Configuring Network Interfaces

Applies to Product: USM Appliance™ AlienVault OSSIM®

An AlienVault USM Appliance All-in-One comes with six network interfaces, numbered eth0 to eth5. USM Appliance uses these interfaces to perform the following functions:

  • Monitor the network, using its built-in IDS capabilities
  • Run asset scans
  • Collect log data from your assets
  • Run vulnerability scans
  • Generate network flows

The interfaces include the options described in the following subtopics.

To configure network monitoring

  1. Choose the network interface you want to use for network monitoring
  2. Select Network Monitoring from the list. 

    Once selected, USM Appliance immediately configures the network interface to listen for incoming traffic.

  3. Configure your virtual machine to get traffic from your physical network. 

    Configure Network Interfaces window for Getting Started Wizard.

Once the network is forwarding data to the selected network interface, the Status indicator changes from red to green. This means that the interface is both configured and receiving data as expected.

After you've configured the network monitoring interface, verify that it's receiving network traffic. If you are on a virtual network, make sure that you are receiving network traffic and not just virtual switch traffic. Follow the instructions in Monitor VMware Standard Virtual Switches.

To configure log collection and scanning

  1. Choose the network interface that will be used for log collection and scanning.
  2. Select "Log Collection & Scanning" from the list. 

    A screen pops up asking for an IP address and netmask. This information will be used to configure the network interface with a static IP address.

  3. On the IP Address & Netmask box, enter an IP address and netmask for a different subnet.

    The Configure Network Interfaces screen displays again. The IP address you supplied shows as the IP address for the interface.  This indicates that the interface configuration is successful.

  4. Configure the other interfaces as needed for additional log collection and scanning.

    Note: In some situations the network that you want to monitor may not be accessible from the IP address provided without setting up a route in the routing table.  This is an extreme case and should not happen often.  If a route is required, you will need to jailbreak the system using the AlienVault console and configure the route using the command line.

    After you have finished configuring the network interfaces, click Next at the bottom-right corner to proceed.