AlienVault OTX False Positives


(GT) #1

I have set up the threat intel plugin and have subscribed to the official Alien Vault threat feed. I have been getting 90k+ positive matches with 900k messages per hour. I can’t even begin to properly sort through them due to the insane volume of matches. A good example is the destination IP of 8.8.8.8 being flagged up by multiple pulses which are “RiskDiscovery Twitter feeds - 2017-12-24, My Case, Test de indicadores de Google, dont subscribe”. As I stated before I have only subscribed to the Alien Vault official threat feed and have no idea why these pulses are being checked against my logs.

I have asked on the Alien Vault forum a few days ago and had no reply so thought it would be worth asking here.

Cheers,

G


(system) #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.