The Alienvault website has several posts about Open Threat Exchange but I wasn’t able to find instructions on how to enable it. Eventually I found the option hidden away in the advanced menu.
Here’s how to set it up:
1. Open the OSSIM web interface and click on the Configuration menu then Main
2. Select the Advanced tab and then select Open Threat Exchange
3. Select Yes from the dropdown to contribute to OTX
4. Click on the activation link. This takes you to the Alienvault website.
5. Fill out the form and submit it.
6. You’ll then get an email from Alienvault with a confirmation link. Click it and you will get a page saying that you’ve activated OTX.
7. Now go back to the OSSIM page and click on the Send Now button. This evaluates the threats your system has picked up and it will then show you a page like this one:
8. Click Send Now to send the details to Alienvault so they can be distributed to others.