Looking for documentation? Check out our new learning center!
AlienVault v4.5 Released! Download here

Three assets for the same IP address - Alienvault host

In checking my asset list I have found there are three assets with the same IP address, all for the alienvault (OSSIM) host:
  • hostname "alienvault.alienvault", Private IP address 10.a.b.33 AND Public IP address DMZ.x - I edited the original asset "discovered" as part of installation and start-up to add the second (public) IP address when I brought that interface up. As part of that edit I attempted to change the "hostname" to the host portion of the FQDN for the private address, adding the FQDN to the FQDN field, however, the system appears to have changed the "hostname" field back to "alienvault.alienvault"
  • hostname "sim-ossim-01", Private IP address 10.a.b.33
  • hostname "alienvault.alienvault", Single Private IP 10.a.b.33

Comments

  • What's the problem?  Is having three assets associated with the same host unacceptable?  It might help for the sensors to associate the IPs with the host.

    Do you wish to have the ability to associate three IPs with the same host?

    Are you sure you committed the changes you made to the database?
  • srdropperssrdroppers UFO Spotter
    edited December 2012

    mbrownnyc said:
    What's the problem?  Is having three assets associated with the same host unacceptable?  It might help for the sensors to associate the IPs with the host.
    - Not sure, as I am still really new at OSSIM. My thinking is to gather all available information about a host into one place, somehow. I fully understand each NIC (IP address) opens another attack surface, on the other hand I am looking for a quick and easy way to associate all the attack surfaces in one host in some sort of common representation.

    Do you wish to have the ability to associate three IPs with the same host?
    - I have one asset that already associates the two different IP addresses with the OSSIM host, so this is not a big problem.

    Are you sure you committed the changes you made to the database?
    - Very good question - since I did this work really early, before I fully understood the change/commit process this might be a good thing to check


Sign In or Register to comment.