• Save
What's New in AlienVault v3.0?
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


What's New in AlienVault v3.0?



Learn more about the major features in AlienVault's Unified Security Management platform (AV-USM) and open-source project.

Learn more about the major features in AlienVault's Unified Security Management platform (AV-USM) and open-source project.



Total Views
Views on SlideShare
Embed Views



9 Embeds 55

http://www.linkedin.com 18
https://twitter.com 14
http://twitter.com 9
http://us-w1.rockmelt.com 7
http://a0.twimg.com 2
http://a0.twimg.com 2
http://paper.li 1
https://si0.twimg.com 1
http://www.docshut.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • The new 3.0 release looks great! Thanks to the entire AlienVault engineering team for your hard work and persistence!
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

What's New in AlienVault v3.0? Presentation Transcript

  • 1. What´s new in AlienVault 3.0?
    Copyright AlienVault. 2011. Confidential
  • 2. AlienVault Unified SIEM 3.0
    AlienVault Professional SIEM changes its name to
    AlienVault Unified SIEM.
    AlienVault Unified SIEM 3.0 represents a sea change in information security management, increasing operational effectiveness and unifying global interface from HIDS to SIEM.
    AlienVault Unified SIEM 3.0 offers unique Unified Management, Reporting, Vulnerability Scanner, Situational Awareness…
  • 3. Unified Management
    • From a single interface, maintain a unique asset structure and a unique user permission structure.
    1 unique login
    1 unique asset structure
    1 unique user structure
  • 4. Reporting &
  • 5. Unified Reporting
  • 6. Unified Dashboards
    New security dashboards with drill-down capabilities.
  • 7. New tickets customization
    Ability to create completly customizable tickets with new fields: calendars, maps, text, slides…
  • 8. Alarms
    Alarm tagging.
    New options for group alarms.
  • 9. SIEM and Logger Advancements
    General improved performance.
    A SIEM or a logger can send to multiple SIEM and loggers.
  • 10. Logger
    New architecture:
    Index process improved
    Search among billions of events in 0,2 seconds.
    Support for remote loggers: unified interface, queries for multiple loggers.
  • 11. Advanced Analysis
    Usability enhancements.
    Unique IP link representation in Google Maps.
  • 12. Advanced Analysis
    Generates a report from a customized data view.
    Timeline analysis:
  • 13. UnifiedDetection
  • 14. New HIDS & NIDS interface
    Integrated OSSEC HIDS Management web interface.
    Manage the built-in wireless agents from web console: installation, configuration, real time monitoring …
  • 15. New HIDS & NIDS interface
    Remote monitoring through ssh (Linux, Solaris and other network devices)
    Facilitates password interchange.
    HIDS rules configuration through web interface:
  • 16. Unified Vulnerability Scanner
    • Define jobs, policies, roles, report permissions within the same console, assets, and users…
  • Improved Vulnerability Scanner
    Import/Export scans in nbe format.
    Ability to consult status, stop, re start, pause a scan.
    New Vulnerability Scanner version speed up scans.
  • 17. User Management
  • 18. User management
    True Multitenancy in a single instance
    High abstraction in Asset categorization and user grouping
  • 19. User management
    New user management options for PCI compliance requirements: ability to suspend users, impose complex passwords, expiring passwords…
  • 20. User session
    Real time information about active users.
    Further information about sessions, ability to remove undesired users, etc.
  • 21. SituationalAwareness
  • 22. Inventory
    Ability to include icons/logos in order to identify assets (networks, hosts…) in web interface:
  • 23. Network Discovery
    Passive inventory from information taken with ntop.
    Auto inventory through Active Directory/nedi…
  • 24. Traffic Capture
    New traffic capture feature with filtering options.
    Results in pcap files for their analysis and solve possible network problems (wireshark).
    10 Gbps Sensor.
    Upgraded libpcap in order to increase amount of data to process.
  • 25. Renovated Application Integration
    Stylized Ntop & Nagios.
  • 26. Configuration
  • 27. Global Usability Enhancements
    Better usability in forms: auto complete, error correction...
  • 28. Data visibility
    Global vision of the entire system in one look.
  • 29. Time zones management
    Upgraded support for collecting events from multiple time zones: every log is storage with original date and utc.
    Each user keeps their time zone in order to facilitate analysis.
  • 30. Backup system
    Improvements in SIEM backups management.
    Users can restore SIEM events.
  • 31. System status
    Real time information about system status: hardware, software, processes, etc.
  • 32. Sensor Upgrades
    New plugins.
    Ability to use aliases.local
    Unicode support.
    Plugins with ssh remote support.
    Ability to use: ssh.cfg.local to customize plugins and maintain the changes after updates.
    Keywords to match a rule in order to avoid processing with the regexp.
    Multiple output servers configuration.
    Improved plugins.
    Stored events in memory/harddisk when connectivity problems with SIEM/Logger arise.
  • 33. Software updates
    Ossec 2.5, Openvas 4, Snort-2.9, Pf_ring 4.6.3, Ntop 4.0, Nmap 5.51, Libpcap 1.1…
  • 34. Feed Improvement
    Empowered Feed subscription, including Emerging Threats private feeds.
    ET Pro feeds include, e.g., SCADA systems coverage and real up-to -date malware protection.