AlienVault free endpoint scanning service, called OTX Endpoint Threat Hunter

Prorootect

Level 53
Verified
Joined
Nov 5, 2011
Messages
4,225
#1
AlienVault presents OTX Endpoint Threat Hunter, its innovative free endpoint scanning service
By Pierluigi Paganini on securityaffairs.co

The OTX Endpoint Threat Hunter service is part of the AlienVault Open Threat Exchange (OTX) platform that currently provides more than 19 million threat indicators contributed by over 80,000 users.
This means that users can assess their infrastructure by using threat information collected by the world’s largest open threat intelligence community.
OTX Endpoint Threat Hunter is a free threat-scanning service that allows users to detect malware and other threats on endpoints using OTX threat intelligence.
The new service uses lightweight endpoint agent, the AlienVault Agent, that executes predefined queries against one or more OTX pulses, the agent can be installed on Windows, Linux and other endpoint devices.
Each pulse includes a complete set of data on a specific threat, including IoCs.
OTX Endpoint Threat Hunter is directly integrated in OTX, this means that users can start using it without the use of other security tools as explained by AlienVault.

  • If you haven’t already, register with the Open Threat Exchange (OTX). It’s free to join.
  • Download and install the AlienVault Agent on the Windows or Linux devices* you want to monitor. The AlienVault Agent is immediately ready to find threats.
  • Launch a query on any endpoint from OTX by selecting a pre-defined query that looks for IOCs in one or more OTX pulses.
  • The AlienVault Agent executes the query, and within moments you can view the results of the query display across all your endpoints on a summary page within OTX.

OTX Endpoint Threat Hunter can also be used to scan for processes running without a binary on disk, scan for crypto-mining activity and scan for installed malicious / annoying Chrome extensions.


AlienVault has described several scenarios where Endpoint Threat Hunter can be effective, including:


  • Identify whether your endpoints have been compromised in a major malware attack.
  • Assess the threat posture of your critical endpoints.
  • Query your endpoints for other suspicious activities.

Users can also scan all the endpoints against multiple pulses at once, the OTX Endpoint Threat Hunter allows to scan against pulses as well as YARA rules in multiple ways:


  • Scan all AlienVault-contributed Pulses
  • Scan by all AlienVault-contributed YARA Rules (Linux only)
  • Scan by all pulses you subscribe to (all pulses updated in the last 7 days)
  • Scan by all pulses you subscribe to (all pulses updated in the last 30 days)
 

mekelek

Level 28
MH Trial
Verified
Joined
Feb 24, 2017
Messages
1,709
OS
Windows 10
Antivirus
Kaspersky
#2
this is interesting, registered, trying it on a VM.

ps: so i had to enable unsigned execution in powershell, it installs osquery daemon as a service and you can query scans on your pc from the web panel, but the limits of the samples seem to be what people publish on it.

also it's a community where people share details of how certain malware works, and their findings, and these "pulses" get added to the database that the scans can query from
 
Last edited:

MeltdownEnemy

Level 6
Verified
Joined
Jan 25, 2018
Messages
281
OS
Windows 10
Antivirus
F-Secure
#3
The question is not how to help to clean the malware's and bug's in the extensions?
but yes about of, How Chrome will prevent this from happening on its extension platform..
for me the most important is the second question.
thanks I will review OTX Endpoint Threat Hunter and what task could do about problems.
 
Likes: Prorootect