USM Appliance™

Updating AlienVault NIDS Rules and Signatures

Applies to Product: USM Appliance™ AlienVault OSSIM®

The AT&T Alien Labs™ Security Research Team provides threat intelligence updates, such as new Intrusion Detection System (IDS) rules and signatures, to customers running USM Appliance version 5.4.3 or later.

To detect the latest threats with AlienVault NIDS, you should keep the IDS signatures in USM Appliance up-to-date. USM Appliance checks for threat intelligence updates every 15 minutes. Once an update becomes available, a message appears in the Message Center. For details, see Message Center.

To see if USM Appliance has a new or updated NIDS signature available

  1. Open the Message Center.
  2. Search for any messages that contain “AlienVault Labs Threat Intelligence” in the message subject.
  3. Click the message and read about the added NIDS signatures.

Message Center page that displays updated IDS signatures.

After you have reviewed the information in a threat intelligence update and decided to install it, you need to run the update manually either through the web interface (recommended) or the AlienVault Setup menu.

To install threat intelligence updates using the web interface

  1. Go to Configuration > Deployment > Components > AlienVault Center.
  2. Click the yellow arrow in the New Updates column next to the USM Appliance you want to install the updates on.

  3. Examine the available updates.

    NIDS updates contain “suricata” in the package name.

  4. Click Update Feed Only.

    Note: This updates signatures and rules for all packages listed in the update summary, not just the IDS signatures.

The upgrade process can take several minutes. After completion, the page displays a message indicating a successful update.

To install threat intelligence updates in the AlienVault Setup Menu

  1. Launch the AlienVault console.
  2. Select System Preferences.
  3. Select Update AlienVault System.

  4. Select Update Threat Intelligence.

  5. Confirm your selection.

    Note: The AlienVault console does not show the list of available updates, but you can check the update progress.

The upgrade process can take several minutes. After completion, the console displays a message indicating a successful update.