• Support
  • Forums
  • Blogs

Asset Discovery and software inventory


New Life Form
I read with great interest the article:

While I agree with the article, I do not know how USM can be used to achieve the objectives related to software inventory:
 * I do not see how AlienVault can be used to have an exhaustive and reliable software inventory automatically. The only thing I know that feeds automatically the "software" tab of an asset page is the nmap scan, but this gives only a list of applications that are listening on the network (and not even a reliable list, as nmap can be wrong). Is there a way for example that the vulnerability scan feeds the software tab with exhaustive and reliable info about software and versions? or something else I have missed, except for manually entering the list of softwares?
 * I do not see how AlienVault can be used to capture unlicensed software. Is there a way to raise an alarm when a new software is seen on an asset? or when a new asset is discovered on the network?

Thanks in advance for your tips regarding these points!
The blog post makes me think I have perhaps missed something



Share post:


  • Greetings Eric,


    I think that is a great idea that should be submitted to
    support. While Alienvault does not automatically update a program index for
    software packages in the Asset Details as seen below. 


    You can track installed/uninstalled applications through
    HIDS. If you go to Analysis > SIEM,
    filter by data source HIDS, search the Event Name APP and select the GROUPED
    option. You can see the Alienvault HIDS: Application Installed and Alienvault
    HIDS: Application Uninstalled groups. Note: if you don’t see the events, you
    may want to remove the Last Day filter. See below..



    can double click on the Alienvault HIDS: Application Installed event name to
    view all events captured in that group, then click the specific event to find
    out more details about what was installed.


    You may want to create a policy and action to notify you if
    a new application is installed. Otherwise you can go to Configuration > Data
    Source : Search for the Data Source ID 7006 and Event Type ID 18147. Here you
    can change the Priority and Reliability to a higher value to quickly create



    Hopefully this helps, Cheers!

Sign In or Register to comment.