Alien Vault Alarms Not Recevied

For all MSSPs or users who are working with Alien Vault as a SIEM solution in their enterpise infrastructure it is common to get into problem because of alarms not being triggered in the SIEM solution. Now this could happen for multiple reasons which requires troubleshooting across the whole data piple line and finding the point where things are broked or need a little push.

Some of the options that can be pursued to troubleshoot and resolve this issue have been mentioned below:

  • Login to Alien Vault server using putty with “root” credentials.
  • After login, you will see the following screen.
Main Alien Vault Menu
  • Select the “Jailbreak System”
  • Click “Yes” or Press “Enter” from the keyboard and accept the “Jailbreak Commandline Notice” in next screen by clicking “Yes:”
Alien Vault – Jail Break

This will give you a command line access to Alien Vault server and screen will be displayed as below.

Alien Vault Jail Break

Run the following command in the console and wait for this to complete.

Command: /etc/init.d/ossim-agent restart

Alien Vault OSSIM-agent

If the above command ran successfully, wait for at least 5 minutes and refresh the Alien Vault Alarms page in browser.

Alienvault GUI

If something is still wrong and you don’t see the alerts in the web GUI, then we need to pivot and try some other method. The next suggested step is a bit too much at this stage but will get you through the task. Click Here for the Alien Vault Reconfiguration

Leave a Reply

Your email address will not be published. Required fields are marked *