Clik here to view.
Enabling Open Threat Exchange (AV-OTX) in Alienvault
The Alienvault website has several posts about Open Threat Exchange but I wasn’t able to find instructions on how to enable it. Eventually I found the option hidden away in the advanced menu. Here’s...
View ArticleClik here to view.
Offline update of Alienvault OSSIM
Alienvault OSSIM has a built in upgrade mechanism for updates. However, not all installs exist in locations with an active internet connection. To get around this you can either Mirror the update...
View ArticleClik here to view.
Transferring user-created correlation directives between servers on OSSIM 4
It takes a while to create correlation directives through the GUI so if you have to do this several times on different OSSIM servers it can get a bit tiresome. Here is how to transfer the directives...
View ArticleClik here to view.
PHP-IDS warning when submitting rule on Alienvault OSSIM 4.x
When building a new correlation rule in Alienvault OSSIM 4.x you may get an error like: "Sorry, operation not completed due to security reasons. An attack attempt has been logged to the system" This is...
View ArticleClik here to view.
Updating to OSSIM 4.1.3 causes ossim-agent not to start
On updating OSSIM via the update the ossim-agent starts and then stops. No logs are parsed and both /var/log/ossim/agent.log and /var/log/ossim/agent_error.log are empty or contain old information....
View ArticleClik here to view.
How to run Alienvault OSSIM 4.2 in (custom) text mode
This is also a fix for GUI installer hanging on “Configure network” when you try and enter the IP address Configuring disk setup Selecting which components to install These options were available in...
View ArticleClik here to view.
Alienvault OSSIM: Asset page broken after upgrading to 4.4
After upgrading OSSIM to 4.4.0 (or 4.4.1) the Asset section may show the error: Operation was not completed due to an database error If you then check the status of the table on the CLI you’ll find the...
View ArticleClik here to view.
OSSIM directive taxonomy settings do not update / save
When you try to edit the Taxonomy settings for a user generated directive in OSSIM the changes do not save. Instead the webpage updates and shows the old settings. This happened for me when I upgraded...
View ArticleClik here to view.
Keeping OSSIM DB tables in check
In every OSSIM install I have done I’ve found the built in system for keeping the database size to manageable level doesn’t work very well. Eventually several tables gobble up all the disk space and...
View ArticleClik here to view.
Firesight integration with OSSIM
Firesight, which is now Cisco, was originally developed by the same guys who wrote snort. The software runs the professional VRT snort feed underneath. The output is a slightly different format but we...
View Article
