1 Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved.
2 AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.
3 CONTENTS 1. INTRODUCTION CREATE THE VSWITCH SPAN PORT GROUP GRANT PROMISCUOUS MODE PERMISSIONS TO THE PORT GROUP ASSIGN ALIENVAULT USM INTERFACES TO THE PORT GROUP USM GETTING STARTED WIZARD: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE USM COMMAND LINE INTERFACE: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE... 9 DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 3 of 13
4 1. INTRODUCTION The objective of this document is to explain how to configure the AlienVault USM All in One virtual appliance to monitor a virtual network. The AlienVault USM All in One virtual appliance has six network interfaces: one for management (eth0) and the other five network interfaces for log collection and traffic capture on the network segment monitored. Connecting the monitor interface to a SPAN port enables the following functions to operate: Network IDS Netflow and Traffic Monitoring Passive Asset Identification 2. CREATE THE VSWITCH SPAN PORT GROUP Virtual Switches are configured through the ESX vsphere GUI via the master Configuration tab. Select Networking from the side panel and bring up Properties on the VSwitch you want AlienVault to monitor. Figure 1. ESX vsphere GUI console To capture all traffic over the vswitch, a new port group must be created to direct traffic to. This port group will act like a network hub, with all network traffic within the vswitch visible to interfaces connected to this port group. DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 4 of 13
5 Add a new Virtual Machines port group to the existing switch. The port group should be named to indicate it has visibility to all traffic ( SPAN port ). VLAN ID All (4095) is a special ID in VMware vswitches that has visibility to all traffic on the switch. Figure 2. Configure vswitch with a span port group DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 5 of 13
6 SPAN port is created. Any VM interface connected to this SPAN port group will be able to enter promiscuous mode and capture traffic from any other VM interface connected to the other port groups on this vswitch. Figure 3. Add Network Wizard: span port is created 3. GRANT PROMISCUOUS MODE PERMISSIONS TO THE PORT GROUP The port group must have permission for interfaces to enter promiscuous mode before they can capture network traffic. DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 6 of 13
7 Figure 4. vswitch Properties If the defaults are to deny promiscuous mode, open the properties sheet (click on Edit... ) for the SPAN port group and manually assign permission for promiscuous mode. Figure 5. SPAN Ports Properties 4. ASSIGN ALIENVAULT USM INTERFACES TO THE PORT GROUP Now the port group is created, connect one or more interfaces to the AlienVault USM to the SPAN port group and power it on. Edit settings of the target virtual appliance to assign the network adapter to the port group created (SPAN port). DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 7 of 13
8 Figure 6. USM Virtual Machine Properties: Network Connection 5. USM GETTING STARTED WIZARD: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE Configuring the network interface assigned to the port group in order to perform network monitoring has to be done as part of the first step of the USM Getting Started Wizard. Select Network Monitoring as the Purpose of the NIC previously assigned in the ESX configuration. DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 8 of 13
9 Figure 7. USM Getting Started Wizard: Network Interfaces 6. USM COMMAND LINE INTERFACE: CONFIGURE ALIENVAULT TO MONITOR THE NEW INTERFACE 1. Open a console terminal and write the following command: ssh IP_address refers to the default IP of your appliance. 2. The AlienVault Setup main menu is displayed: DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 9 of 13
10 Figure 8. AlienVault Setup main menu 1. Use the arrow keys to move to the option Configure Sensor. Then, press Enter to accept the selection (<OK>). Figure 9. AlienVault Setup: Configure Network Monitoring 2. Use the arrow keys to move to the option Configure Network Monitoring. Then, press Enter to accept the selection (<OK>). DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 10 of 13
11 Figure 10. AlienVault Setup: select sensor listening interfaces (promiscuous mode) 3. Use the arrow keys on the keyboard to move to the desired interface and select/deselect it by pressing the Space Bar on the keyboard. Accept the selection (<OK>) by pressing Enter key. It is possible to select several interfaces. 4. Use the arrow keys to move to the option (<Back>), then, press Enter and the AlienVault Setup main menu appears. Figure 11. AlienVault Setup: Apply all Changes option 5. Use the arrow keys to move to the option Apply all Changes. Then, press Enter to accept the selection (<OK>). DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 11 of 13
12 Figure 12. AlienVault Setup: confirmation of changes 6. Press Enter to accept the changes (<Yes>). This process may take several minutes depending on the Internet connection. During the process, the following screen appears: Figure 13. AlienVault USM Reconfig 7. At the end, the following message appears: DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 12 of 13
13 Figure 14. AlienVault Setup: Changes applied 8. Press Enter to accept (<OK>), the AlienVault Setup main menu appears. DC Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 13 of 13
Page 1 of 14 ! " #!"#$ % &&' Page 2 of 14 1 INTRODUCTION One of the highly desirable features of the GlobeSurfer III device is the ability to network together Printers and External Hard Disk drives (aka
Deploying BitDefender Client Security and BitDefender Windows Server Solutions Quick Install Guide Copyright 2010 BitDefender; 1. Installation Overview Thank you for selecting BitDefender Business Solutions
Backing Up and Restoring SQL Server Databases Cloud Attached Storage February 2014 Version 4.0 Copyright 2009-2014 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in
Configuration Guide Lepide Exchange Recovery Manager Lepide Software Private Limited, All Rights Reserved This User Guide and documentation is copyright of Lepide Software Private Limited, with all rights
Contents Installation Overview... 2 How to Install Ad-Aware Management Server... 3 How to Deploy the Ad-Aware Security Solutions... 5 General Deployment Conditions... 5 Deploying Ad-Aware Management Agent...
Basic System Administration ESX Server 3.0 and VirtualCenter 2.0 Basic System Administration Revision: 20090213 Item: VI-ENG-Q206-219 You can find the most up-to-date technical documentation at: http://www.vmware.com/support/pubs
USER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29 Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB Table of Contents UNIT 1: Lab description... 3 Pre-requisites:... 3 UNIT 2: Launching an instance on EC2...
VMware/Hyper-V Backup Plug-in User Guide COPYRIGHT No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying,
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
COX BUSINESS ONLINE BACKUP Quick start Guide www.cox.com Services and features not available in all areas and package options vary by market. Rates and speeds vary by market. Number of users and network
Monitoring Network DMN User Manual Table of contents Table of contents... 2 1. Product features and capabilities... 3 2. System requirements... 5 3. Getting started with the software... 5 3-1 Installation...
WHAT S INSIDE Quick Start Guide xprintserver Power supply with regional adapters 3 Ethernet Cable Mounting Bracket & 2 Screws Rubber Feet (4) 1 BEFORE YOU BEGIN 1. If you intend to connect a USB printer
owncloud Configuration and Usage Guide This guide will assist you with configuring and using YSUʼs Cloud Data storage solution (owncloud). The setup instructions will include how to navigate the web interface,
Outlook E-Mail Step 1: Open and Configure Outlook 1. Click the Microsoft Button in the lower left task bar 2. Select All Programs 3. Select Microsoft Office 4. Select Microsoft Outlook 5. Follow the Start
Allworx OfficeSafe Operations Guide Release 6.0 No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy,
Policy Server NetOp Policy Server Quick Guide Copyright. All rights reserved. Document Revision: 2007212 Please send any comments to: Danware Data A/S Bregnerodvej 127 DK-3460 Birkerod Denmark Tel: +45