The AlienVault team has been hard at work over the past few months on our latest version of USM Appliance, v5.4, focused on streamlining your threat detection, response, and compliance capabilities, while improving reporting in USM Appliance. Take a look at the new features below, check out the release notes for more details, update your systems, and let us know what you think by posting your questions and comments on the product forums!
Streamlining your Threat Detection and Response
We’ve made a number of enhancements in USM Appliance 5.4 focused on giving you time back in your day. Let’s dig into these.
Moving Threat Intelligence Forward
Don’t worry about staying up to date with our frequent Threat Intelligence and Plugins feed updates anymore by scheduling auto-updates! Once configured, USM Appliance will check to see if an update is available every day at a time of your choosing. In the event of an update attempt, you’ll get a message in the Message Center that will confirm the success or failure. We’re hoping this eliminates one more thing from your “To Do” list and makes keeping your USM Appliance software up to date and as simple to maintain as possible.
Optimized Network IDS (NIDS) rulesets
With new optimized NIDS rulesets in the USM Appliance 5.4 update, USM Appliance users should experience better NIDS performance and better event matching. Ultimately, this means fewer false positives and more indicators identified for most environments.
Easy Open Threat Exchange (OTX) Lookups
Ever wondered if OTX has anything to say about that IP address associated with an event or an alarm in USM Appliance? Now, you can right-click on any IP address in the Alarms or Events views to quickly search for additional details in OTX, or even to create your own pulse associated with that IP address.
Behavioral Monitoring in USM Appliance Just Got More Advanced
There are many anomalies that can be detected by monitoring NetFlow, such as an unusual amount of bandwidth used by a host or a large number of flows generated. These cases often find successful exfiltration attempts, given that the host is now acting differently than normal on a network. With USM Appliance v5.4, you can now use USM Appliance to generate alarms and get alerted when your NetFlow goes above or below certain thresholds. And setting up alerts is super simple! Just set your thresholds and if any asset in your network exceeds this threshold, USM Appliance will generate an alarm. *NOTE: this feature is only available for "All in One" and “Standard” deployments.
The World of Plugins Just Got Bigger...
Plugin builder (previously called Smart Event Collector or ASEC) is back. We now have an intuitive way for users to easily create their own custom plugins. After uploading a sample log file, USM Appliance will guide you through a set-up flow to add properties to the plugin and map parts of the log file to specific event types. With this tool at your disposal, monitoring logs from any non-commercial software that you have running in your environment within USM Appliance will be easier than ever. Give it a shot and let us know what you think!
We do, of course, understand that you may not have the time to build a plugin yourself. No problem! We still encourage you to submit a plugin request for any commercial product and we’ll build the plugin for you and deliver it back through your threat intelligence subscription.
Compliance and reporting updates
We've also added 18 new reports for ISO 27002 and 10 new reports for NIST/FERPA to aid in your compliance efforts. Out of the box, users will be able to run reports on remote access, unencrypted traffic, failed logon attempts, and much, much more.
*P.S. - if you don’t see all the reports that you need, let us know on the product forums!
In addition to being able to export report data in a PDF format, users will now be able to export in XLS format. We’re hoping this provides much more flexibility with the extended uses and modification of the data that is generated by USM Appliance.
More Deployment Options
Deployment of USM Appliance on Hyper-V v3.0+ (Windows Server 2008 SP2 and later) is now officially supported!
This covers the bigger features, but there are many more updates and defect fixes detailed in the release notes. If you’re new to AlienVault and you’d like to see how to put these features to work in your own environment, feel free to create your own personalized demo, explore the online demo, or download the free trial today.