AlienVault v4.15.2 is now available for USM and OSSIM. Learn more!
It appears AlienVault is sending malformed SSH traffic to itself
The OSSIM (4.1) configuration includes two active interfaces, one in 220.127.116.11/24 and one in 10.168.200.0/24. It appears the 18.104.22.168/24 interface (22.214.171.124) is not sending the appropriate SSH headers to the other interface. These create alarms. Any thoughts about how to avoid these alarms?
Dec 17 13:47:24 sim-ossim-01 sshd: Did not receive identification string from 126.96.36.199