• Support
  • Forums
  • Blogs

Auto Update Vulnerability Feed data

hitmanhitman

Space invader
+17
Here is a quick little script that I put in to check and update the AlienVault feeds daily.  This will update only the vulnerability feed information and not any of the system updates.  Allowing you to run the latest protection without having human intervention.  It would be nice that in a future version this would be an option on the Web GUI.

Created a file named feed-update under /etc/cron.daily with the following:
#!/bin/bash
/usr/bin/alienvault-update --feed
SK31bernhard.waldeckerpcrespoeiaccbrbroomjotonesSherlockKyleKat

Share post:

Comments

  • thanks for this. Just was wondering the best way to do exactly this and here was the answer.
  • thanks for this. Just was wondering the best way to do exactly this and here was the answer.
  • Thanks! I was looking for that too :)
  • Please keep in mind that you will need to check your scheduling to make sure that this is not running at the same time as any manual or automatic event or log rotation processes, or any configuration backups, as this will prevent them from running if it is active at the time they start.
  • at what time of the day are these feed updates released from alienvault? (what time would be the best time to do the /usr/bin/alienvault-update --feed?)
  • were been using this script as well
    1. how do we specify a time for the script to run
    2. how do we check the scheduling for the automatic events and log rotations? 
  • Looks like the daily cron runs at 06:25 each morning, hourly at 6:01, weekly at 6:47, and monthly at 6:52.  I figure 3:30am is fine to update AV feeds automagically.

    I set the alienvault update to run at 03:30 each morning by putting the following line into /etc/crontab at the bottom of the file.   

    30 3 * * * root /usr/bin/alienvault-update --feed > /root/av_update.txt 2>&1

    Use at your own risk, I'm still testing and making sure AV doesn't have an issue with me editing the /etc/crontab file directly.
  • Hi,

    What kind of problem it could be using the crontab? update is manual.

    Thanks.

  • Thanks for the script! works great. Where would this be logged though? Im having trouble locating it in /var/log/syslog
  • If you want it to write the results to a log you need to modify the output.  Here is how I have it that writes everything out to a log file.

    date>>/var/log/update.log
    /usr/bin/alienvault-update --feed>>/var/log/update.log
    echo Feed update complete>>/var/log/update.log
    Sherlock
  • สวัสดีทุกคน
  • edited July 4
    thanks for this. Just was wondering the best way to do exactly this and here was the answer.

  • edited July 12
    ขอขอบคุณข้อมูลดีๆ






  • Wow, this is interesting info.






  • if you have USM, this script is no longer needed. they finally implemented auto updates. im blown away by how long it took to implement in the system but its finally in
  • Have you followed up on this to make sure the updates are being applied? I noticed that mine have not been updating manually even after configuring it to do so.
  • Make sure the cron file you created is set to be executable.  

    You can also write the results out by modifying the script as follows.

    date>>/var/log/update.log
    /usr/bin/alienvault-update --feed>>/var/log/update.log
    echo Feed update complete>>/var/log/update.log
  • Thanks for the great article. ทางเข้า maxbet
  • Been using that script since we deployed AlienVault in our infrastructure. I guess now i have to remove it and replace it by this buil-in feature. Well done AV team!
Sign In or Register to comment.