How to install Alienvault OTX endpoint security agent and scan endpoints to find out IOC’s completely free

Md. Mahim Bin Firoj
3 min readOct 18, 2023

Today’s blog is about how to install alienvault otx agent on various endpoints (Windows) to find out malicious activity when any CVE comes out. For example, any new cve or pulse has come out from alienvault threat intel and you need to check whether your system already compromised or not by that threat. Then this will be a great help. I am clearing more. See below.

Say this pulse has come out. And your developer using WordPress Royal Elementor plugin in your wordpress website. You come to know this 1 or 2 days later after the pulse out. Now one question will be in your mind that are we compromised already?

The good thing is, alienvault always provides some ioc’s with the pulse that are associated with the attack. You can easily check and confirmed.

  • First of all you need to create an account to https://otx.alienvault.com site.
  • Then you need to install the agent to your endpoint where malicious things you suspect may occured.

https://otx.alienvault.com/endpoint-security/welcome
Once your account is created, now go to the above link and click on Get Started.

Here in my endpoint, the agent is installed that’s why showing like the above. From here you just need to click Add more endpoints

Now select your OS platform then the subsequent agent installation command will be shown. For windows, open powershell as an administrator privilege and paste the code there.

Now the agent is installed.

Now come to the pulse again or refresh the page. You will see RUN SCAN options. Clicking on RUN SCAN the scan will be started.

Click on SEE THE RESULTS button.

You will see the results like the above image.

This is how you can scan your endpoints.

You can also scan your endpoints with selected pulse:

  • You need to select the option Scan by pulse first.
  • Then you need to provide the pulse.
  • Then pulse will be found if it is valid.
  • Then you need to click Run scan with selected pulses.

Removing the agent:

From the control panel, you can remove the agent as well.

Thanks. I hope this blog will help you to hold with another awesome tool during your IR activity. Please subscribe below.

LinkedIn:

https://www.linkedin.com/in/md-mahimbin-firoj-7b8a5a113/

YouTube:

https://www.youtube.com/@mahimfiroj1802/videos

--

--