First Steps with AlienVault OTX 2.0
Sign Up (It’s free)
Here at AlienVault, we’ve recently made some exciting updates to the Open Threat Exchange. Want to get free threat intelligence for your security controls? You’ve come to the right place!
First, signup for an account. Use your existing twitter or google account, or fill out the form. Your username will be displayed throughout the site, but your email address will remain private.

Fundamentals
Every new account gets subscribed to the AlienVault account. The AlienVault account is how we are posting Indicators Of Compromise (IOCs) to all AlienVault USM and OSSIM appliances, as well as whomever makes use of the API. If you’d prefer a fresh start*, you can unsubscribe from AlienVault. The easiest way to do this as of now is to visit AlienVault’s profile page, and click unsubscribe.
*Given that the AlienVault account is managed by the AV Labs threat intelligence team, we’d highly encourage you to remain subscribed to AlienVault. If you’re planning to use OTX to supply yourself with your own exclusive IOCs and nothing else, you should unsubscribe from AlienVault. In most cases AlienVault IOCs will be of the highest integrity.
We use the term ‘pulse’ to mean a singular threat — but may contain many IOCs. Each `pulse` (or threat) on OTX contains it’s own IOCs, description, tags, comments, etc.
Follow User VS Subscribe User
You’ll notice there’s two actions on user profile pages:

Subscribe to the users whom you trust the most. Pulses by users you subscribe to will be automatically included in your threat intelligence. For example, if AlienVault posts a pulse in the middle of the night, you’ll receive these indicators without having to take action on the website.
Follow users you’re interested in, but not yet ready to blindly accept IOCs from. You’ll be notified about new pulses by users you follow, and you’ll see these pulses in your activity feed (discussed below), but you’ll need to click the subscribe button on each of their pulses for them to be included in your threat intelligence.
Though it is currently possible to subscribe and follow a user, there is no reason to do both! Everything that happens when following a user also happens when subscribing.
Subscribe to a single pulse from the list view:

Or, to examine the IOCs in detail before subscribing, you can click the list item title, and use the subscribe button in the detailed pulse view:

Wrapping up
Pulses — collection of IOCs. Contains a name, tags, references, a breakdown of Threat Infrastructure, community comments.
We now know about two sources for threat intelligence. Pulses we subscribe to directly, and pulses by users we subscribe to. With this knowledge, you’re ready to start building your threat intelligence on OTX!
The third and final source of threat intelligence is from the pulses you create yourself! We’ll take a look at this in a future post.
