Configure the USM Appliance Sensor after Deployment

Applies to Product: USM Appliance™ AlienVault OSSIM®

You'll want to set up and configure the USM Appliance Server first. If you purchased USM Appliance Standard, Enterprise, or Remote Sensors, next you will want to configure the sensor by providing the USM Appliance Server IP address and Framework IP address through the AlienVault Setup menu. Then, there are some final configuration steps on the web UI.

Prerequisites

  • USM Appliance All-in-One — You must have already configured the USM Appliance All-in-One before you can complete the sensor configuration.
  • USM Appliance Standard or Enterprise — You must have already configured the USM Appliance Server and have its IP address available.
  • If you intend to configure VPN in your USM Appliance deployment, you must set up a VPN tunnel for the client beforehand. This provides you with a VPN IP address that you use in this configuration task. For details, see VPN Configuration.

Configure the USM Appliance Sensor

To configure a sensor on USM Appliance All-in-One or USM Appliance Server

  1. Connect to the AlienVault Console through SSH and use your credentials to log in.

    The AlienVault Setup menu displays.

  2. Select Configure Sensor.
  3. Select Configure AlienVault Server IP.
  4. Type the IP address of the USM Appliance Server the sensor should contact and press Enter (<OK>).

    Important: If this USM Appliance deployment will use VPN, substitute the VPN IP for the physical IP address.

    The Configure Sensor menu appears again.

  5. Select Configure AlienVault Framework IP.
  6. Type the same IP address you did for the server and press Enter (<OK>).

    The application returns you to the Configure Sensor menu.

  7. Press <Back> until you are on the AlienVault Setup menu again. Select Apply all Changes.
  8. Press <Yes> to confirm.

    USM Appliance applies the changes and restarts all the services, which may take several minutes.

  9. Launch the USM Appliance web UI and log in as administrator.
  10. Go to Configuration > Deployment > Components > Sensors.

    A warning message appears, stating:

    The following sensors are being reported as enabled by the server, but are not configured.

    The warning message contains the sensor IP address and two links labeled Insert and Discard.

  11. Click Insert.

    A new screen containing a form appears. To answer the monitor network question, see Correlation Contexts for assistance.

  12. Fill out the form and click Save.
  13. Repeat all of the foregoing procedures for every sensor you plan to deploy in your network.