• Support
  • Forums
  • Blogs

What We're Working On - USM Appliance

SkylarTalleySkylarTalley

AlienVault Employee
+12
Updated Date: March 7, 2018


Product teams should be like restaurants with open kitchens. Rather than bring your next meal or software update from behind a mysterious curtain, we’d like to give you a sneak peek into what we’re up. So here are a few things you can expect in upcoming releases.


In late July, we'll be releasing Version 5.6. This release will contain a completely rewritten SIEM view that should both improve query performance and resolve numerous defects. In addition, we'll be rolling in some additional upgrades aimed at improving NIDS functionality. 


Moving into the rest of 2018, here are some other exciting things that we'll be rolling out for the Appliance platform:

    • A configuration option to stream logs from the USM Appliance Logger to an ELK stack
    • An OS Upgrade
    • Efforts to fix defects and add new features to Reporting
    • Synchronization of Alarm Status and Label changes with USM Central
    • Support for JSON plugins
    • Support for asset identification in DHCP environments
    • Continued investment in test automation to improve product and upgrade stability
    • Numerous other defect fixes and more!

    Disclaimer:

    AlienVault considers various features and functionality prior to any final generally available release. As such, comments given in this forum are not (nor should they be interpreted to be) a commitment from AlienVault that it will deliver any specific feature or, if it delivers such feature, any time frame when that feature will be delivered. AlienVault is always trying to improve and enhance its products. All discussions herein are based upon AlienVault’s current interests, and product team plans and priorities can change at any time.
    LaurieBBankschozian-DTIcNWHSkilgorefcollinsnelsonmc023kratos
    Tagged:

    Share post:

    «1

    Comments

      • A configuration option to stream logs from the USM Appliance Logger to an ELK stack
      ^ This will be nice.  We are currently doing this on our USM box, but it would be nice for this to be a supported feature (likely more efficient too)
      BBanks
    • hi avuseraccount, how are doing that? 
      we are searching for the same function.

      thx

    • I am interested in this as well @avuseraccount
    • Hi , is  there any update coming for Dashboard ? currently we are using Dashboard with Reports 2*2on Multi monitor of 50' Display 

      2*2 each Report contains  Reports such as AV Malware Details /Firewall Malware / Action Taken /AD Login Failures etc but 

      Font Size is too small to see, 
      Default Report Font is not good for huge Display, especially for Dashboard on large Display 
      Ability to remove Area such as "Date Range /Asset selected" which got appended or Dashbaord Report 


      BBanks
      • Support for asset identification in DHCP environments
      Wow, finally. Looking forward to see it. Does OSSIM also be updated with those features?
    • hi guys, any news when you will be release the 5.6 version?
      fcollins
    • BBBanks - we are planning for release of 5.6 before the end of May, we`ll update is this changes! 

      Fergal 
      BBankszparker
    • hi fergal...time is running :) .... its end of March..... have you got a release note what are you plan to integrate in 5.6?  
      MM
    • Hi All!

        Any word on the 5.6 update?  Last day of May and still chugging along on 5.5.1.
      BBanksMM
    • No one received an update from fcollins?
    • I don't mind all this postponing (i do a little), even though it was originally scheduled for end Q1, maybe even earlier. What troubles me most is the lack of communication. 

      - Is this related to the End-of-Sale notice? 
      - Does the USM appliance get less attention now that new customers aren't able to purchase USM?

      Not meeting a loosely given deadline isn't that bad. Leaving us in the dark, however, is.

      Could we please get an update on the matter?

      Kind regards,

      Mark

       
      BBanks
    • I second Mark's thoughts here. We have serious discussions with our auditor, as a central part of the security infrastructure was not updated for over 6 months, no release date is available and the vulnerability scanner is full of alerts on the AlienVault appliance.

      This situation is very difficult to explain to our customers.

      Please provide an update on this!

      Bernd

    • Hi,

      Same there, some auditors of my clients advice to change the Alienvault USM or OSSIM for another product with a clear release line and maintenance.
    • Wouldn't let be paste link. 

      AT&T is acquiring AlienVault.
    • i am not sure if it s a good option or not.
      the current delay with the release planning and we have still the feeling that almost all resources are going just in the cloud product.

      is at&t also forcing cloud products? 
    • Not sure if you all received this. but i got this mail 2 days ago. 

      "Hello,

      We’re
      pleased to inform you that we’re close to releasing v5.6 of AlienVault USM
      Appliance. We're looking forward to providing better query performance within
      the SIEM view in addition to numerous defect fixes and vulnerability patches as
      part of this release.

      In
      advance of the release, the USM Appliance Product Team wanted to notify you of
      some pre-checks that will be performed before the update process proceeds. We
      implemented these checks to ensure that the appliance is in a healthy state and
      that the update to v5.6 will progress smoothly. If any of these checks
      "fail", the update process will not start and you will be presented
      with an error message.

      To
      avoid any delay in applying your update, review the list of of pre-checks below
      to troubleshoot on your own or contact AlienVault Support for assistance. Our
      team of technical support engineers would be happy to check your system to
      uncover any issues.


      • Free space check
        - The Appliance must have at
        least
        5 GB of free disk space available. In addition, this
        check accounts for whatever additional disk space is required to perform
        the migration of the alienvault.extra_data table. 

      • Appliance is on v5.2 or higher

      • Verify MySQL is in good state and critical errors do
        not exist

      We’re
      expecting the release to be fully tested and generally available within two
      weeks. Please contact us at [email protected] with any
      questions or concerns and stay tuned for more features and improvements for the
      Appliance platform throughout 2018 and beyond!

      The AlienVault Product Team"
      zparker
    • Sure hope this update mitigates all the findings found from doing a VA scan. Currently sitting at 20+ vulnerabilities. 
      zparker
    • Anyone heard sth from AlienVault regarding the update?
    • nope...but they have still a week. but seriously i don't trust the roadmap anymore. i am not sure but almost all the stuff should be aleady finished last year.

      for sure they have more pressure right now otherwise we will not get anymore update of openvas feed. 
      its not new that openvas cut the old release and just support the new format.

    • ok some news on the facebook profile...

      "Something major is coming your way that will help you better detect & respond to #security threats. What is it, you ask? 

      Our big news will be revealed on July 31st, so stay tuned..."


      hopefully not just a statement that we will improve until dec18^^

      MM
    • Actually, the e-mail we received on the 10th mentioned a generally available release within two weeks, which means yet again a hinted deadline was not met. Although at this point, i cant say i'm surprised anymore. Now posting a 'big revelation' teaser on their Facebook just sits wrong with me. Especially with the lack of communication we get here.
      BBanks
    • anyone see the new great news? 
      i am can't still find new infos and the update is also not available right now.

    • I’m guessing it is this:

      https://www.alienvault.com/forums/discussion/17722/usm-anywhere-2018-07-30-update#latest


      New Endpoint Detection and Response (EDR) capabilities: Beginning July 31, the AlienVault Agent will be available to all USM Anywhere customers.
    • hopefully that´s not all :(

      after that msg i hoped for a kind usm 6.0 
      which include
      openvas v9 
      ossec with more wazuh option like vulndb and so on
      elk backend for faster searches
      suricata 4.0.X
      some kind of dradis
      the_hive as incident
      2fa

      or just one feature of it :(((
    • Not sure if i can trust these messages anymore, yet here is what support dropped on me when asking the status of my -already several months old- tickets and whether or not they are fixed the upcoming release. 

      "The AlienVault Technical Support Team has added a comment to your case #
      <snip>, Update on case. The comment is: 



      Hello Mark,



      None of these engineering tickets are scheduled to be resolved with the latest
      firmware release dropping Thursday, v5.6. The <snip> is an idea which we
      don't provide updates for unfortunately. Please let me know if I can be of
      further assistance.



      Best regards,



      Zam"



      so yay, presumably v5.6 tomorrow (dont get your hopes too high), albeit without the bugfixes im not sure we will be able to continue using USM.
    • I have run into similar issues, sounds like AlienVault will continue to support Appliance but no development is going to be done, all efforts are going into Anywhere.  We have started doing our own support and development to Appliance, it has such as good foundation that we hate to move away from it.  Not only bug fixes but adding new functionality such as Office 365 integration.
      micsnaremikeBMM
    • Looks like the 5.6.0 update is live, ran 'alienvault update -d -c -v' about an hour ago and it's still going. Been sitting on 'Updating DB Schema' for 45 minutes now so hopefully it hasn't frozen up.
    Sign In or Register to comment.