Applies to Product:

USM Appliance™

AlienVault OSSIM®

We are always working to improve the security of our products. You, the AlienVault community, aid our ability to deliver secure software for our customers — so thanks in advance!

Discovered a security vulnerability? Disclose it to us through our HackerOne program at https://hackerone.com/alienvault_security. You can find further information of what domains we currently undertake on this page.

What Vulnerability Information Are We Looking For?

When submitting an issue, please provide a technical description that allows us to assess exploitability and impact of the issue, and include the following where appropriate:

• Provide steps and any additional information we may need to reproduce the issue.
• If you are reporting cross-site scripting (XSS), your exploit should at least pop up an alert in the browser. It is much better if the XSS exploit shows the user's authentication cookie.
• For a cross-site request forgery (CSRF), use a proper CSRF case when a third party causes the logged-in victim to perform an action.
• For a SQL injection, we want to see the exploit extracting database data, not just producing an error message.
• HTTP request / response captures or simply packet captures are also very useful to us.

Please refrain from sending us links to non-AlienVault websites, or issues in PDF / DOC / EXE files. Image files are OK. Make sure the bug is exploitable by someone other than the user ("self-XSS").

Note: We are unable to respond to generic scanner reports. If you have had a security practitioner examine a generic scan report and they have isolated specific vulnerabilities that need to be addressed, we request that you report them individually.