AlienVault. Unified Security Management 5.x Configuration Backup and Restore



Similar documents
AlienVault. Unified Security Management 5.x Configuring a VPN Environment

Device Integration: CyberGuard SG565

Device Integration: Citrix NetScaler

How to send s triggered by events

Monitoring VMware ESX Virtual Switches

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Device Integration: Cisco Wireless LAN Controller (WLC)

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

User Management Guide

Device Integration: Checkpoint Firewall-1

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

Deploying HIDS Client to Windows Hosts

How to enable File Integrity Monitoring (FIM)

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

Suricata IDS. What is it and how to enable it

Assets, Groups & Networks

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

AlienVault. Unified Security Management (USM) x Initial Setup Guide

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

AlienVault Offline Key Activation


Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

File Transfer with Secure FTP

LifeSize Control Installation Guide

Moving the TRITON Reporting Databases

Installing SQL Express. For CribMaster 9.2 and Later

NovaBACKUP: VMware Plug-In

Using Symantec NetBackup with Symantec Security Information Manager 4.5

The SIEM Evaluator s Guide

CaseWare Time. CaseWare Cloud Integration Guide. For Time 2015 and CaseWare Cloud

DocuSign Connect for Salesforce Guide

QuickBooks Mac 2014 Getting Started Guide

McAfee Enterprise Security Manager 9.3.2

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Configuration Guide. Remote Backups How-To Guide. Overview

Configure Cisco Emergency Responder Disaster Recovery System

CASHNet Secure File Transfer Instructions

Conceptronic CFULLHDMA How to use Samba/CIFS and NFS

How to configure Exchange Smart Host

Moving the Web Security Log Database

SharePoint Wiki Redirect Installation Instruction

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

NetBackup Backup, Archive, and Restore Getting Started Guide

Browser Client 2.0 Admin Guide

Setting up Microsoft Office 365

uh6 efolder BDR Guide for Veeam Page 1 of 36

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

Printer Driver Installation Guide

Maintenance Guide. Outpost Firewall 4.0. Personal Firewall Software from. Agnitum

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Installing Microsoft Exchange Integration for LifeSize Control

Attix5 Pro Server Edition

vsphere Replication for Disaster Recovery to Cloud

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Install SQL Server 2014 Express Edition

HIPAA Compliance Use Case

Managing the System Event Log

Upgrading a computer to Windows 10 with PetLinx

Installing and Configuring vcenter Support Assistant

Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual

Knowledge Base Articles

Netflow Collection with AlienVault Alienvault 2013

F-SECURE MESSAGING SECURITY GATEWAY

Export & Backup Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Verizon Wireless Field Force Manager. Windows Mobile Devices

Miami University RedHawk Cluster Connecting to the Cluster Using Windows

Adding Outlook to a Blackberry, Downloading, Installing and Configuring Blackberry Desktop Manager

Using Time Machine to Backup Multiple Mac Clients to SNC NAS and 1000

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

vcenter Operations Management Pack for SAP HANA Installation and Configuration Guide

Upgrading Redwood Engine Software. Version 2.0.x to 3.1.0

Managing the System Event Log

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Using Cisco UC320W with Windows Small Business Server

Novell ZENworks Asset Management 7.5

Administrator s Guide for the Polycom Video Control Application (VCA)

McAfee SIEM Alarms. Setting up and Managing Alarms. Introduction. What does it do? What doesn t it do?

Personal Call Manager User Guide. BCM Business Communications Manager

5.6.2 Optional Lab: Restore Points in Windows Vista

Acronis Backup & Recovery 11.5 Quick Start Guide

Setting up Microsoft Office 365

Distribution List Manager User s Manual

Juniper Networks Management Pack Documentation

Managing Cisco ISE Backup and Restore Operations

How do I set up a branch office VPN tunnel with the Management Server?

Intrusion Detection in AlienVault

Acronis Backup & Recovery 11

QUANTIFY INSTALLATION GUIDE

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

INSTALLATION GUIDE Datapolis Process System v

BSDI Advanced Fitness & Wellness Software

Maintaining the Content Server

Uni Sales Analysis CRM Extension for Sage Accpac ERP 5.5

Transcription:

AlienVault Unified Security Management 5.x Configuration Backup and Restore

USM 5.x Configuration Backup and Restore Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM, and OSSIM are trademarks or service marks of AlienVault, Inc. All other registered trademarks, trademarks or service marks are the property of their respective owners. Revision to This Document Date Revision Description April 30, 2015 Original document published for AlienVault USM version 5.0. June 4, 2015 Document updated to correct some typos and added the note on restoring OSSIM on USM. June 4, 2015 USM 5.x Configuration Backup and Restore Page 2 of 7

Contents Contents The Backup Process... 4 Managing Configuration Backups From the Web UI... 4 What Are Included in Configuration Backups... 4 When Are Configuration Backups Run... 5 Where Are Configuration Backups Stored... 5 How Are Configuration Backups Done in a Federated Environment... 5 The Restore Process... 6 June 4, 2015 USM 5.x Configuration Backup and Restore Page 3 of 7

The Backup Process The backup and restore procedures in USM 4.x requires jailbreaking the system and executing backup commands manually. In USM 5.0, this process has been improved. Users can backup and restore system configurations including system profile, network configuration, inventory data, policies, plugins, correlation directives and other basic settings. Backups are managed in the web UI and run automatically each day or as needed. Users can restore a USM system from a backup file via the AlienVault console. The Backup Process Managing Configuration Backups From the Web UI In the web UI, navigate to Configuration > Administration > Backups > Configuration, the configuration backups display in a table format. The columns are System, Date, Backup, Type, Version, Size, and Download. By default, backups are sorted by their timestamps, with the latest one at the top. To look for a backup, use the search box at the upper left hand corner. You can search on system (name or IP address), date, or type. To download the backups and store them locally, locate the backup and click the Download button towards the right. To delete one or more backups, select them by checking the square to the left of each backup, and then click the Delete button above the table towards the right. What Are Included in Configuration Backups System configuration (networking, system profile, USM basic configuration settings) Inventory data Policies Plugins (both default and customized) Correlation directives HIDS configurations Note: Security events and raw logs are NOT included in the backups. June 4, 2015 USM 5.x Configuration Backup and Restore Page 4 of 7

The Backup Process When Are Configuration Backups Run Backups are run at 7:00 am local time every day. They display as "Auto" under the Type column in the web UI. You can also run a backup yourself at any time. To run a backup manually 1. In the web UI, navigate to Configuration > Administration > Backups > Configuration. 2. Click Run Backup Now. A message comes up showing when the last backup was run and asking if you want to continue. 3. Select Yes to start the backup. These backups display as "Manual" under the Type column. When a backup process runs, we first do the following checks to make sure that normal USM operation is not interrupted: There isn't a re-configuration process running. There isn't another instance of backup or restore process running. There is enough disk space to create a configuration backup file. The backup process will not continue if any of the checks fails. To see the error messages in the backup logs, click View Backup Logs on Configuration > Administration > Backups > Configuration. Where Are Configuration Backups Stored Each USM appliance stores its configuration backup files as /var/alienvault/backup/configuration_<hostname>_<timestamp>.tar.gz Backups marked as Auto are rotated daily, and we maintain 10 backups on each appliance based on their timestamp. How Are Configuration Backups Done in a Federated Environment In a federated environment, where you have sensor(s) reporting to a USM Server (child server), which reports to another USM Server (federated server), keep the following in mind: June 4, 2015 USM 5.x Configuration Backup and Restore Page 5 of 7

The Restore Process Each USM Server (both child server and federated server) will only trigger automatic backups of itself and directly connected sensors. In other words, the federated server does not trigger automatic backups to its child servers. The backups are stored per AlienVault appliance. This means that each appliance will store its own backup file. In the web UI, there is a Show Backups for dropdown allowing you to choose which system you want to view. You can select the child server on the federated server, but not vice versa. On the federated server, you can run a manual backup of the child server. To do this, select the child server from the drop-down, and then click Run Backup Now. The Restore Process You can only restore a USM system from a backup file via the AlienVault console. When a restore process runs, we first do the following checks to make sure that the underlying system is ready and compatible: There isn't a re-configuration process running. There isn't another instance of backup or restore process running. The backup profile matches the system profile. In other words, you cannot restore a backup file from a USM Server on a USM Sensor. The version of the backup file is the same as the target system. This means that you cannot restore a USM v5.0 backup on a system that is running USM v4.x. There is enough disk space to restore the configuration backup. Note: You can restore an OSSIM backup on a USM or vice versa, as long as they are on the same version. Before restoring a backup file, you will need to transfer the file to the target system first. To do this, you can use an SFTP client on Windows OS, such as WinSCP; or the scp protocol on Linux-based systems. On the target system, you need to place the file in /var/alienvault/backup/ June 4, 2015 USM 5.x Configuration Backup and Restore Page 6 of 7

The Restore Process To restore the backup file 1. Connect to the AlienVault Console via ssh or putty. The AlienVault Setup menu displays. 2. Select Maintenance & Troubleshooting, click <OK> or press Enter. 3. Select Backups, click <OK> or press Enter. 4. Select Restore configuration backup, click <OK> or press Enter. 5. Select the backup you want to restore, click <OK> or press Enter. A confirmation message displays. 6. Select <Yes> to continue or <No> to abort. The restore process starts. The system restarts automatically once the restore process finishes. If an SSH connection is used to perform the restoration process, and there is an IP address change, the network connection will be dropped. June 4, 2015 USM 5.x Configuration Backup and Restore Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information