Tuesday, August 4, 2020

Fix AlienVault HIDS Events Displaying 0.0.0.0 as IP Address

7
In this guide, we are going to show you how to fix AlienVault HIDS events displaying 0.0.0.0 as IP address. Are you running AlienVault OSSIM 5.7.1 and you are experiencing an issue where by it is not parsing events correctly and instead of displaying the actual hostnames or IP addresses as it is on the events, it...

Monitor Linux Hosts using Nagios check_by_ssh Plugin

0
Welcome to our tutorial on how to monitor Linux Hosts using Nagios check_by_ssh plugin. This enables Nagios Server to monitor system metrics and services on remote Linux server using SSH. We have covered various guides on Nagios Monitoring in our previous articles; Nagios SNMP Monitoring of Linux Hosts on AlienVault USM/OSSIM How to Install Nagios Plugins and NRPE agents...

How to Install IBM QRadar CE v7.3.1 on VirtualBox

0
In this guide, we are going to learn how to install IBM QRadar CE v7.3.1 on VirtualBox. The QRadar Community Edition v7.3.1 is the latest release that comes with new and improved features such as; Support for IBM Security X-Force Threat Intelligence which provides IP reputation data for users Password policy updates Updated user interface New Event Collection service...

Configure Nagios Availability Monitoring on AlienVault USM/OSSIM

0
In this guide, we are going to learn how to configure Nagios Availability Monitoring on AlienVault USM/OSSIM. We will cover how to configure host as well as service availability monitoring. Host monitoring reports whether an asset is up or down while Services monitoring discovers services on an asset and monitors their availability. AlienVault uses Nagios by default for host availability...

How to Install Nagios NRPE Agent on RHEL/CentOS/Oracle Linux

2
Nagios Remote Plugin Executor (NRPE) is used to remotely execute Nagios plugins on Linux/Unix machines. This makes it easy to monitor remote machine metrics such as disk usage, CPU load, number of running processes, logged in users etc. In this tutorial, we are going to learn how to install and configure NRPE from source for use with Nagios Server. You...

How to Install and Configure NSClient++ Nagios Agent on Windows System

4
NSClient++ is a monitoring agent/daemon for Windows systems that makes it easier to collect performance metrics by Nagios. In this tutorial, we are going to learn how to install and configure NSClient++ nagios monitoring agent for Windows systems. Follow through the following steps to install NSClient++. Download NSClient Agent Download the latest version of NSClient from here. Agent Installation Once the download is done,...

How to Install and Setup AlienVault HIDS Agent on a Windows Host

2
There are two ways in which AlienVault HIDS agent can be installed on a Microsoft Windows system. Automatically install a pre-configured agent on the host from the AV server or download it and install it on the host yourself. The pre-configured installer has the server IP and authentication key configured automatically. Download a binary installer and manually install and...

How to Install and Configure AlienVault HIDs Agent on a Linux Host

2
In this tutorial, we are going to learn how to install and configure AlienVault HIDS (Host Intrusion Detection) agents on a Linux as well as a Windows system. AlienVault uses OSSEC HIDS agents for Host Intrusion Detection. To actively monitor all aspects of system activity; file integrity monitoring, log monitoring, rootcheck, and process monitoring, OSSEC agents that collect all these...

Import Assets to AlienVault USM/OSSIM using a CSV file

0
In this article, we are going to learn how to import assets to AlienVault USM/OSSIM using CSV file. The assets in this case refers to hosts, servers, routers, or any other device or endpoint you want to monitor for HIDs, NIDs, file integrity, vulnerability using AlienVault USM/OSSIM server. In our previous article, we learned how to install and set up...

How to install and configure AlienVault OSSIM 5.5 on VirtualBox

0
In this tutorial, we are going to learn how to install and set up AlienVault OSSIM 5.5 SIEM on VirtualBox. If you are a Blue Team security analyst, in one way or another you must have heard of or interact with not one, not two SIEM (Security Information and Event Management) solutions. Well, AlienVault is one of the leading SIEM...