Threat intelligence firm AlienVault announced the launch of a free endpoint scanning service, called OTX Endpoint Threat Hunter, that allows private firms and security experts to identify threats in their networks.
“OTX Endpoint Threat Hunter is a free threat-scanning service in Open Threat Exchange that allows you to detect malware and other threats on your critical endpoints using OTX threat intelligence. This means that you can now harness the world’s largest open threat intelligence community to assess your endpoints against real-world attacks on demand or as new attacks appear in the wild—all. for. free.” states the announcement published by AlienVault.
The OTX Endpoint Threat Hunter service is part of the AlienVault Open Threat Exchange (OTX) platform that currently provides more than 19 million threat indicators contributed by over 80,000 users.
This means that users can assess their infrastructure by using threat information collected by the world’s largest open threat intelligence community.
OTX Endpoint Threat Hunter is a free threat-scanning service that allows users to detect malware and other threats on endpoints using OTX threat intelligence.
The new service uses lightweight endpoint agent, the AlienVault Agent, that executes predefined queries against one or more OTX pulses, the agent can be installed on Windows, Linux and other endpoint devices.
Each pulse includes a complete set of data on a specific threat, including IoCs.
OTX Endpoint Threat Hunter is directly integrated in OTX, this means that users can start using it without the use of other security tools as explained by AlienVault.
OTX Endpoint Threat Hunter can also be used to scan for processes running without a binary on disk, scan for crypto-mining activity and scan for installed malicious / annoying Chrome extensions.
AlienVault has described several scenarios where Endpoint Threat Hunter can be effective, including:
Users can also scan all the endpoints against multiple pulses at once, the OTX Endpoint Threat Hunter allows to scan against pulses as well as YARA rules in multiple ways:
(Security Affairs – OTX Endpoint Threat Hunter, cyber threats)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.