- Pulses: Collections of , reported by the OTX community, which other community members review and comment on. Pulses provide you with a summary of the threat, a view into the software targeted, and the related IOCs, reported by the OTX community worldwide. See About OTX Pulses and IOCs.
- IP Reputation: Provides of communication between known malicious and your assets. See About OTX IP Reputation.
About OTX Pulses and IOCs
The OTX community reports on and receives threat data in the form of pulses. A pulse consists of at least one, but more often multiple, Indicators of Compromise (IOCs). An IOC is an artifact observed on a network or in an end point, judged with a high degree of confidence to be a threat vector. Examples of threat vectors include campaigns or infrastructures used by an . This table provides a list of IOC types: Indicator of compromise (IOC) types| IOC Type | Description |
|---|---|
| CIDR Rules | Classless inter-domain routing. Specifies a range of IP addresses on a network that is suspected of malicious activity or attack. |
| CVE number | Standards group identification of Common Vulnerabilities and Exposures (CVEs). |
| Domains | A domain name for a website or server suspected of hosting or engaging in . Domains may also encompass a series of . |
| An email address associated with malicious activity. | |
| File Hashes (MD5, SHA1, SHA256, PEHASH, IMPHASH) | A hash computation for a file that can be used to determine whether contents of a file may have been altered or corrupted. |
| File Paths | Unique location in a file system of a resource suspected of malicious activity. |
| Hostnames (subdomains) | The hostname for a server located within a domain, suspected of malicious activity. |
| IP Addresses | An IP address used as the source/destination for an online server or other device suspected of malicious activity. |
| MUTEX Name | Mutual exclusion object allowing multiple program threads to share the same resource. Mutexes are often used by as a mechanism to detect whether a system has already been infected. |
| URI | A uniform resource identifier (URI) that describes the explicit path to a file hosted online, which is suspected of malicious activity. |
| URL | Uniform resource locations (URLs) that summarizes the online location of a file or resource associated with suspected malicious activity. |
About OTX IP Reputation
OTX IP Reputation identifies IP addresses and domains worldwide that are submitted by the OTX community. IP Reputation verifies them as either malicious or, at least, suspicious until more data comes in to increase their threat ranking. Through its incoming IP data from all of these sources, IP Reputation supplements OTX data with valuable data about actively or potentially malicious activity appearing worldwide that can affect your systems.IP Reputation Data Sources
IP Reputation receives data from a variety of sources:- Open-source intelligence: Public and private security research organizations.
- USM Anywhere : Consists of users who have voluntarily agreed to anonymously share information about external traffic into their network with LevelBlue.
Note: LevelBlue ensures that none of the data shared with OTX can be traced to the contributor or their USM Anywhere deployment.
Who Has Access to IP Reputation?
All USM Anywhere users receive the benefit of IP Reputation data whether or not they sign up for an OTX account. When you open an OTX account, you may elect to share IP Reputation data with other OTX users. Any data you contribute are anonymous and secure.Note: You can configure USM Anywhere to stop sharing IP Reputation data with OTX at any time by visiting the Open Threat Exchange Configuration page.