• Support
  • Forums
  • Blogs

Best Recent Content

  • What we're working on - USM Appliance

    Updated Date: February 21, 2017


    Product teams should be like restaurants with open kitchens.

    Rather than bring your next meal or software update from behind a mysterious curtain, we’d like to give you a sneak peek into what we’re up. So here are a few things you can expect in an upcoming release:

    • Ability to exclude IPs from asset scans - Exclude one or more IP addresses from an asset scan
    • New permission option - Control which users have permissions to close alarms 
    • ERSPAN support in AlienVault IDS - Improved network IDS for ERSPAN-capable systems
    • Auto-updates for plugins and Threat Intelligence feeds - Users no longer need to log into the system to update their feeds - schedule feed updates to run when you want them.
    • Audit trail logging for AlienVault appliance - Monitor what your users are doing in the AlienVault USM web UI. 
    • Export reports to XLS - New export format for reports generated in the system. Be able to export to XLS or PDF.
    • Alerting on spikes in netflow - Get alerted when your netflow goes above or below set thresholds.
    • Easy OTX lookup - Right-click on any IP to search for details in OTX. 
    • Reliability improvements for alarm forwarding (USM Federation Server) - Multiple changes to assure that alarms are properly delivered from child to parent
    • Hyper-V support - Deploy AlienVault USM on Hyper-V 
    • Numerous defect fixes 
    • And more… 

    Disclaimer:

    AlienVault considers various features and functionality prior to any final generally available release. As such, comments given in this forum are not (nor should they be interpreted to be) a commitment from AlienVault that it will deliver any specific feature or, if it delivers such feature, any time frame when that feature will be delivered. AlienVault is always trying to improve and enhance its products. All discussions herein are based upon AlienVault’s current interests, and product team plans and priorities can change at any time.
    rdiethhbaxamoosaethurmanggrosskilgorerjbeckham
  • What We’re Working On – USM Anywhere

    Product teams should be like restaurants with open kitchens.


    Rather than bring your next meal or software update from behind a mysterious curtain, we’d like to give you a sneak peek into what we’re up to. So here are a few things you can expect in an upcoming release:


    Improved AlienVault Open Threat Exchange™ (OTX) Integration: Enable USM Anywhere to evaluate incoming Events against the latest Indicators of Compromise (IOCs) synchronized from your OTX account.


    Alarm Notification Link to More Details: Support a link in alarm notification to a product page that you can login to for more details.


    Alarm Labels: Support better alarm management by allowing you to create and apply labels to indicate status or assignment.


    Improved Group Credentials: VMs and instances come and go in cloud environments, so we plan to make it easier to manage credentials for dynamic Asset Groups used for authenticated asset scans. This will enable automatic assignment of Asset Group credentials to Assets that join the Group after the credentials were assigned.



    Export Dashboards as Reports: Export dashboards as as HTML reports with custom descriptions. (Delivered in the 2017-02-20 Update)


    Support for Higher Tiers of Service: We released USM Anywhere with 2 tiers: 250GB and 500GB per month. As expected, we’re seeing demand for higher capacity so we plan to provide additional tiers beyond a TB. (Delivered in the 2017-02-13 Update)



    Improved Activity View Exports: Export custom Alarm, Asset, Event and Vulnerability table views as HTML reports with user-defined descriptions. (Delivered in the 2017-02-13 Update)


    Simplified Collection of Linux Host Logs using AWS CloudWatch: CloudWatch is a great way to streamline log collection in AWS. So, we’re going to be making it easier to collect Linux host logs using the osquery agent by automating the setup and configuration of agent install and configuration. (Delivered in the 2017-01-30 Update)


    Azure Windows Event Generation: We plan to add the ability to collect Azure Windows Events by enabling Azure Diagnostics through automatic discovery using the Azure Storage API. (Delivered in the 2017-01-19 Update)


    Azure Security Center Integration: We’re also extending our Azure capabilities by integrating with Azure Security Center, allowing USM Anywhere to produce Alarms from Security Center Alerts. (Delivered in the 2017-01-12 Update)


    Disclaimer:    

    AlienVault considers various features and functionality prior to any final generally available release. As such, comments given in this forum are not (nor should they be interpreted to be) a commitment from AlienVault that it will deliver any specific feature or, if it delivers such feature, any time frame when that feature will be delivered. AlienVault is always trying to improve and enhance its products. All discussions herein are based upon product team current interests, and product team plans and priorities can change at any time.
    hbaxamoosaethurmanggrossTheCyberSentry
  • OTX Release Notes




    Release Notes - OTX Portal - 2/24/17 Release
    • Users can now view whois data when viewing indicator details pages for domains. This additional data provides more context for investigating the indicator.
    Release Notes - OTX Portal - 2/16/17 Release
    • Updated rendering of pulse titles to better display non-ascii text included in titles.
    • When viewing a pulse it is now possible to see whether the pulse was created through the API or the web interface. It is also possible to use the search modifier "pulse_source:" to filter pulses from the web or API.
    • Fixed a defect which prevented users from resetting their avatar
    • Improved results when searching for CVE
    Release Notes - OTX Portal - 2/9/17 Release
    • Infrastructure updates and usability tweaks
    • API Examples - now on the API page we provide links to other projects that have built-in OTX integrations using our API.  Take a look and see how it is done and if there is anything you can use! otx.alienvault.com/api
    • Users can now pivot from a pulse to see additional pulses related to the same adversary, industry, or country by clicking the hyperlink
    • Updated API docs to better explain Pulse update endpoint (PUT /api/v1/pulses/<pulse_id>). This allows for simple addition / deletion of indicators form existing pulses.
    Release Notes - OTX Portal - 2/2/17 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 1/26/17 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 1/19/17 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 1/12/17 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 1/5/17 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 12/29/16 Release
    • Infrastructure updates and usability tweaks
    Defects:
    • Resolved an issues with OTX & Internet Explorer

    Release Notes - OTX Portal - 12/15/16 Release
    • Network IDS Indicator Detail - OTX now provides support for indicators in the form of Network Intrusion Detection System rules. Included in the details pages of this new indicator type is access to data from our network of OTX participants which provides insight into the origin of attacks related to the rules. Authenticated users will be able to see the IP address of any attacker that has caused this rule to trigger on the NIDS rule details pages.
    • Expanded Indicator Metadata - Users can now provide additional details related to the indicators they share within new pulses. The system now provides the ability for the author to add a title and description for each indicator to share more details of the malicious activity reported. This allows for the categorization of indicators to help describe their role in the reported threat.
    • Private Indicators - Pulse authors can now set indicators as 'private.' This setting allows authors to create public pulses with indicators that are only available to private groups.
    Release Notes - OTX Portal - 12/8/16 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 12/1/16 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 11/24/16 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 11/17/16 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 11/10/16 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 11/3/16 Release
    • Infrastructure updates and usability tweaks
    Release Notes - OTX Portal - 10/28/16 Release

    New Elements:
    • Pulse Locking - Authors of a pulse can now 'lock' the pulse to prevent it from being published to any additional groups. If you have a private pulse and do not want it shared beyond the scope you set, this feature should be used. Any user in a group who can view your private pulse can then publish it to another group unless this flag is set.
    • Enhanced Searching - The search box now provides typeahead support for the search modifiers supported by the system, making it easier to craft artisan searches.
    Defects:
    • UI Load Performance - The table showing the indicator details found on the Pulse pages has been updated to improve the loading time for pulses with large sets of indicators.

    Release Notes - OTX Portal - 10/10/16 Release

    New Elements:
    • Enhanced Search - Indicator Support: Users can now view and search for indicators in the system. In the browse page, users can search for indicators including a new partial search to help identify matches across different indicator types. Note: at this point search is limited to indicators explicitly added to pulses by users of the system. Additional information may be available for indicators that have been analyzed by the OTX analysis systems and will require an exact search string to locate.
    Defects:
    • URL Pulse Extraction Issue: Fixed issue which causes certain URL's to cause an error during the pulse extraction process. In particular on domains hosting more than one blog across different domains (using SNI) were affected by this issue. 

    Release Notes - OTX Portal - 9/30/16 Release
                                    
    New Elements:
    • Usability Fix: When viewing the details of a pulse the summary of the related countries now renders low volume countries in a group titled 'other' to prevent the labels from overflowing the visible area.
    • Pulses now support new metadata. You can add industries, targeted countries and an adversary to a pulse during creation or as part of a suggested edit to a pulse. These fields are now available as search modifers using the syntax "industry:<search term>", "country:<search term>", and "adversary:<search term>"
    • OTX will now occasionally survey users to gather information on our NPS (Net Promotor Score). The survey should not appear for any one user more than once every three months! Hope it is not a bother and that you like what we have done
    Release Notes - OTX Portal - 9/22/16 Release
                                    
    Defects:
    • Mixed content when displaying tags
    New Elements:
    • Create API endpoint for updating pulse

    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px 'Helvetica Neue'; color: #aaaaaa; -webkit-text-stroke: #aaaaaa; background-color: #0e0f0f}
    span.s1 {font-kerning: none}
    span.s2 {font-kerning: none; color: #6fa6c6; -webkit-text-stroke: 0px #6fa6c6}
    hbaxamoosableslie
  • What are your favorite incident response tools and/or resources?

    In our latest blog we share some of our favorite open source tools (and resources) for incident response. 

    View the list:

    This got me thinking/wondering... What did we miss? Are there any other free tools you're leveraging for incident response today? Comment on the thread below to help us expand the list. 
    katebrew