Threat Intelligence AlienVault OTX & Google Web Risk

Assess the dangerousness of your IP
et Domains with AlienVault OTX.

Q: What is an Indicator of Compromise (IOC)?

An IOC is a technical fingerprint proving that a cyberattack has occurred. It may be a Hash SHA256 a corrupted file, a attacker IP address , or a domain name hosting phishing.

Q: How does AlienVault OTX calculate reputation score?

It crosses millions of community reports ( Pulses ) and open-source intelligence from around the world. Akuity SOC takes this raw data and consolidates it into a visual score from 0 to 100 .

Q: Why is IOC blocking in Defender limited to 90 days?

Attacker infrastructures change hands very quickly. The blocking of 90 days is a best practice to avoid polluting your block lists with IPs that have become harmless over time.

Faced with a suspicious IP address or an unknown domain, there is no room for doubt. Akuity SOC natively integrates AlienVault OTX and Google Web Risk to assess the reputation of adversary infrastructures and block IOCs across your entire fleet.

Démarrer mon essai de 14 jours Planifier la démonstration

Partenaire Pure Player Microsoft depuis 1990 • NIS 2 Conformité Cyber • Munich, Bavière (Allemagne)

Operational asymmetry

Manual OSINT is slow, non-standardized and non-scalable

Sans Akuity SOC

Avec Akuity SOC

OSINT manual

Browsing VirusTotal, Whois, security blogsfor each suspicious IP or hash. A 10-15 minute process per indicator.

Integrated analysis: direct querying of AlienVault OTX and Google Web Risk from the Threat Hunting console in one click.

Fuzzy assessment

Subjective analysisof the analyst faced with the raw data found. No standardized score, risk of interpretation error.

OTX Radial Gauge: algorithmic calculation of risk out of 100 points with contextualized bonus/malus.

Complex blocking

Manual manipulation of Firewall / Proxy rulesbusiness. Deployment delay, risk of configuration error.

1-Click IOC Blocking: direct injection into Microsoft Defender for Endpoint for 90 days via API.

3 technical pillars

How Akuity SOC is revolutionizing Threat Intelligence

AlienVault OTX & Google Web Risk Integration

Backend interfaced with the two largest global reputation databases.Google Safe Browsingidentifies active phishing campaigns.AlienVault OTXreports the presence of C2 malware via Community Pulses.

Scoring Algorithm — Radial Risk Gauge

Colorful circular gauge0 to 100with algorithmic weighting. Bonus if the IP belongs to a recognized cloud (Microsoft, AWS) validated by ASN. Critical penalty if recent domain (< 100 days) hosting malware.

Blocking IOC Global in Defender for Endpoint

As soon as the score confirms the danger, the analyst clicksblockIocOnTenant. SOAR immediately injects the IOC (SHA256 Hash, IP or Domain) via the Microsoft API. BlockingAction=Blockthroughout the park for 90 days.

Concrete case

Preventive neutralization of a Command & Control domain

Search — Unknown domain in network logs

Investigation

The analyst spots an unknown domain in the logs (update-system-win32.com). He enters the domain into the console's Threat Hunting tool.

The Verdict — OTX Gauge at 90/100 (Review)

Score 90/100

The OTX Gauge explodes at90/100 Review. The IA note says: "Recent registration (< 100 days), zero popularity, critical C2 server signatures."

The Shield — Global blocking validated by MFA

IOC Blocked 90 days

The analyst enters hisMFA codeand adds the indicator to the blacklist. Any workstation attempting to contact this C2 server is natively blocked by Windows Defender.

Threat Intelligence Resources