Académique Documents
Professionnel Documents
Culture Documents
Audience
This information is intended for use by administrators who are responsible for
investigating and managing network security for their organization. To use this guide
you must have knowledge of your organizations network infrastructure and networking
technologies.
System Requirements
Total cores: 8
RAM: 16 GB
Storage: 250 GB+ (requires VMWare thin provisioning)
VMWare ESXi 4.0+
Pre-Install Checklist
Page 2
Note: When deploying for evaluation purposes, at the prompt to select the disk
format, choose Thin Provision to avoid having to pre-allocate the full amount of
disk space. This will allocate a minimal footprint for your image and will grow as
you store logs.
2. Power on the appliance and open the AlienVault command line console to allow
AlienVault to do initial configuration
Page 3
3. Log in using the credentials found on screen and change the root password.
4. Open the AlienVault web UI using the URL provided.
5. Activate the AlienVault Free Trial by entering the email address that you used to
sign-up for the free trial.
6. Fill out the Welcome form with your information and sign in to the AlienVault
web console using your username and password.
Page 4
Page 5
Page 6
Page 7
Once you enter the IP address and netmask youll be placed back on the
Configure Network Interfaces screen. This screen will now show you the IP
address you supplied as the IP address for the interface. This will indicate that
the interface configuration is successful.
3. Configure the other interfaces as needed for additional log collection and
scanning.
Note: In some situations the network that you want to monitor may not be accessible
from the IP address provided without setting up a route on the routing table. This is an
extreme case and shouldnt happen often. If a route is required, you will need to
jailbreak the system using the AlienVault console and configure the route using the
command line.
Page 8
1. Choose one or more networks that you would like to scan. You should already
have one or more networks defined based on the network interfaces you
configured in Step 1. Note: If you would like to add more networks, see
instructions on page 10
2. Click the "Scan Now" button to initiate the scan. The confirmation screen will
then be displayed.
3. The confirmation screen will tell you how many assets may be scanned based on
the network defined. Click "Accept" to start the scan.
Note: Be aware that if you created a large network (e.g. 10.10.10.0/16) the scan
may take a long time. We suggest that you create smaller networks.
4. You can Stop the scan at any time by clicking the "Stop Scan" button. Note that
if you stop the scan while running, no asset data will be retained and you'll need
to run the scan again.
Page 9
1. Enter the CIDR notation for the network that you want to define.
2. Enter a meaningful name to the describe the network (e.g. DMZ, Employee
Office). This will be used in the next step.
3. Enter an optional description to describe the network.
4. Click the "+Add" button to add the network.
Note: If you make a mistake and define the network incorrectly, use the delete
option (icon of trash can) to delete and re-enter the network.
Page 10
Page 11
2. Click on the "Enable" button to enable the selected plugins. This will take you to
the Log Management Confirmation screen.
Note: For assets that don't have a plugin selected, you will not be able to collect
data from them, but you can configure plugins for them at a later date.
Page 13
Remember that firewall deny logs represent an action that has already been
taken. To get visibility around what is coming into the network, we recommend
collecting firewall permit logs too.
Collect OS audit logs to get visibility around who is accessing your assets paying
special attention to privileged accounts is critical
Page 14
5. Click the Next button to continue. A Thank You page will appear to confirm
your OTX registration.
6. Click Finish to complete the Getting Started Wizard and start using AlienVault.
Page 15
2. Choose one of the social media options on the left (Facebook, Twitter, or
Google+)
3. If you are not currently logged into that network, you will be prompted to sign-in
with your social media credentials.
4. An alert will appear to let you know what the app would like to do (e.g. view
your email address and view basic information about your account)
Note: AlienVault OTX will never post to your social media account on your behalf.
5. Click Accept. You will be prompted to complete your sign-up by choosing a
username and confirming your email address.
6. Click Sign Up. Your AlienVault Community account will be created. The
window will refresh and give you your new OTX Token.
7. Copy the OTX Token from the pop-up and paste it into the available field of the
Getting Started Wizard.
Page 16
7. Click the Next button to continue. A Thank You page will appear to confirm
your OTX registration.
8. Click Finish to complete the Getting Started Wizard and start using AlienVault.
2. Sign in by entering your username and password or through one of the social
media authentication options.
3. Once youve logged in, you will see a screen with your unique Open Threat
Exchange token. Copy the token in the pop-up and then go back to the page with
the Getting Started Wizard.
Page 17
4. Paste the token into the field marked Enter Token and click Next.
5. A Thank You page will appear to confirm your OTX registration. Click Finish to
complete the Getting Started Wizard and start using AlienVault.
Congratulations!
You are finished setting up AlienVault. You can click the See Alarms button to view any
alarms that have been generated in your installation or click Explore AlienVault USM
to go to the Dashboards screen.
Page 18