|Applies to Product:||USM Appliance™||AlienVault OSSIM®|
Staring from version 5.2.5, USM Appliance and AlienVault OSSIM® offer the option to reset the AlienVault API key from the AlienVault Setup menu.
This option is available in all version 5.2.5 appliances by connecting through SSH and selecting System preferences > Reset AlienVault API key:
What Is the Reset AlienVault API Key Option for?
In USM Appliance version 5.2.4 and previous releases, AlienVault includes the API key in the configuration backups in clear text. If the backup was downloaded and stored in an insecure location, it could be used to SSH into USM Appliance as the avapi user and potentially harm the system.
In USM Appliance version 5.2.5 and later releases, the AlienVault API key is no longer included in the configuration backup. Since the avapi user performs many critical tasks in USM Appliance, we recommend that you reset the API key in every appliance if you have updated USM Appliance from a previous version.
Resetting the AlienVault API Key in Different Scenarios
You can reset the AlienVault API key at any stage after you have updated to USM Appliance version 5.2.5 or later.
On Isolated USM Appliance All-in-One or USM Appliance Standard Server
This operation is immediate. There is no need to provide root password as it is a local change.
Just select the option from the AlienVault Setup menu and select Yes when prompted to regenerate the new AlienVault API Key.
In a Distributed Deployment with More Than One USM Appliance Server or USM Appliance Sensor
This operation should be executed in all USM Appliance instances in order to fully reset the AlienVault API Key.
This should be executed from bottom-up considering the deployment hierarchy, in other words, USM Appliance Sensors first, followed by USM Appliance Servers or USM Appliance All-in-Ones, followed by Federated Servers or USM Appliance Loggers.
The reasoning behind this is because choosing "Reset AlienVault API Key" will rewrite the authorized_keys file completely. Thus, after resetting API key on a USM Appliance Sensor, it will no longer have the corresponding USM Appliance Server's key, therefore the USM Appliance Server will not be able to communicate with the USM Appliance Sensor through the AlienVault API. But if you reset the AlienVault API key on the USM Appliance Server next, the USM Appliance Server sends it's new key to the USM Appliance Sensor thus restoring the API connectivity.
Note: In distributed deployments, where you have more than one USM Appliance deployed, ensure that you know the password of the root user to the directly connected appliances as they are required to reset the AlienVault API keys.