AlienVault v5.1.1 is now available for OSSIM and USM. Learn more
Check out the new Open Threat Exchange (OTX) - with social sharing of threat data. Sign up today
It appears AlienVault is sending malformed SSH traffic to itself
The OSSIM (4.1) configuration includes two active interfaces, one in 126.96.36.199/24 and one in 10.168.200.0/24. It appears the 188.8.131.52/24 interface (184.108.40.206) is not sending the appropriate SSH headers to the other interface. These create alarms. Any thoughts about how to avoid these alarms?
Dec 17 13:47:24 sim-ossim-01 sshd: Did not receive identification string from 220.127.116.11