Documentation Center
AlienVault® USM Appliance™

Tutorial: Modifying a Built-In Directive

Applies to Product: USM Appliance™ AlienVault OSSIM®

USM Appliance comes with over 4,500 built-in directives, written by the researchers in the AlienVault Labs. AlienVault recommends that you learn how these directives work, and then tailor them to your specific needs.

For example, you might want to detect dropped packets going to a single host on a firewall. In the built-in directives, such a directive exists, which detects dropped packets on the Cisco PIX firewall. However, in order to detect dropped packets on a different firewall, for instance, the Fortinet FortiGate firewall, you need to customize the directive. 

In this topic, we use this example to show the steps required to modify a built-in directive. It involves the following 4 tasks: