• Support
  • Forums
  • Blogs

AlienVault v5.0.4 Patch Release


AlienVault Employee
As of Tuesday, June 23, 2015, AlienVault USM and OSSIM v5.0.4 is now generally available for all existing and new customers.

You can download the latest version of USM here and OSSIM here.

Please take a few minutes to carefully read these release notes before upgrading.

Important Upgrade Info for All USM Users

AlienVault USM v5.0 includes an update to the events database engine in order to improve performance and storage capability. With this upgrade, you can store more data for longer periods of time. You can also correlate and analyze more data in less time, accelerating your ability to detect and respond to threats. The upgrade to USM v5.0 will be done in two steps:

Step 1: Upgrade your USM v4.x system to USM v5.0. This is done using the normal update process available from within the web UI and Console. This will bring your USM system to v5.0, but will not update the database. Your USM deployment will be fully functional with the existing database engine, but will not have the improvement provided by the new database engine.

Step 2: Migrate the database engine. Now that your system is running v5.0 the necessary tools are available to migrate your database engine to the new version. This migration will migrate your data and configuration to the new database engine and enable it for use. Review the database migration instructions prior to upgrading. If you would like assistance with this migration, contact AlienVault Customer Support.

Note: The new database is only available for USM customers. OSSIM users will continue to use the existing database with full functionality.

Important Upgrade Info for All Users on v4.11 and Lower

For users on v4.9 and lower, please see the v4.10 release notes for additional upgrade information. For users on v4.10 and v4.11, please see the v4.12 release notes for additional upgrade information. For those customers on v4.11 and below with a distributed deployment (Standard or Enterprise Sensors, Loggers, Servers) you will need to follow the instructions here to upgrade your deployment.

Release Notes

RN1. Adding remote systems now requires authentication (v4.8)
As of AlienVault v4.8, all AlienVault components now require authentication for them to communicate with each other. Users will authenticate a remote system using the root password of the device to distribute SSH public keys and certificates to connected AlienVault systems.

RN2. VPN Environment Configuration (v4.10)
As of AlienVault v4.10, the procedure to configure a VPN environment has been updated. This document describes the process to setup the VPN environment.

RN.3 IDM - User login timeout (v4.13)
For each user login event matching a host managed by the IDM, a new entry is created in the IDM database. This entry stays in the database until the corresponding logout event is identified and processed. This leads to an uncontrolled growth of the IDM database when the corresponding event is not received. v4.13 now includes a configurable user login timeout to automatically purge the database.

Documentation Updates

The AlienVault documentation repository has moved! For the latest knowledge base articles, how-to's and documents, please check out the new AlienVault Documentation Center.

Change Notice

In the last release (v5.0.3), we announced that ntop had been deprecated from AlienVault USM and OSSIM. AlienVault currently includes multiple ways to analyze Netflow data: Netflow and ntop. In the next release (v5.1), AlienVault will be removing the ntop tool from both USM and OSSIM. This means that ntop, the related views and workflows will be completely removed from the AlienVault platform.

This removal notice is not applicable to the built-in Netflow support also provided by AlienVault. AlienVault will continue to develop and enhance the built-in Netflow capability in USM and OSSIM. For questions or additional information regarding this deprecation notice, contact [email protected]

Defects Fixed

  • ENG-100850, Agent unable to parse new Sophos UTM date - Agent now able to parse new data format for Sophos.
  • ENG-100668, Web UI displays database errors after running a repair database process - Database errors no longer occur after repairing the database.
  • ENG-100665, Typo in the date of events exported to CSV from Security Event page - Added a space between date and time.
  • ENG-100622, Password change order is backwards - UI fix in the Profile configuration page to make changing password workflow more intuitive.
  • ENG-100519, Unable to update from 4.11 - Fixed an issue that caused updates to be incomplete. Users can update from 4.11 now.
  • ENG-100331, Grammatical error on PCI 3.0 report - Fixed a small grammar error in the report description.
  • ENG-100193, Configuration backup failing for OSSIM users updating to 5.0 - Configuration backups fixed and successful for OSSIM.
  • ENG-100060, AlienVault-Center proxy does not work with VPN - Users can update the proxy through the AlienVault proxy.
  • ENG-100025, Incorrect grammar in KDB article - Fixed grammar in KDB article for alarm taxonomy.
  • ENG-99797, Menu column heading not updated on Network Details and Group Details pages - Fixed typo in column headings.
  • ENG-99757, Vague error message displayed when an invalid case number is used in Remote Support - Changed the message to include the reasons why the error occurred.
  • ENG-99692, Vulnerability scan scheduler has inconsistent menus - Changed the combobox text to be consistent.
  • ENG-99481, Running a search in the main configuration page on Firefox causes a pop-up to save password - Fixed this behavior for Firefox browsers.

Security Advisories

  • ENG-100705, Vulnerable Debian Package (fuse) - AlienVault v5.0.4 is not vulnerable.
  • ENG-99389, Vulnerable Debian Package (gnutls26) - AlienVault v5.0.4 is not vulnerable.
  • ENG-100770, Vulnerable Debian Package (wireshark) - AlienVault v5.0.4 is not vulnerable.
  • ENG-100807, Vulnerability in Ossec - AlienVault v5.0.4 is not vulnerable.
  • ENG-100817, Vulnerable Debian Package (openssl) - AlienVault 5.0.4 is not vulnerable.
  • ENG-100816, Vulnerable Debian Package (openssl) - AlienVault 5.0.4 is not vulnerable.
  • ENG-100815, Vulnerable Debian Package (openssl) - AlienVault 5.0.4 is not vulnerable.
  • ENG-100814, Vulnerable Debian Package (openssl) - AlienVault 5.0.4 is not vulnerable.
  • ENG-100812, Vulnerable Debian Package (openssl) - AlienVault 5.0.4 is not vulnerable.
  • ENG-100856, Vulnerable Debian Package (Linux 2.6 kernel) - AlienVault v5.0.4 is not vulnerable.
  • ENG-100708, Vulnerable Debian Package (openssl) - AlienVault 5.0.4 is not vulnerable.

See the Security Advisory for USM v5.0.4 for more information.

Share post:

This discussion has been closed.