Threat intelligence firm AlienVault announced the launch of a free endpoint scanning service, called OTX Endpoint Threat Hunter, that allows private firms and security experts to identify threats in their networks.
“OTX Endpoint Threat Hunter is a free threat-scanning service in Open Threat Exchange that allows you to detect malware and other threats on your critical endpoints using OTX threat intelligence. This means that you can now harness the world’s largest open threat intelligence community to assess your endpoints against real-world attacks on demand or as new attacks appear in the wild—all. for. free.” states the announcement published by AlienVault.
The OTX Endpoint Threat Hunter service is part of the AlienVault Open Threat Exchange (OTX) platform that currently provides more than 19 million threat indicators contributed by over 80,000 users.
This means that users can assess their infrastructure by using threat information collected by the world’s largest open threat intelligence community.
OTX Endpoint Threat Hunter is a free threat-scanning service that allows users to detect malware and other threats on endpoints using OTX threat intelligence.
The new service uses lightweight endpoint agent, the AlienVault Agent, that executes predefined queries against one or more OTX pulses, the agent can be installed on Windows, Linux and other endpoint devices.
Each pulse includes a complete set of data on a specific threat, including IoCs.
OTX Endpoint Threat Hunter is directly integrated in OTX, this means that users can start using it without the use of other security tools as explained by AlienVault.
OTX Endpoint Threat Hunter can also be used to scan for processes running without a binary on disk, scan for crypto-mining activity and scan for installed malicious / annoying Chrome extensions.
AlienVault has described several scenarios where Endpoint Threat Hunter can be effective, including:
Users can also scan all the endpoints against multiple pulses at once, the OTX Endpoint Threat Hunter allows to scan against pulses as well as YARA rules in multiple ways:
(Security Affairs – OTX Endpoint Threat Hunter, cyber threats)