One Article Review
Accueil - L'article:
Source AlienVault.webp AlienVault Blog
Identifiant 1392535
Date de publication 2019-10-09 13:00:00 (vue: 2019-10-09 16:00:48)
Titre What\'s new in OTX
Texte Alien Labs and the Open Threat Exchange (OTX) development team have been hard at work, continuing our development of the OTX platform. As some of you may have noticed, we’ve added some exciting new features and capabilities this last year to improve understanding within the OTX community of evolving and emerging threats. Malware analysis to benefit all The biggest (and latest) new feature within OTX is the ability to submit samples to be analyzed in our backend Alien Labs systems. (Alien Labs is the threat intelligence unit of AT&T Cybersecurity.) You can now upload files and URLs for analysis, with access to results within minutes. Submissions can be made through the OTX portal (as shown below) or programmatically through the API. submit files for analysis in OTX screen From the Submit Sample page, you’ll be able to see all of your submissions with a link to the results. And, if you’re concerned about a sample containing sensitive information, OTX gives you the ability to make your submitted files and URLs private by using the Traffic Light Protocol (TLP). Pulse creation enhancements But it doesn’t stop there!  You can easily add the resulting indicator to a new pulse with the click of a button. In fact, you can utilize the new “Add to Pulse” button from any indicator details page. OTX pulse creation screen And, speaking of pulses, we’ve added to the list of file types that OTX can automatically extract IOCs from, which now includes PCAPs and emails. pcap and email can be included in OTX pulses You can also edit multiple indicators at once, making pulse creation even easier. multiple indicators being entered in OTX pulse We’ve also made it simpler to add more details to pulses with auto-suggestions for malware family and threat actor. Simply start typing in the associated fields, and OTX will provide a list of suggestions. Additionally, OTX will now identify MITRE ATT&CK IDs from a resource, such as a blog or threat report, and automatically add this information to the pulse. MITRE included CVSS v3 Severity Scores We’ve also added support for CVSS v3, so you can now easily reference both CVSS v2 and v3 severity information. CVSS v3 now supported in OTX And more! We’ve also made improvements to Passive DNS data, as well as added Linux sandbox support for ARM, x86, and x64. What’s coming next... We’re currently working on: Redesign and enhancements to file indicator detail pages Improved search capabilities for IoCs Ability to kick-off an endpoint scan from pulse emails Stay tuned because we have a lot more great stuff coming! We'd love to hear any feedback or thoughts you might have around how to improve OTX. There's a survey you can fill out, or just drop us an email. Join OTX today and start taking advantage of all these new capabilities and more -- for FREE!
Envoyé Oui
Condensat “add ability able about access actor add added additionally advantage alien all also analysis analyzed any api arm around associated at&t att&ck auto automatically backend because been below benefit biggest blog both but button can capabilities click coming community concerned containing continuing creation currently cvss cybersecurity data detail details development dns doesn’t drop easier easily edit email emails emerging endpoint enhancements even evolving exchange exciting extract fact family feature features feedback fields file files fill free from gives great hard have hear how identify ids improve improved improvements includes indicator indicators information intelligence iocs join just kick labs last latest light link linux list lot love made make making malware may might minutes mitre more multiple new next noticed now off on: once open otx out page pages passive pcaps platform portal private programmatically protocol provide pulse pulse” pulses redesign reference report resource resulting results sample samples sandbox scan scores search see sensitive severity shown simpler simply some speaking start stay stop stuff submissions submit submitted such suggestions support survey systems taking team there's these thoughts threat threats through tlp today traffic tuned types typing understanding unit upload urls using utilize we'd we’re we’ve well what what’s which will within work working x64 x86 year you’ll you’re your
Tags Malware Threat
Stories
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: