Applies to Product:

USM Appliance™

AlienVault OSSIM®

The following diagram provides a high-level view of the overall USM Appliance architecture.

 

AlienVault USM Appliance has three core components:

• USM Appliance Sensor — deployed throughout your network to collect events from various devices on the network.
• USM Appliance Server — aggregates and correlates information gathered by the USM Appliance Sensors, and provides single pane-of-glass management, reporting, and administration.
• USM Appliance Logger — securely archives raw event log data for forensic investigations and compliance mandates.

The USM Appliance Sensor collects raw log data and other information from various network devices, host servers, and applications, normalizes the data into a standard-event format, and sends the events on to the USM Appliance Server. Customers can choose from over 200 sensor plugins to process raw log files and other information from different network devices that might be deployed in a customer’s network environment. Once events have reached the USM Appliance Server, you can use the USM Appliance web UI to view and analyze events, establish policy and correlation rules, investigate and address alarms, and perform other network security operations.