Enable Plugins on Assets

Applies to Product: USM Appliance™ AlienVault OSSIM®

After you run a scan of your network to discover assets, the discovered assets are saved in the USM Appliance database. (For information on asset discovery, see Adding Assets by Scanning for New Assets.) You can then select and enable plugins on the discovered assets. You can enable up to 10 plugins per asset.

You can enable all plugins on an asset, except for the sensor-only ones, from the USM Appliance web UI.

To enable a plugin from the Asset Details display

  1. Go to Environment > Assets & Groups > Assets.
  2. Select the asset for which you want to enable plugins.
  3. Click the magnifying glass icon ().
  4. Click the Plugins tab.

  5. Click Edit Plugins.

    Edit Plugins page from Assets.

  6. Select a vendor, a model, and a version of the plugin you want to enable.
  7. Click Add Plugin.

  8. If you want to add another plugin, select another plugin in the same way as before and click Add Plugin; otherwise, click Save.

    Enabled plugins now appear in the plugin display for the current asset:

    Plugins page from Add Plugins.

    The Receiving Data value turns green when the Source, Destination, or Device IP field of an event matches the IP address of the asset.

  9. Repeat the procedure for each discovered asset.

Note: Incoming syslog messages for each asset are saved on the USM Appliance Sensor in individual /var/log/alienvault/devices/<asset_IP_address> folders, one folder per asset IP address.

You can enable all plugins, except for the sensor-only ones, from the Getting Started Wizard, as long as you have USM Appliance All-in-One.

Note: The Getting Started Wizard is only available for USM Appliance All-in-One.

The Getting Started Wizard takes you through the initial setup tasks needed to configure USM Appliance after deployment.

After the wizard guides you through the network scan, you will see a list of discovered assets on the Log Management page. This page lets you enable up to 10 plugins for each of these discovered assets and up to 100 plugins per USM Appliance Sensor.

To enable plugins for each asset

  1. Select the correct Vendor, Model, and Version number corresponding to the data that you want to collect from that asset.

    All three fields are required. The Version field defaults to ‘-‘ if no other selection is available. The Add Plugin button is enabled.

  2. If you want to enable another plugin for the same asset, click Add Plugin.

    Another row is added for you to select the Vendor, Model, and Version number for a different plugin.

  3. Repeat step 1 and 2 for each plugin you want to enable. You can enable up to 10 plugins per asset.

    Set up Log Window for Getting Started Wizard.

  4. Repeat step 1-3 for each asset.

  5. To enable the selected plugins, click Enable.

    The Log Management Confirmation page, shown in the following illustration, displays the plugins that you enabled. The Receiving Data value turns green when the Source, Destination, or Device IP field of an event matches the IP address of the asset. Gray means that no data is being received.

    Set up Log Management window for Getting Started Wizard.

  6. To learn how to configure your assets to send data to USM Appliance, click Instructions to forward logs.

    After you have enabled plugins for your assets, click Next at the bottom-right corner to proceed.