Please find below the links to working configuration files used in the video titled “Overview of OSSIM Web Console – Installation of NXLog” Nxlog Configuration File Code PatternDB Configuration File Code
Category: SIEM
Sysmon Playbook Event ID 3
Sysmon Event ID: 3 Sysmon Event Title: Network Connection Detected Network Connection Attributes: When any machines with Sysmon installed makes a network connection many details about the network connection are captured and logged under the event id 3. We will briefly discuss all the fields captured under the event id 3. RuleName: %1!s! […]
SYSMON Playbook – Event ID 1
Windows by default records most of the activity happening on OS in the Windows logs and can be viewed in Windows Event Viewer. However the Sysmon is much better when it comes to providing visibility into the activities related to executions. Sysmon is a great tool which is used to monitor the system and log […]
Alien Vault Reconfiguration
Alienvault-reconfig creates the live configuration, loads the appropriate values, and makes sure all appropriate changes are made to dependent service configurations. Alienvault-reconfig command will initiate those changes, writing them to the appropriate configuration files and database fields and restarting the appropriate services to load those changes. Some of the options that can be pursued to […]
Alien Vault Events Not Coming
Some of the options that can be pursued to troubleshoot and resolve this issue have been mentioned below: Login to Alien Vault server using putty with “root” credentials. After login, you will see the following screen. Select the “Jailbreak System” Click “Yes” or Press “Enter” from the keyboard and accept the “Jailbreak Commandline Notice” in […]
Alien Vault TCPdump Troubleshoot
Some of the options that can be pursued to troubleshoot and resolve this issue have been mentioned below: Login to Alien Vault server using putty with “root” credentials. After login, you will see the following screen. Select the “Jailbreak System” Click “Yes” or Press “Enter” from the keyboard and accept the “Jailbreak Commandline Notice” in […]
Alien Vault Configuration Backup
Backing up the configuration is one of the important thing that analyst should take care of. Since AlienVault configuration include system profile, network configuration, inventory data, plugins, correlation directives, and etc. For that, analyst must have a copy for the configuration file. STEPS Login via WinSCP to the Server. Be at this path: /var/alienvault/backup/ File […]
Alien Vault Update
If there is an update available from the Alien Vault please follow the below mentioned points. To check if there is an update available, go to your browser and type Alien Vault server URL. Login to Alien Vault and go to “Configurations –> Deployment” and look for any comments under the “New Updates” column.
Alarm Backup – AlienVault
Login via WinSCP to the Server. Go to this path:/var/alienvault/backup/ File name should be like: Configuration_CLIENT-AIO_1429616586.tar.gz Copy Alarm file to the local machine in any folder (E.g: C:\Backup) STEPS Raw Log Backup – AlienVault Login via WinSCP to the Server. Be at this path: /var/ossim/logs/Year/Month/Day Copy the folder (Day) to the local machine in the […]
Alien Vault Alarms Not Recevied
For all MSSPs or users who are working with Alien Vault as a SIEM solution in their enterpise infrastructure it is common to get into problem because of alarms not being triggered in the SIEM solution. Now this could happen for multiple reasons which requires troubleshooting across the whole data piple line and finding the […]