Thursday 26 January 2017

New job at AlienVault OTX

It turns out I enjoy working on a threat intelligence platform so much I’ve decided to do it full time - and have moved to AlienVault to work on their OTX platform. You can read more about that over on the AlienVault blog. OTX already has some very strong social and integrations features, and I’ll be particularly working to add in more of the analysis tools that people have found useful in ThreatCrowd.

The obvious question I anticipate is “What will happen to ThreatCrowd?”. The overall plan here is that the community will have free access to more tools and more data - not less. I’m looking forwards to working on a platform that doesn’t have ThreatCrowd’s constraint of constantly running at 99% diskspace on an 80 GB Linux web server!

There are things that aren’t available in OTX yet such as the graph, whois/ssl/nmap data and some of the API functionality. Much of that is already in development on OTX, and the rest should be within reach.

Development on ThreatCrowd ceased about a year ago when I reached the core aims of the protoype I had in mind, and I haven’t yet worked out an exact roadmap for yet. I imagine I’ll migrate parts over as new functionality gets introduced to OTX. Again the broad principal here is that the community will have more access to tools and data, not less.

I’ve had a ton of feature requests for ThreatCrowd, many of which I haven’t had time to reply to (sorry!) let alone implement. But if you’ve you’ve got any ideas now’s the time : )

You can suggest features in OTX by clicking “Feedback” here