AlienVault USM AllinOne Getting Started Guide

Copyright 2015 AlienVault. All rights reserved.

AlienVault Unified Security Management Solution

Complete. Simple. Affordable

AlienVault USM All-in-One Getting Started Guide


Page 2

Table of Contents

WELCOME .............................................................................................................................................. 2 AUDIENCE ............................................................................................................................................................................ 3

STEP 0: DOWNLOAD AND INSTALL ...................................................................................................... 3 PRE-INSTALL CHECKLIST............................................................................................................................................... 3 PRE-DEPLOYMENT CONSIDERATIONS FOR VMWARE ESX 4.X ........................................................................... 3 HOW TO DEPLOY ALIENVAULT .................................................................................................................................... 4 OPTION 1: HOW TO MANUALLY CONFIGURE THE MANAGEMENT INTERFACE ............................................... 5 OPTION 2: HOW TO CONFIGURE THE MANAGEMENT INTERFACE USING DHCP ........................................... 7 HOW TO COMPLETE YOUR ALIENVAULT INSTALLATION ...................................................................................... 8

Optional: How to enter unique hostnames for your AlienVault devices ..................................... 11 HOW TO ACTIVATE ALIENVAULT ............................................................................................................................. 12

STEP 1: CONFIGURE NETWORK INTERFACES ................................................................................... 13 HOW TO CONFIGURE NETWORK MONITORING .......................................................................................................... 15 HOW TO CONFIGURE LOG COLLECTION & SCANNING ............................................................................................... 15

STEP 2: DISCOVER ASSETS IN YOUR NETWORK .............................................................................. 16 OPTION 1: HOW TO DISCOVER ASSETS USING A NETWORK SCAN .......................................................................... 17

1.1 How to Manually Add A New Network ............................................................................................... 18 1.2 How to Add New Networks from a CSV .............................................................................................. 19

OPTION 2: HOW TO ADD ASSETS MANUALLY ....................................................................................................... 19 OPTION 3: HOW TO IMPORT A CSV LIST OF ASSETS........................................................................................... 20

STEP 3: DEPLOY HOST-BASED INTRUSION DETECTION (HIDS) TO SERVERS ................................ 20 HOW TO DEPLOY HIDS TO WINDOWS.................................................................................................................... 21 HOW TO DEPLOY HIDS TO UNIX/LINUX ............................................................................................................... 21

STEP 4: LOG MANAGEMENT ............................................................................................................. 21 HOW TO ENABLE PLUGINS TO GET DATA FROM YOUR DEVICES INTO ALIENVAULT ................................. 21

Additional Log Management Considerations .......................................................................................... 22

STEP 5: OTX COMMUNITY REGISTRATION ...................................................................................... 22 HOW TO SIGN UP (USERNAME / PASSWORD) ............................................................................................................ 24 HOW TO SIGN UP (SOCIAL MEDIA AUTHENTICATION)......................................................................................... 25 HOW TO SIGN UP IF YOU HAVE AN EXISTING ACCOUNT ....................................................................................... 26 CONGRATULATIONS! .................................................................................................................................................... 27

STEP 6: ENTER A COMMERCIAL LICENSE KEY (IN THE FREE TRIAL)................................ 28 OPTION 1: ACTIVATE A COMMERCIAL LICENSE ONCE THE TRIAL PERIOD HAS ENDED ............................ 28 OPTION 2: ACTIVATE A COMMERCIAL LICENSE BEFORE THE TRIAL PERIOD HAS ENDED ........................ 28

STEP 7: ANALYZING THE RESULTS IN ALIENVAULT ......................................................................... 30 INTRODUCTION TO THE ALARMS INTERFACE ........................................................................................................ 30 INTRODUCTION TO DASHBOARDS ................................................................................................................................. 32 INTRODUCTION TO THE ASSETS INTERFACE.......................................................................................................... 33 INTRODUCTION TO THE VULNERABILITIES INTERFACE...................................................................................... 35

Welcome


Page 3

Welcome! In this tutorial we are going to show you how to get started with the AlienVault Virtual Appliance for OSSIM and USM. We will start with how to install AlienVault, how to configure your network interfaces, and network topology. Youll then learn how to discover assets using AlienVault, how to deploy HIDS (host-based intrusion detection system) to your servers and how to configure log collection.

Audience This information is intended for use by administrators who are responsible for investigating and managing network security for their organization. To use this guide you must have knowledge of your organizations network infrastructure and networking technologies.

Step 0: Download and Install To get started, you must register for a free trial at www.alienvault.com/free-trial Once youve registered, you can download and install AlienVault in to your virtual environment. Be sure to check the system requirements and the pre-install checklist before you begin then follow the instructions below:

Pre-Install Checklist

Email address used to register for the free trial

List of CIDR network ranges to monitor

Static IP address for your AlienVault instance*

Data source info to enable log management (e.g. firewalls)*

Access to a span port or tap to monitor your network*

Domain account info to install the HIDS agent* Note: The asterisk (*) denotes optional items

Pre-deployment Considerations for VMWare ESX 4.x VMware ESX 4.x formats with a 1MB block size during the formatting process that allows storage files of 256GB and under. The block size can be changed to 8M by following the instructions below:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId =1012683


Page 4

1. Reinstall the ESX host on a different drive (e.g. a second RAID set or boot from SAN) and leave the original disk for the VMFS volume. Choose your block size when creating the second datastore.

2. Alternatively, install ESX 3.5, create the volume with the desired block size or re-format the volume with the intended block size, then upgrade to ESX 4.x. Be sure to use the existing VMFS volume to store your console OS VMDK.

3. Create a second RAID set, forming a discrete device or volume, which can be

utilized with the intended block size, post installation.

4. Carve out a new LUN volume on the local controller to be utilized with the intended block size post-installation.

You cannot create a second datastore (via another partition) on the same drive via the ESX GUI. You must use the vmkfstools command. You may also need to create a partition in the free space first with the fdisk command:

vmkfstools -C vmfs -b Xm -S local2mBS

/vmfs/devices/disks/naa.xxxxxxxxxx:y

Xm is the blocksize (1m, 2m, 4m, or 8m).

local2mBS is your volume name. If the volume name has a space (for example, volume name), enclose it in quotation marks (for example, "volume name").

naa is the naa identifier, and y is the partition number. To determine this, run ls -la in the /vmfs/devices/disks folder.

You can also specify the file system version in the command to execute correctly:

vmkfstools -C vmfs3 -b Xm -S local2mBS

/vmfs/devices/disks/naa.xxxxxxxxxx:y

Note: Depending on your disk controller type, naa. may be replaced with eui., t10., or mpx.

How to Deploy AlienVault The following instructions are for VMWare ESXi v4 and v5 ONLY. The screenshots display the ESXi v5 interface.

1. Install AlienVault into your ESXi environment by deploying the OVF using your vSphere client with the menu option File Deploy OVF Template. Deploy using default deployment options by clicking Next.


Page 5

Note: To avoid having to pre-allocate the full amount of disk space, select the Thin Provision option for disk format. This will allocate the minimal footprint for your image and will grow as you store logs.

2. Once you get to the Ready to Complete screen, check the box for Power on after deployment and click Finish. Note: The deployment process may take several minutes to complete. Please wait for a success message before moving on.

Option 1: How to Manually Configure the Management Interface


Page 6

1. Click on AlienVault USM Trial and open the console from the menu bar, by going to Inventory > Virtual Machine > Open Console

2. Choose the Manual Configuration option (menu item 0)

3. Enter the assigned IP address for the device. Note: If you do not have this information, contact your network administrator

4. Enter a netmask. This will be used to get information about devices in your

environment.

5. Enter the address of your gateway (router) that serves as an access point to

external traffic.


Page 7

6. Enter DNS Server name(s). This will be used to look up host names on the

network. Note: To add multiple DNS servers, use commas to separate each server name.

7. Save your configuration settings by pressing Enter.

Option 2: How to Configure the Management Interface Using DHCP


Page 8

1. Click on AlienVault USM Trial and open the console from the menu bar, by going to Inventory > Virtual Machine > Open Console

2. Choose the option for DHCP Configuration (menu item 1)

3. A message will appear showing the settings that will be applied for your DHCP configuration. Click Yes to save the settings.

How to Complete Your AlienVault Installation

1. Power on the appliance and open the AlienVault command line console to allow AlienVault to do initial configuration

2. Log in using the credentials found in step 1 on the screen and change the root

password.


Page 9

Note: the username is always root. In the first use, the password is randomly set and is intended for the first time use only. You will be prompted to change your password after this step.

3. Change the root password by click Yes and enter a new password. You will be asked to enter your new password again to confirm the change.

4. Once the setup is complete, you will be given the URL to access the AlienVault

web UI. Click Enter and then exit the AlienVault setup.

5. If there is no internet connection, the following message will appear. Click Enter

to go to the setup main menu.


Page 10

6. Choose option System Preferences (menu option 1) and click Enter

7. Select option Configure Network (menu option 0) and click Enter

8. Configure your network manually by updating the information in each of the

options. Then open a web browser and enter the configured IP address.


Page 11

Note: If you are using a proxy, you must also configure it before registration. Follow the instructions found here: https://alienvault.bloomfire.com/posts/527852

Optional: How to enter unique hostnames for your AlienVault devices If you have more than one AlienVault device (e.g. your All-in-One device and a sensor), you may want to provide unique hostnames for each to make them easily identifiable in the user interface.

1. Go to the main menu in the AlienVault console and choose System Preferences (menu option 0)

2. Select option Configure Hostname (menu option 1)


Page 12

3. Enter the desired hostname for your AlienVault device into the field. This device

name will appear in the AlienVault user interface.

How to Activate AlienVault

1. Launch a web browser and open the AlienVault web UI using the URL provided.

2. Activate the AlienVault Free Trial by entering the email address that you used to sign-up for the free trial. Note: If you have already purchased AlienVault USM, click the link to enter your product activation key.


Page 13

3. Fill out the Welcome form with your information and sign in to the AlienVault

web console using your username and password.

4. Run the Getting Started Wizard to perform initial configuration of AlienVault.

Step 1: Configure Network Interfaces When you first connect to the AlienVault web UI you are prompted to use the Getting Started Wizard. This wizard is designed to walk you through six steps to get the basics of AlienVault configured so you can start using the product quickly to find threats in your environment. The first step of the wizard is to configure the six network interfaces that come pre-defined.


Page 14

These interfaces will be used by AlienVault to monitor the network using the built-in IDS capabilities, run asset scans, collect log data from your assets, run vulnerability scans, generate netflows, etc. The options available for each interface include:

Management. This is the interface that is used to communicate with the AlienVault virtual device and connect to the web UI. This is configured during the initial console step and is presented in the Configure Network Interfaces section of the wizard by default. It is likely tied to eth0, but may be different depending on what the user configured on the console. You cannot configure this in in the wizard. Network Monitoring. By setting a network interface into this configuration, AlienVault will put the interface into passive listening mode, also referred to as promiscuous mode. The interface will listen to traffic as it comes by on the wire. To use this configuration option the administrator needs to set up a network tap or span to allow the traffic to flow to the network interface so it can monitor for threats. AlienVaults built-in IDS capability uses this network interface. Log Collection & Scanning. This interface option is used to reach out to the networks that the user wants to collect data from or scan using AlienVaults built-in asset discovery, vulnerability assessment, and availability monitoring. Setting up this interface will require the user to assign an IP address and network mask to the interface so it can be used to communicate out and allow devices to communicate in.


Page 15

Not In Use. This is the default option for each of the interfaces (except the Management interface) on this screen. This means that the network interface is not configured and will therefore not be used.

How to Configure Network Monitoring AlienVault has a built-in networking monitoring (i.e. Network IDS) capability that allows you to identify malicious network activity by passively monitoring traffic on the network. One of the network interfaces in AlienVault must be dedicated to this. Do the following to enable it:

1. Choose the network interface that will be used for network monitoring.

2. Select Network Monitoring from the drop-down list.

Once selected, AlienVault will immediately configure the network interface to listen for incoming traffic.

3. Configure your virtual machine to get traffic from your physical network. Once the network is forwarding data to the selected network interface, the Status button will go from red to green. This will indicate that the interface is both configured and receiving data as expected.

Note: Once you've configured the network monitoring IF, you'll need to ensure that the virtual networking is configured to receive network traffic. Ensure you are getting network traffic and not just virtual switch traffic. Follow the instructions found here: https://alienvault.bloomfire.com/posts/779940

How to Configure Log Collection & Scanning AlienVault needs to have direct communication access to the networks in your environment that you want to scan or collect data from. This will allow you to use AlienVault to run an asset scan, vulnerability scan, deploy the HIDS agents to your systems, monitor availability of your systems, and collect data from your systems. Configure your interfaces for log collection and scanning by:


Page 16

1. Choose the network interface that will be used for log collection and scanning.

2. Select Log Collection & Scanning from the drop-down list.

A lightbox will pop up and ask for an IP Address and Netmask. This information will be used to configure the network interface with a static IP address.

Once you enter the IP address and netmask youll be placed back on the Configure Network Interfaces screen. This screen will now show you the IP address you supplied as the IP address for the interface. This will indicate that the interface configuration is successful.

3. Configure the other interfaces as needed for additional log collection and scanning.

Note: In some situations the network that you want to monitor may not be accessible from the IP address provided without setting up a route on the routing table. This is an extreme case and shouldnt happen often. If a route is required, you will need to jailbreak the system using the AlienVault console and configure the route using the command line.

Step 2: Discover Assets in Your Network Understanding what is in your environment is a critical step to identify threats and vulnerabilities. You need to know what you have so you can prioritize and respond to threats discovered. AlienVault includes a built-in asset database and ways for you to discover assets. You can use the built-in asset discovery capability to automatically scan your networks and find assets, manually enter assets, or import assets from a CSV file.


Page 17

Option 1: How to Discover Assets Using a Network Scan AlienVault needs to have a basic understanding of your network topology to run asset scans, vulnerability scans, and use other built-in capabilities. The Getting Started Wizard includes an option to scan your networks for assets. Click the Scan Networks button to run a network scan.

1. Choose one or more networks that you would like to scan. You should already

have one or more networks defined based on the network interfaces you configured in Step 1. Note: If you would like to add more networks, see instructions on page 10

2. Click the "Scan Now" button to initiate the scan. The confirmation screen will

then be displayed.

3. The confirmation screen will tell you how many assets may be scanned based on the network defined. Click "Accept" to start the scan.

Note: Be aware that if you created a large network (e.g. 10.10.10.0/16) the scan may take a long time. We suggest that you create smaller networks.


Page 18

4. You can Stop the scan at any time by clicking the "Stop Scan" button. Note that

if you stop the scan while running, no asset data will be retained and you'll need to run the scan again.

5. Once the scan is completed you will be asked if you want to schedule a recurring scan so you can discover changes in the environment periodically. The default option is to run a weekly scan. Click "OK" to accept and schedule the scan, change the frequency using the drop-down, or select no scan option by clicking the "x" on scan period. Click "OK" to continue.

1.1 How to Manually Add A New Network

1. Enter the CIDR notation for the network that you want to define.

2. Enter a meaningful name to the describe the network (e.g. DMZ, Employee

Office). This will be used in the next step.

3. Enter an optional description to describe the network.

4. Click the "+Add" button to add the network.

Note: If you make a mistake and define the network incorrectly, use the delete option (icon of trash can) to delete and re-enter the network.


Page 19

1.2 How to Add New Networks from a CSV

1. Click on Import from CSV option to import a list of the important network ranges in your environment from a CSV file.

2. Click on Browse and select a CSV file.

3. Click Import to upload the selected file.

Once the import is completed, a confirmation screen will appear to show the number of hosts that have been imported from your CSV file.

Option 2: How to Add Assets Manually If you do not have access to a list of assets in the form of a CSV, you can quickly add assets manually by doing the following:

1. Provide a meaningful name for the asset (e.g. domain controller).

2. Enter the IP address in the field provided.

Note: We suggest that you create smaller networks. Be aware that if you create a larger network (e.g. 10.10.10.0/6) the scan may take a long time.

3. Choose the asset type from the list.


Page 20

4. Click the +Add button to add the asset.

Option 3: How to Import a CSV List of Assets In AlienVault, you are also able to import a list of assets from a CSV by doing the following:

1. Click on Import from CSV button. A lightbox will pop up and ask for you to choose a file to upload.

2. Click the Browse button and select a CSV file.

3. Click on Import button to import the CSV file. You will see a confirmation screen

that will display the number of hosts that have been imported.

Step 3: Deploy Host-based Intrusion Detection (HIDS) to Servers We recommend deploying HIDS in order to perform file integrity monitoring, rootkit detection and to collect event logs. For windows machines the HIDS agent will be installed locally, for Unix/Linux environments remote HIDS monitoring will be configured. Unix/Linux systems are monitored remotely and only include file integrity monitoring capability. Note: HIDS needs administrative access to create directories, files, set permission and launch processes. You must provide credentials to the administrative account on the system that you want to deploy the HIDS on.


Page 21

How to Deploy HIDS to Windows

1. Enter the domain admin account information.

2. From the asset tree on the right, choose the assets that you would like to deploy a HIDS agent to.

3. Click Deploy to deploy the agent to selected assets.

4. Once the plugin is configured correctly, green circles will appear below Plugin Enabled and below Receiving Data.

How to Deploy HIDS to Unix/Linux

1. Enter the SSH credentials for your Unix/Linux environment.

2. From the asset tree on the right, choose the assets that you would like to install HIDS in agentless mode.

3. Click Deploy to deploy the agent to selected assets.

4. Once the plugin is configured correctly, green circles will appear below Plugin

Enabled and below Receiving Data.

TIP: Select assets with the same administrative credentials to deploy HIDS to more than one asset.

Step 4: Log Management One of the key capabilities provided by AlienVault is the ability to collect external data from network devices, security devices, and your servers. The data collected allows AlienVault to do event correlation to see patterns of activity and warn you via an alarm. The Getting Started Wizard allows you to easily configure each of the assets you've discovered or added in the Asset Discovery step with the appropriate Plugin to collect the data from your assets. Do the following to enable plugins:

How to Enable Plugins to Get Data from Your Devices into AlienVault

1. For each asset, select the correct vendor, model, and version number that corresponds to the data that you want to collect from that asset.


Page 22

2. Click on the "Enable" button to enable the selected plugins. This will take you to

the Log Management Confirmation screen. Note: For assets that don't have a plugin selected, you will not be able to collect data from them, but you can configure plugins for them at a later date.

3. The confirmation page shows you each of the assets that a plugin will be enabled for, and an indicator that tells you if the plugin is enabled, and if you are receiving data for that asset. Click on the "Instructions to forward logs" to learn how to configure your asset to send data.

4. Once done enabling plugins for the devices you want to collect data from, click "Finish" to exit the wizard. Note: You will not be able to finish the wizard until you are receiving data from at least one asset.

Additional Log Management Considerations

Remember that firewall deny logs represent an action that has already been taken. To get visibility around what is coming into the network, we recommend collecting firewall permit logs too.

Collect OS audit logs to get visibility around who is accessing your assets paying special attention to privileged accounts is critical

Step 5: OTX Community Registration AlienVault Open Threat Exchange (OTX) is an open information sharing and analysis network, created to put effective security measures within the reach of all organizations. Unlike invitation-only threat sharing networks, OTX provides real-time, actionable information to all who want to participate.


Page 23

Enabling AlienVault OTX in your installation will allow you to automatically share anonymous threat information with the OTX community. In return you will receive crowd-sourced threat updates every 30 minutes. The image below shows a sample of the type of data being sent from an AlienVault installation to OTX.

Once you have finished installing and configuring AlienVault (with OTX enabled), you will be able to quickly see which alarms indicate malicious activity from a known bad actor on the Alarms page. These alarms contain an orange bulls-eye icon next to the IP address that has been identified in OTX as malicious. Clicking the bulls-eye icon will open a new page with a threat analysis for that IP address including location, any domains associated with that IP, a list of recorded threat activity, and more.


Page 24

To enable OTX in your AlienVault installation, you must sign up for an AlienVault OTX community account. You will then receive a token to link your installation to OTX. Follow the instructions below:

How to Sign Up (Username / Password)

1. Click the Sign Up Now button to open the Join AlienVault OTX window.

2. Select a username, password, password confirmation, and email. These are

required fields.

Note: The password must be at least 7 characters.

3. Click Create Account. Your AlienVault Community account will be created. The window will refresh and give you your new OTX Token.

4. Copy the OTX Token from the pop-up and paste it into the available field of the Getting Started Wizard.


Page 25

5. Click the Next button to continue. A Thank You page will appear to confirm

your OTX registration.

6. Click Finish to complete the Getting Started Wizard and start using AlienVault.

How to sign up (Social media authentication)

1. Click the Sign Up Now button to open the Join AlienVault OTX window.

2. Choose one of the social media options on the left (Facebook, Twitter, or

Google+) 3. If you are not currently logged into that network, you will be prompted to sign-in

with your social media credentials.


Page 26

4. An alert will appear to let you know what the app would like to do (e.g. view

your email address and view basic information about your account) Note: AlienVault OTX will never post to your social media account on your behalf.

5. Click Accept. You will be prompted to complete your sign-up by choosing a username and confirming your email address.

6. Click Sign Up. Your AlienVault Community account will be created. The window will refresh and give you your new OTX Token.

7. Copy the OTX Token from the pop-up and paste it into the available field of the

Getting Started Wizard.

7. Click the Next button to continue. A Thank You page will appear to confirm

your OTX registration.

8. Click Finish to complete the Getting Started Wizard and start using AlienVault.

How to sign up if you have an existing account If youve already created an AlienVault community account for free services like Reputation Monitor, follow the instructions below.

1. Click the Join Now button. A pop-up will appear in a new window and ask you to sign-up for an AlienVault OTX account. Click the Login tab on the top left.


Page 27

2. Sign in by entering your username and password or through one of the social

media authentication options.

3. Once youve logged in, you will see a screen with your unique Open Threat Exchange token. Copy the token in the pop-up and then go back to the page with the Getting Started Wizard.

4. Paste the token into the field marked Enter Token and click Next.

5. A Thank You page will appear to confirm your OTX registration. Click Finish to

complete the Getting Started Wizard and start using AlienVault.

Congratulations! You are finished setting up AlienVault. You can click the See Alarms button to view any alarms that have been generated in your installation or click Explore AlienVault USM to go to the Dashboards screen.


Page 28

Step 6: Enter a Commercial License Key (in the Free Trial)

Option 1: Activate a Commercial License once the Trial Period has Ended

1. If you attempt to log in to your AlienVault installation once the free trial has ended, you will see the following screen.

2. From this screen, enter your commercial activation key (provided by an

AlienVault representative) and click the Send button. This will activate your commercial license and you will be able to continue using AlienVault USM.

Option 2: Activate a Commercial License before the Trial Period has Ended

1. To activate a commercial license before the end of the 30-day trial, open the Environment Snapshot tray on the right tab.


Page 29

2. In the notifications section, click on the link that says how many days are left in

your free trial. You will be directed to the following screen

3. Enter your commercial activation key (provided by an AlienVault representative)

and click the Send button. This will activate your commercial license and you will be able to continue using AlienVault USM.


Page 30

Step 7: Analyzing the Results in AlienVault Congratulations! AlienVault is now configured and collecting data about the devices in your environment. You can view alarms to see if AlienVault is registering any potentially malicious activity, explore the built-in dashboards as well as create your own, and then browse the results of your asset discovery. Lets have a look at what AlienVault has collected about your environment.

Introduction to the Alarms Interface

1. Go to Analysis > Alarms to view any current threats. The alarms dashboard displays threats using the kill chain taxonomy and uses the size of the bubbles to indicate the number of attacks in that time period.

2. Click on a bubble to filter the results and show only attacks of that type during

that time period.

3. Scroll down to the list of alarms, if you see a bulls eye next to some of the IP addresses, this indicates that we have an entry in the AlienVault Open Threat Exchange (OTX) reputation database. Clicking on the bulls eye will take you to


Page 31

the threat details page for that IP.

4. Click on a single alarm. The alarm will expand and give you a little more

information as seen below.

5. Click the View Details button to see more about this threat, including the

related events and/or IDS signatures related to the attack. You can also click on the event in the list to see for further detail as well as an output of the raw log that AlienVault collected.


Page 32

Introduction to Dashboards

1. Go to the Dashboards > Overview page. You can review the pre-built dashboard tabs and discover data about your environment or you create your own dashboards through the Dashboard Wizard by clicking the pencil icon on the top right of the dashboards.


Page 33

Introduction to the Assets Interface

1. Go to Environment > Assets to view the devices that AlienVault discovered in your environment.

2. You can enter a particular hostname, IP, or even naming convention into the

search bar to filter the results.


Page 34

3. To view more details about the asset, either click the button labeled Details, or

click the Details icon at the far right of the list entry. This will display more information about the asset, including system properties, discovered software/services, related log event/flow data, and the number of vulnerabilities found.


Page 35

Introduction to the Vulnerabilities Interface

1. Go to Environment > Vulnerabilities to view the vulnerabilities discovered through host and network scans. In addition to the environment-wide summary up top, the vulnerable assets are listed below by severity. You can export reports in PDF and HTML from this view.

AlienVault USM AllinOne Getting Started Guide

Documents

Transcript of AlienVault USM AllinOne Getting Started Guide