow down threat intelligence research on malware or attacks:
  • Malware families: Results based on the different families of malware:
  • Industries: Threat intel feed results based on a particular industry:
  • AdversariesThreat intel feed results based on a particular adversary:
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.22.181.81