Looking for documentation? Check out our new learning center!
AlienVault v4.5 Released! Download here

AlienVault v4.1 Enhancement Summary

RussRuss Alien Overseer
edited March 4 in Product


As you may have noticed, we have changed our release cycle a bit to serve you better.  We are currently pushing out a patch release on the last thursday of every month and a feature release every 4 months.  OSSIM v4.1 is the first feature release, which means that there are some exciting new features to talk about ...

AlienVault Unified Security Management v4.1

The focus of v4.1 is simplifying the user experience.  This covers the efforts made during the deployment and maintenance of your AlienVault USM instance, as well as expert guidance during your incident response.  Our hope is that AlienVault and OSSIM users can use these enhancements to greatly increase their operational efficiency.

  • Auto-deploy Dashboard: Using the integrated asset discovery capabilities, the auto-deploy dashboard helps users identify assets in their environment whose logs should be integrated into AlienVault.  Step-by-Step instructions will be provided for each discovered asset greatly reducing the cost of integrating a SIEM into your environment.  In addition the dashboard will help users identify areas of their environment that are not being fully monitored, users will be prompted to set up IDS, Vulnerability Assessment, Asset Discovery.  This combined functionality will make the user experience of setting up a SIEM as easy as possible.

image

  • Dynamic Incident Response Templates & Alarm Investigation Panel: The fault of most SIEMs is that the functionality ends when an alarm is raised.  With dynamic incident response templates security analysts are guided through the appropriate investigation and remediation steps with an easy to follow click-by-click procedure.  Each step for investigation and remediation allows users to click through to other parts of the AlienVault interface to quickly ascertain the impact of the alert and identify the appropriate path for remediation.
da

image
  • Suricata IDS: In addition to the already-provided SNORT IDS users will be provided the alternative of running the modern Suricata IDS.  Suricata provides many architectural and functional improvements including: multi-threading for optimum performance, inline binary extraction, and deep-protocol inspection for analyzing network protocols such as HTTP.


  image
  • Real-Time EPS & System Status Monitoring - quickly understand the load of your system.  Are all your sensor reporting as you expect?  Have their been any major spikes recently?  All of this is now easily available in the status widget in the top of every page.
 

image
  • New Correlation DIrective Editor - simplifies the user experience when editing correlation directives.  Simple to use, pop-up dialogs allow users to edit portions of the correlation directives without going through a multi-page wizard.

image
Screen Shot 2012-11-15 at 6.22.58 PM.png
1707 x 750 - 215K
Screen Shot 2012-11-15 at 6.22.11 PM.png
1694 x 631 - 110K
Screen Shot 2012-11-15 at 6.27.30 PM.png
365 x 62 - 10K
Screen Shot 2012-11-15 at 6.31.51 PM.png
1718 x 256 - 49K

Comments

Sign In or Register to comment.