AlienVault v5.0.2 Hotfix is now available for OSSIM and USM Learn more
AlienVault v5.0.1 is now available for OSSIM and USM Learn more
It appears AlienVault is sending malformed SSH traffic to itself
The OSSIM (4.1) configuration includes two active interfaces, one in 220.127.116.11/24 and one in 10.168.200.0/24. It appears the 18.104.22.168/24 interface (22.214.171.124) is not sending the appropriate SSH headers to the other interface. These create alarms. Any thoughts about how to avoid these alarms?
Dec 17 13:47:24 sim-ossim-01 sshd: Did not receive identification string from 126.96.36.199