- Aug 30, 2012
- 6,598
The Open Threat Exchange ™ (OTX) ThreatFinder is a free service that quickly analyzes your network for compromised systems and malicious communication. It correlates data from your log files with threat intelligence gathered from thousands of global sources and alerts you to any communications with known malicious hosts.
ThreatFinder also gives you rapid insight into all external network communications via an interactive threat map. It charts all of the countries and organizations your systems are communicating with, delivering granular visibility into your network’s activities – down to company names and IP addresses.
NO ADDITIONAL HARDWARE OR SOFTWARE REQUIRED!
You simply provide a non-binary log file from UNIX or network devices & we do the rest. We give you the ability to see exactly what systems & organizations your network is communicating with, enabling you to see compromised systems & other suspicious or malicious behavior. You can choose the right response based on your policies & resources.
How it works
Administrators of AlienVault OSSIM and USM deployments can voluntarily contribute anonymized information from devices in their environment, such as firewalls, proxies, web servers, endpoint security and intrusion detection / prevention systems. AlienVault aggregates, cleans, and validates the raw data before publishing it. This global threat intelligence from diverse industries and countries provides comprehensive visibility to malicious hosts. ThreatFinder correlates this global view with information from your network to identify threats in your network.
Visibility Into External Bad Actors
Monitoring your organization’s reputation with Reputation Monitor Alert is great, but it is also important to monitor the reputation of the systems interacting with your network.
OTX integrates with AlienVault USM and OSSIM to provide you threat intelligence about known malicious IPs from outside of your network.
AlienVault USM leverages OTX’s reputation data to identify, alert and respond, based on your assets’ interactions with malicious IPs. By correlating malicious IPs with activities on network components such as firewalls, proxies, web servers, anti-virus systems, and intrusion detection systems, USM helps you prioritize risk and focus your resources better.
Picture this: you are investigating a potential security incident after you see an alarm from USM’s integrated IDS. You check if the asset under attack has any connection to external malicious IPs, from the USM console (powered by OTX). You also get visibility to details about the asset under attack, including OS, software running and known vulnerabilities on the system, all from the same console. With USM and OTX, you’ll finally have the visibility you need to secure your network, with all the security tools you need at your fingertips.
3 Simple Steps to Get Started:
1) Join the AlienVault Community
2) Upload a log file from your network
3) Receive a personalized analysis of your network based on the correlation of your data with threat intelligence from networks all over the world
GET STARTED WITH THREATFINDER
Page
Suggested by SourceForge
