November 11, 2011 | Dominique Karg

Bubba Xyzzy is born!

Hey all, we’d like to introduce you to our new little Alien mascot. You’ve seen him for about a month here on the Labs page but he’ll be much more predominant around Alienvault in the near future. No worries, he’ll never become annoying like “Clippy” (“I see you are…

November 3, 2011 | Jaime Blasco

Massively collecting CRL and OCSP information

As part of the IP reputation project we are writing a small engine to avoid false positives and whitelisting some common ips/networks. Usually when you execute a binary on a sandbox and the executable file has been signed, you receive a lot connections to the servers hosting the Certificate Revocation Lists (CRL) and the Online Certificate Status Protocol (OCSP). …

Get the latest security news in your inbox.

Subscribe via Email

October 18, 2011 | Dominique Karg

3.1 coming soon

Big news on the release front. Some features didn’t make it into 3.0 due to QA but now this has been solved and we wanted to roll out a minor release (which is not so minor if you look at the Changelog…) with this data, before heading towards 4.0 (IPv6 support, huge improvements on the multitenancy/multicustomer side and big performance…

October 18, 2011 | Jaime Blasco

Advisory: Cisco IOS HTTP client DoS

DESCRIPTION: There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands: router#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. router(config)#application router(config-app)#service name http://ip_address/ router(config-app-param)#end and the HTTP server responds…

October 16, 2011 | Dominique Karg

New code piece: automatic plugin detection

We just uploaded a snippet written earlier this year, it requires and can automatically identify the log type a certain IP is sending via syslog. …

October 12, 2011 | Dominique Karg

Logger benchmarking (commercial edition)

Hey all, I don’t want this to become a spam forum, nothing further in my intention than this, but Pascal ([email protected]) just shared some screenshots with us from a customer PoC, which are much more interesting than any internal benchmark we could do  in the labs. These screenshots show the Logger performing in the worst…

October 10, 2011 | Dominique Karg

Feature Focus 2: Custom Tickets

The second installment of our feature focus series, this time focused on custom tickets. Custom tickets are a good way to feed the system with information that cannot be fed automatically and requires human intervention, have a look at the video to find out more. …

October 6, 2011 | Dominique Karg

New section: feature focus. Today: ip reputation and voice control

Hey all, today I’m proud to introduce the first voice controlled SIEM. One step closer to the war against the machines. I hope to be doing a lot of these and also to be expanding the tutorials with some videos and such. Any critics and feedback, be it positive or negative is welcome. The video quality is a…

October 4, 2011 | Jaime Blasco

Metasploit Payloads VS Libemu

                     Today we will analyze the detection capabilities of libemu [no longer available] using the Metasploit payloads. Libemu is a small library to detect and analyze x86 shellcodes using heuristics. We have written a small script to automatically generate Metasploit payloads and see if libemu is…

September 21, 2011 | Dominique Karg

RAID 11 @ Menlo Park, CA (notes and rants)

I attended RAID these past couple of days and must say I come out of it with mixed feelings. I had moments of great fun, saw some good stuff but most of the conferences were waaaaaaay too theoretical for my taste. Anyway, these notes have to be taken with a grain of salt. I know that many people have put…

September 19, 2011 | Dominique Karg

OISF/Suricata Brainstorming session

Just attended the OISF Suricata brainstorming session, it was really fun (unlike the RSA one 😉). Happening at the same venue than RAID 11 (which I’ll be attending with Jaime too), it was 3+ hours of brainstorming, discussing IDS/IPS and learning about a bunch of new concepts. I think they’re doing a real good job on it…

Watch a Demo ›
Get Price Free Trial