USM Appliance™

What Is Telemetry Collection and How Does It Work

Applies to Product: USM Appliance™ AlienVault OSSIM®

At AlienVault we are continually striving to improve USM Appliance, by understanding how our users are interacting with the USM Appliance platform. Through anonymous usage data, we will be able to improve the product and user experience. In AlienVault USM Appliance version 5.0, we added an optional Telemetry Collection capability to help us better understand how customers are using our products and services.

Where Is the Telemetry Data Stored

AlienVault receives and stores the anonymized telemetry data on an internal server: The server certificates are signed by GoDaddy and all USM Appliance instances have the necessary certificates in order to connect to this external server. Telemetry data is sent at 2:00 am local time on Sundays.

Note: Please make sure to update your firewall rules to allow outbound connections to through port 443 should you choose to use this feature.

How Is Telemetry Data Gathered in a Distributed Deployment

If you have a distributed deployment of USM Appliance, for example, a USM Appliance Server, a USM Appliance Sensor, and/or a USM Appliance Logger, your USM Appliance Server will gather the telemetry data from the connected USM Appliance instances. In other words, the USM Appliance Sensor and USM Appliance Logger will not send telemetry data themselves, but will send data through the USM Appliance Server.

What Types of Data are Collected

We collect the following platform information:

  • Average EPS
  • Plugins installed
  • Plugins being used
  • Installed memory
  • Kernel configuration information
  • USM Appliance version and date last updated
  • Deployment architecture
    • Number of assets being monitored
    • Configured network interfaces
    • USM Appliance type
    • USM Appliance configuration
    • USM Appliance instances in use
    • USM Appliance Sensor / Remote Sensor configurations
    • Number of cores used
  • Commands running
  • Disk I/O
  • Disk size
  • Redis health status
  • VPN in use
  • Number of users on the system
  • Use of AlienVault OTX™

You can view a sample file of the anonymous data collected. And to learn more about information usage, please review our privacy policy.

Enabling/Disabling Telemetry Collection

Enabling/Disabling for the First Time

After the AlienVault USM Appliance system is deployed and registered, the first time you access it from the web UI, you are prompted to create an administrator account. At the bottom of the page, notice the option "Send anonymous usage statistics and system data to AlienVault to improve USM Appliance". It is selected by default, which means telemetry collection will be enabled. To disable telemetry collection, deselect this option.

Enabling/Disabling at Any Time

Telemetry collection can be enabled or disabled in version 5.x at any time. In the web UI, go to Configuration > Administration > Main, and open the User Activity selection. Locate "Send anonymous usage statistics and system data to AlienVault to improve USM Appliance", select Yes to enable, or No to disable.