|Applies to Product:||USM Appliance™||AlienVault OSSIM®|
AT&T Cybersecurity strongly recommends that you keep the USM Appliance installation up-to-date and on the same version if you have deployed multiple USM Appliance instances. While USM Appliance are backward-compatible, the difference between versions can cause you to miss security events.
Follow the order below while updating different USM Appliance components.
- USM Appliance Logger (if any)
- USM Appliance Server or USM Appliance All-in-One
- USM Appliance Sensor
By following this order, you ensure that the USM Appliance Server/All-in-One correctly processes any data received from the USM Appliance Sensor, should the update contain any formatting changes.
Similarly, while updating the USM Appliance Enterprise Server, which consists of an Enterprise Server and an Enterprise Database, you must update the Enterprise Server first, followed by the Enterprise Database. In doing so, you ensure that the Enterprise Server understands any database changes the update incurs.
The USM Appliance Product Releases
AT&T Cybersecurity delivers patches containing security updates and defect fixes to existing releases. This sometimes includes updates to the underlying operating system. Customers should not change or update the operating system by themselves, see Unauthorized Modification of USM Appliance Can Lead to Instability for details.
To find out the details of each product release, see the "New Update: AlienVault <version> has been released" messages in the Message Center or the USM Appliance release notes.
AT&T Alien Labs™ delivers threat intelligence updates to the USM Appliance platform every week. These updates typically include
- Correlation rules
- Cross-correlation rules
- Network IDS signatures
- Host IDS signatures
- Vulnerability threat database
Note: Since the threat intelligence update refreshes the vulnerability threat database used by vulnerability scans, it will not finish if any scan job is running.
To find out the details of each threat intelligence update, check Message Center for the AlienVault Labs Threat Intelligence Update Summary messages.
The Plugin Feed Updates
Alien Labs typically delivers a plugin feed update to the USM Appliance platform every two months. These updates usually include
- New plugins
- Fixes to existing plugins
- AlienVault HIDS A USM Appliance feature and data source for intrusion detection that enables host-based log collection, file integrity monitoring, and, on Windows hosts only, rootkit detection and Windows registry integrity monitoring. decoders and rules (USM Appliance version 5.3.2 and later)
- Common Platform Enumeration (CPE) dictionary for plugins
To find out the details of each plugin feed update, check Message Center for the Plugins Feed Update messages.
In USM Appliance version 5.4 and later, you can configure threat intelligence and plugin updates to run automatically. See Configuring Automatic Updates for Threat Intelligence and Plugins for instructions.