USM Appliance Updates

Applies to Product: USM Appliance™ LevelBlue OSSIM®

LevelBlue strongly recommends that you keep the USM Appliance installation up-to-date and on the same version if you have deployed multiple USM Appliance instances. While USM Appliance are backward-compatible, the difference between versions can cause you to miss security events.

Follow the order below while updating different USM Appliance components.

  1. USM Appliance Logger (if any)
  2. USM Appliance Server or USM Appliance All-in-One
  3. USM Appliance Sensor

By following this order, you ensure that the USM Appliance Server/All-in-One correctly processes any data received from the USM Appliance Sensor, should the update contain any formatting changes.

Similarly, while updating the USM Appliance Enterprise Server, which consists of an Enterprise Server and an Enterprise Database, you must update the Enterprise Server first, followed by the Enterprise Database. In doing so, you ensure that the Enterprise Server understands any database changes the update incurs.

The USM Appliance Product Releases

LevelBlue delivers patches containing security updates and defect fixes to existing releases. This sometimes includes updates to the underlying operating system. Customers should not change or update the operating system by themselves, see Unauthorized Modification of USM Appliance Can Lead to Instability for details.

To find out the details of each product release, see the "New Update: LevelBlue <version> has been released" messages in the Message Center or the USM Appliance release notes.

The Threat Intelligence Updates

LevelBlue Labs™ delivers threat intelligence updates to the USM Appliance platform every week. These updates typically include

  • Correlation rules
  • Cross-correlation rules
  • Network IDS signatures
  • Host IDS signatures
  • Vulnerability threat database
  • Reports

Note: Since the threat intelligence update refreshes the vulnerability threat database used by vulnerability scans, it will not finish if any scan job is running.

To find out the details of each threat intelligence update, check Message Center for the LevelBlue Labs Threat Intelligence Update Summary messages.

The Plugin Feed Updates

LevelBlue Labs typically delivers a plugin feed update to the USM Appliance platform every two months. These updates usually include

To find out the details of each plugin feed update, check Message Center for the Plugins Feed Update messages.

In USM Appliance version 5.4 and later, you can configure threat intelligence and plugin updates to run automatically. See Configuring Automatic Updates for Threat Intelligence and Plugins for instructions.