As of Tuesday, August 2, 2016, AlienVault USM and OSSIM v5.3 are now generally available for all existing and new customers. Users can update their system(s) through the console or web UI (see
for more information).
Please take a few minutes to carefully read these release notes before upgrading.
Feature releases will change the behavior of the system with new functionality. AlienVault encourages users to first apply the upgrade to a test system to understand and learn the new functionality before upgrading production systems. Carefully read the enhancement summary and change log below before upgrading your system.
PCI DSS 3.2
We recently updated our PCI reports and compliance guide to match the PCI DSS 3.2 requirements. This guide is available in PDF and HTML formats.
Check it out! Training Webcasts
Join us to learn what's new in v5.3! Check out the training schedule below and sign-up:
New for USM only
Updated PCI DSS 3.2 reports - We've updated our PCI DSS reports to be compatible for the new PCI DSS 3.2 standards which will be enforced on October 31, 2016. Forwarding retries - Customers using a USM Federation Server can now configure the number of times the system will retry to send data from parent to child. New for USM and OSSIM
USB device detection - USB devices are the most common type of unapproved hardware used to steal data during a breach. USM and OSSIM alert you when a USB device connects to an asset. User logon activity - USM and OSSIM alert you when users log on and log off of machines in your environment so that you can keep track of what users are doing on your network. Alarm identification - Every alarm in USM has an alarm ID. These IDs can be used to search for alarms in the Web UI or to link directly to the alarm in the URL. Vulnerability scans for large networks - Run vulnerability scans on any size network. Large scans will be split up into multiple scans of 3500 assets each and will run consecutively. Alarm and event risk - Filter by risk in SIEM events and alarms. Users can quickly see the risk level with new color-coded risk visualizations. Improved policy creation - Quickly create policies based on risk by setting alerts for any events with reliability/priority "greater than" or "less than" a certain level. Bulk delete messages - Users can now delete multiple messages at once in the Message Center. Documentation Updates
ENG-98061 - Enabling a custom monitoring plugin works again ENG-100429 - Users can add custom ossec local rules for additional HIDS visbility ENG-102150 - Users will only see relevant alarms on the asset views (not all alarms) ENG-102396 - Grouping alarms by date works properly ENG-102559 - Traffic capture can be launched as many times as needed ENG-102654 - HIDS agent now chooses the correct interface ENG-102655 - Filtering by "Sensor" in SIEM events work properly regardless of the number of assets in the database ENG-102688 - Alarm reports run on context only show alarms from within that context ENG-103840 - Column name changed from Signature to Event Name in SIEM events ENG-103841 - Column name changed from Generator to Data Source in SIEM events ENG-102847 - PCI DSS 3.2: Account Lockouts report sources the correct module ENG-102883 - Large asset reports are properly loaded as PDFs and sent to users ENG-102960 - Proper exit code is sent when updating the feed via alienvault-update ENG-103002 - Status control added to OSSIM agent for better troubleshooting ENG-103098 - Properly capture events from Siteprotector ENG-103133 - Cleaned up the HIDS agent configuration to prevent confusion ENG-103218 - Fixed the alarm grouping options ENG-103222 - Users can see more grouped alarms on the page ENG-103225 - Database purge process works properly ENG-103249 - PCI File Integrity report sources correct module ENG-103252 - Updated permissions for api.log to be more secure ENG-103273 - Cisco-Router.log added to logrotate by default ENG-103274 - Logs older than "Active Logger Window" are properly removed from the system ENG-103347 - import_nbe.pl working properly ENG-103354 - Old events in large environments are purged properly from the acid_event table ENG-103385 - Raw log search criteria is handled the same with indexed and raw query options ENG-103386 - Current vulnerabilities view restricted by context only shows vulnerabilities that belong to that context ENG-103462 - Date regex works properly in dateparser.py ENG-103477 - Message in Message Center for changes to plugin configuration files now shows path to modified files ENG-103478 - alienvault-rhythm properly matches events from OTX pulses ENG-103556 - Database repair updates database properly ENG-103623 - Celery beat monitor "forward_check" no longer fails ENG-103656 - Fixed regression from 5.2.4 that caused some plugins to skip logs because of escaped characters ENG-103729 - Vulnerability scans can be launched for any assets regardless of asset being assigned to a sensor ENG-103756 - Provided workaround for customers using Bluecoat devices so that logs are captured properly Security Advisories
ENG-101779, Vulnerable Configuration (Clickjacking) - AlienVault 5.3 is not vulnerable. ENG-103605, Vulnerable Package - php5 (multiple CVE's) - Added new version of package to repository - AlienVault 5.3 is not vulnerable. ENG-103641, Vulnerable Package - expat (multiple CVE's) - Added new version of package to repository - AlienVault 5.3 is not vulnerable. ENG-103642, Vulnerable Configuration (XSS in Ticketing) - AlienVault 5.3 is not vulnerable. ENG-103709, Vulnerable Configuration (XSS in Installation Script) - AlienVault 5.3 is not vulnerable. ENG-103711, Vulnerable Package - php5 (multiple CVE's) - Added new version of package to repository - AlienVault 5.3 is not vulnerable. ENG-103761, Vulnerable Package - Linux Kernel (multiple CVE's) - Added new version of package to repository - AlienVault 5.3 is not vulnerable. ENG-103865, Vulnerable Package - openssh (CVE-2016-6210) - Added new version of package to repository - AlienVault 5.3 is not vulnerable.
Security Advisory for USM and OSSIM v5.3 for more information.
Additional Upgrade Info for All Users on v5.1.1 and Earlier