Documente Academic
Documente Profesional
Documente Cultură
DeployingtheAlienVaultHIDSAgentsinAlienVaultUSMv5
USM v5
OTX
USM for AWS
USM for Government
USM Additional Documentation
BLOGS
FORUMS
SUPPORT
1/5
5/5/2016
DeployingtheAlienVaultHIDSAgentsinAlienVaultUSMv5
3. On New HIDS Agent, select the host from the asset tree.
USM populates Agent Name with the host name, and IP/CIDR with the host IPaddress automatically.
4. Click Save.
USM adds the new agent to the list.
5. To deploy the agent, click the
6. In Automatic Deployment for Windows, type the Domain (optional), User, and Password of the host; then
click Save.
USM assembles a preconfigured binary file and deploys it to the host.
7. Alternatively, to download the preconfigured binary file, click the
Your browser downloads the file automatically or prompts you for the download.
8. Transfer the file, named ossec_installer_<agent_id>.exe, to the Microsoft Windows host.
9. On the Windows host, double-click to run the executable.
The installer runs in a console briefly, then displays a progress bar until completion.
https://www.alienvault.com/documentation/usmv5/idsconfiguration/deployingalienvaulthids.htm
2/5
5/5/2016
DeployingtheAlienVaultHIDSAgentsinAlienVaultUSMv5
button in the Actions column, and then copy the key that
6. Login to the Linux host, run /var/ossec/bin/mange_client, and then enterI to import the key you
copied in the previous step.
7. Edit /var/ossec/etc/ossecagent.conf to change the server IP address to the USM.
8. Start the HIDS agent if it is not already running:
serviceossechidsstart
chkconfigossechidson
9. On the USM, navigate to Environment > Detection, click HIDS Control, and then Restart.
Deployment Verification
You can verify the deployment both on the HIDS agent and the USM.
On the HIDS agents, you can check the ossec.log file to make sure that a message similar to the following
exists:
2015/09/1809:07:38ossecagent:INFO:Started(pid:3440).
2015/09/1809:07:38ossecagent(4102):INFO:Connectedtotheserver
(10.47.30.100:1514).
3/5
5/5/2016
DeployingtheAlienVaultHIDSAgentsinAlienVaultUSMv5
more/var/ossec/logs/ossec.log
3. To see the AlienVault HIDS events from a specific agent, navigate to Analysis > Security Events (SIEM).
4. In Data Sources, select AlienVault HIDS; change Signature to Src IP, enter the IP addresses of the HIDS
Agent, and then click Go.
The AlienVault HIDS events from the particular agent display.
AlienVault HIDS
About AlienVault HIDS
Deploying the AlienVault HIDS Agents
File Integrity Monitoring
Agentless Monitoring
https://www.alienvault.com/documentation/usmv5/idsconfiguration/deployingalienvaulthids.htm
4/5
5/5/2016
DeployingtheAlienVaultHIDSAgentsinAlienVaultUSMv5
Additional Resources
Resource Center
Forums
888.613.6023
hello@alienvault.com
https://www.alienvault.com/documentation/usmv5/idsconfiguration/deployingalienvaulthids.htm
5/5