Applies to Product:

USM Appliance™

LevelBlue OSSIM®

Staring from version 5.2.5, USM Appliance and LevelBlue OSSIM® offer the option to reset the LevelBlue API key from the LevelBlue Setup menu.

This option is available in all version 5.2.5 appliances by connecting through SSH and selecting System preferences > Reset AlienVault API key:

What Is the Reset AlienVault API Key Option for?

In USM Appliance version 5.2.4 and previous releases, LevelBlue includes the API key in the configuration backups in clear text. If the backup was downloaded and stored in an insecure location, it could be used to SSH into USM Appliance as the avapi user and potentially harm the system.

In USM Appliance version 5.2.5 and later releases, the LevelBlue API key is no longer included in the configuration backup. Since the avapi user performs many critical tasks in USM Appliance, we recommend that you reset the API key in every appliance if you have updated USM Appliance from a previous version.

Resetting the LevelBlue API Key in Different Scenarios

You can reset the LevelBlue API key at any stage after you have updated to USM Appliance version 5.2.5 or later.

On Isolated USM Appliance All-in-One or USM Appliance Standard Server

This operation is immediate. There is no need to provide root password as it is a local change.

Just select the option from the LevelBlue Setup menu and select Yes when prompted to regenerate the new LevelBlue API Key.

In a Distributed Deployment with More Than One USM Appliance Server or USM Appliance Sensor

This operation should be executed in all USM Appliance instances in order to fully reset the LevelBlue API Key.

This should be executed from bottom-up considering the deployment hierarchy, in other words, USM Appliance Sensors first, followed by USM Appliance Servers or USM Appliance All-in-Ones, followed by Federated Servers or USM Appliance Loggers.

The reasoning behind this is because choosing "Reset LevelBlue API Key" will rewrite the authorized_keys file completely. Thus, after resetting API key on a USM Appliance Sensor, it will no longer have the corresponding USM Appliance Server's key, therefore the USM Appliance Server will not be able to communicate with the USM Appliance Sensor through the LevelBlue API. But if you reset the LevelBlue API key on the USM Appliance Server next, the USM Appliance Server sends it's new key to the USM Appliance Sensor thus restoring the API connectivity.

Note: In distributed deployments, where you have more than one USM Appliance deployed, ensure that you know the password of the root user to the directly connected appliances as they are required to reset the LevelBlue API keys.