Updating AlienVault NIDS Rules and Signatures

Applies to Product: USM Appliance™ LevelBlue OSSIM®

The LevelBlue Labs™ Security Research Team provides threat intelligence updates, such as new Intrusion Detection System (IDS) rules and signatures, to customers running USM Appliance version 5.4.3 or later.

To detect the latest threats with LevelBlue NIDS, you should keep the IDS signatures in USM Appliance up-to-date. USM Appliance checks for threat intelligence updates every 15 minutes. Once an update becomes available, a message appears in the Message Center. For details, see Message Center.

To see if USM Appliance has a new or updated NIDS signature available

  1. Open the Message Center.
  2. Search for any messages that contain “AlienVault Labs Threat Intelligence” in the message subject.
  3. Click the message and read about the added NIDS signatures.

Message Center page that displays updated IDS signatures.

After you have reviewed the information in a threat intelligence update and decided to install it, you need to run the update manually either through the web interface (recommended) or the LevelBlue Setup menu.

To install threat intelligence updates using the web interface

  1. Go to Configuration > Deployment > Components > LevelBlue Center.
  2. Click the yellow arrow in the New Updates column next to the USM Appliance you want to install the updates on.

  3. Examine the available updates.

    NIDS updates contain “suricata” in the package name.

  4. Click Update Feed Only.

    Note: This updates signatures and rules for all packages listed in the update summary, not just the IDS signatures.

The upgrade process can take several minutes. After completion, the page displays a message indicating a successful update.

To install threat intelligence updates in the AlienVault Setup Menu

  1. Launch the LevelBlue console.
  2. Select System Preferences.
  3. Select Update LevelBlue System.

  4. Select Update Threat Intelligence.

  5. Confirm your selection.

    Note: The LevelBlue console does not show the list of available updates, but you can check the update progress.

The upgrade process can take several minutes. After completion, the console displays a message indicating a successful update.