|Applies to Product:||USM ApplianceTM||AlienVault OSSIMTM|
An AlienVault USM Appliance All-in-One comes with six network interfaces, numbered eth0 to eth5. USM Appliance uses these interfaces to perform the following functions:
- Monitor the network, using its built-in IDS capabilities
- Run asset scans
- Collect log data from your assets
- Run vulnerability scans
- Generate network flows
The interfaces include the options described in the following subtopics.
By default, USM Appliance configures the management interface to perform network monitoring, log collection and scanning. So, for this reason, you do not need to configure any additional interfaces, as long as they are all on the same subnet as the management interface.
The management interface lets you
- Communicate with the AlienVault console
- Connect to the web interface
You cannot configure the management interface from the Getting Started Wizard; it is configured during initial setup from the AlienVault console. For more information, see Set Up the Management Interface.
Note: The default port for the management interface is eth0. However, you may configure a different port for this interface, if desired.
When the administrator configures an interface for network monitoring, the interface operates in passive listening mode (also known as promiscuous mode). A network tap or span is set up that allows the interface to monitor all packet traffic passing through it for threats.
Because USM Appliance's built-in IDS capability uses the network monitoring interface, you must dedicate at least one of the network interfaces to it. See Configuring Network Monitoring for details.
You use the Log Collection and Scanning interface to reach the networks and systems from which you want to collect data. You also use it to scan the systems, using USM Appliance's built-in asset discovery, vulnerability assessment, and availability monitoring tools.
Setting up this interface requires assignment of an IP address and network mask to the interface. See Configuring Log Collection and Scanning for details.
This is the default option for all the interfaces except the management interface.
This applies to any network interface that is not in use and not configured.