Sample Telemetry File
Below is a sample of the anonymous information collected from USM v5.x users who have opted in for telemetry collection. For more about information usage, you view our Privacy Policy.
{
"_id": ObjectId("xxxxxx"),
"timestamp": 1444525210,
"system_id": BinData(3, "xxxxxx=="),
"data": [
{
"load": "0.27, 0.44, 0.56",
"hostname": "Alien01lon",
"last_updated": "Fri Oct 09 16:05:00 2015 BST",
"results": [
{
"result": true,
"checks": [
{
"name": "00250001",
"description": "Verifies that the default hardware has not been modified",
"detail": "",
"summary": "The shipped hardware has not been modified",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0025 Default hardware",
"description": "Checks the standard hardware."
},
{
"result": true,
"checks": [
{
"name": "00370001",
"description": "Checks if the default network configuration based on the /etc/resolv.conf is correct",
"detail": "",
"summary": "The /etc/resolv.conf content is correctly configured",
"strike_zone": true,
"result": true,
"severity": "Critical"
}
],
"strike_zone": true,
"name": "0037 Network routing",
"description": "Parses the /etc/resolv.conf file for inconsistencies"
},
{
"result": false,
"checks": [
{
"name": "00180003",
"description": "Verifies there aren't any RX/TX errors",
"detail": "Network errors have been found in eth0: RX packets errors(0) and dropped(4), TX packets errors(0) and dropped(0)",
"summary": "Network RX/TX errors found",
"strike_zone": true,
"result": false,
"severity": "Warning"
},
{
"name": "00180002",
"description": "Verifies that all configured interfaces are up and running",
"detail": "",
"summary": "All configured interfaces are up and running",
"strike_zone": true,
"result": true,
"severity": "Warning"
},
{
"name": "00180001",
"description": "Verifies that the loopback interface is present",
"detail": "",
"summary": "Loopback interface is present",
"strike_zone": true,
"result": true,
"severity": "Critical"
},
{
"name": "00180005",
"description": "Checks if the MTU value has been modified",
"detail": "",
"summary": "MTU value has not been modified",
"strike_zone": true,
"result": true,
"severity": "Warning"
},
{
"name": "00180004",
"description": "Verifies that there isn't a significant number of network collisions",
"detail": "",
"summary": "There are no network collisions",
"strike_zone": true,
"result": true,
"severity": "Error"
}
],
"strike_zone": true,
"name": "0018 Current network configuration",
"description": "Monitors the network configuration searching for network problems."
},
{
"result": true,
"checks": [
{
"name": "00190001",
"description": "Checks if AlienVault license has been violated",
"detail": "",
"summary": "USM is in compliance with its activation license",
"strike_zone": true,
"result": true,
"severity": "Alert"
}
],
"strike_zone": true,
"name": "0019 Licensed Devices",
"description": "Compares the number of current devices registered against the number of licensed devices"
},
{
"result": true,
"checks": [
{
"name": "00410001",
"description": "Verify that the files provided within AlienVault packages have not been modified",
"detail": "",
"summary": "The files within the AlienVault packages have not been modified",
"strike_zone": true,
"result": true,
"severity": "Error"
}
],
"strike_zone": true,
"name": "0041 Package checksum",
"description": "Searches for modified files that originally belonged to a package."
},
{
"result": true,
"checks": [
{
"name": "00260001",
"description": "Verifies that there aren't unknown repository entries in the repository directory",
"detail": "",
"summary": "There is no unknown repository in this deployment",
"strike_zone": true,
"result": true,
"severity": "Error"
},
{
"name": "00260003",
"description": "Verifies that all repositories in OS mirror configuration are correct",
"detail": "",
"summary": "The OS mirror configuration is correct",
"strike_zone": true,
"result": true,
"severity": "Error"
},
{
"name": "00260004",
"description": "Verifies that all repositories within AlienVault mirror configuration are correct",
"detail": "",
"summary": "All repositories within AlienVault mirror configuration are correct",
"strike_zone": true,
"result": true,
"severity": "Error"
}
],
"strike_zone": true,
"name": "0026 Default repositories",
"description": "Searches for the default repositories"
},
{
"result": true,
"checks": [
{
"name": "00270001",
"description": "Checks if the installed packages match with the AlienVault provided ones",
"detail": "",
"summary": "The installed packages are default",
"strike_zone": true,
"result": true,
"severity": "Warning"
},
{
"name": "00270003",
"description": "Checks if the version of certain critical packages matches with the expected version",
"detail": "",
"summary": "The AlienVault critical packages have a correct version",
"strike_zone": true,
"result": true,
"severity": "Error"
},
{
"name": "00270002",
"description": "Checks if AlienVault packages version matches with the expected version",
"detail": "",
"summary": "The AlienVault packages version is correct",
"strike_zone": true,
"result": true,
"severity": "Error"
},
{
"name": "00270004",
"description": "Verifies that all the packages have been successfully installed",
"detail": "",
"summary": "The installation package status is correct",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0027 Default server packages",
"description": "Searches for the default packages in a Server profile."
},
{
"result": true,
"checks": [
{
"name": "00470001",
"description": "Verify that the schema version matches the appliance version",
"detail": "",
"summary": "The database schema version is correct",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0047 Database schema version",
"description": "Looks for compatibility problems between the DB schema deployed and the packages installed."
},
{
"result": true,
"checks": [
{
"name": "00340001",
"description": "Checks if the internal database has been modified manually",
"detail": "",
"summary": "The internal AlienVault database has not been modified",
"strike_zone": true,
"result": true,
"severity": "Error"
},
{
"name": "00340002",
"description": "Checks if the AlienVault database schema has been manually modified",
"detail": "",
"summary": "The AlienVault schema has not been modified",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0034 MySQL history",
"description": "Searches for anomalies in the root .mysql_history file."
},
{
"result": true,
"checks": [
{
"name": "00050001",
"description": "Verifies the existance of the plugin files for all AlienVault Agent enabled plugins",
"detail": "",
"summary": "No missing configuration files for AlienVault Agent enabled plugins",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0005 Agent Plugins",
"description": "Looks for the plugin files enabled, and then checks its existance"
},
{
"result": true,
"checks": [
{
"name": "00290001",
"description": "Checks if the disk size is the standard one",
"detail": "",
"summary": "The disk size in this installation is standard",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0029 Disk size",
"description": "Checks the disk size"
},
{
"result": true,
"checks": [
{
"name": "00310001",
"description": "Checks if the hostname and/or domain are the ones configured for the AlienVault system",
"detail": "",
"summary": "The hostname and domain values in /etc/hosts are correct",
"strike_zone": true,
"result": true,
"severity": "Critical"
},
{
"name": "00310002",
"description": "Verifies that the localhost is present in the /etc/hosts file",
"detail": "",
"summary": "There is a localhost entry in the /etc/hosts file",
"strike_zone": true,
"result": true,
"severity": "Critical"
},
{
"name": "00310003",
"description": "Verify that data.alienvault.com has not been redirected to a different location",
"detail": "",
"summary": "The AlienVault Data server is correctly configured",
"strike_zone": true,
"result": true,
"severity": "Error"
}
],
"strike_zone": true,
"name": "0031 Hosts configuration file",
"description": "Parses the /etc/hosts file for inconsistencies"
},
{
"result": true,
"checks": [
{
"name": "00080001",
"description": "Verifies the integrity of the AlienVault Agent rsyslog files",
"detail": "",
"summary": "The default AlienVault Agent rsyslog files have not been modified",
"strike_zone": true,
"result": true,
"severity": "Warning"
},
{
"name": "00080002",
"description": "Verifies that default AlienVault Agent rsyslog files have been properly installed",
"detail": "",
"summary": "The default AlienVault Agent rsyslog files have been properly installed",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0008 Agent rsyslog configuration files integrity",
"description": "Check the integrity of the default Agent rsyslog configuration files."
},
{
"result": true,
"checks": [
{
"name": "00540001",
"description": "Verifies that the current system is supported and does not come from a free OSSIM version installation.",
"detail": "",
"summary": "The current deployment is supported",
"strike_zone": true,
"result": true,
"severity": "Critical"
}
],
"strike_zone": true,
"name": "0054 Unsupported Installations",
"description": "Searches for unsupported installations"
},
{
"result": true,
"checks": [
{
"name": "00060002",
"description": "Verifies that default AlienVault Agent plugins have been properly installed",
"detail": "",
"summary": "The default AlienVault Agent plugins have been properly installed",
"strike_zone": true,
"result": true,
"severity": "Warning"
},
{
"name": "00060001",
"description": "Verifies that default AlienVault Agent plugins have not been modified",
"detail": "",
"summary": "The default AlienVault Agent plugins haven't been modified",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": true,
"name": "0006 Agent plugins integrity",
"description": "Verifies the integrity of the default Agent plugins."
},
{
"result": true,
"checks": [
{
"name": "00090001",
"description": "Verifies that an AlienVault platform dummy package is installed",
"detail": "",
"summary": "There is an AlienVault platform dummy package installed",
"strike_zone": true,
"result": true,
"severity": "Critical"
}
],
"strike_zone": true,
"name": "0009 Dummy packages",
"description": "Check the dummy packages"
},
{
"result": false,
"checks": [
{
"name": "00350001",
"description": "Verifies that the link speed is normal",
"detail": "Link speed could not be checked as interface information reported an empty value",
"summary": "Link speed is too low",
"strike_zone": false,
"result": false,
"severity": "Warning"
},
{
"name": "00350002",
"description": "Verifies the link mode settings",
"detail": "",
"summary": "The link mode settings are correct",
"strike_zone": true,
"result": true,
"severity": "Warning"
}
],
"strike_zone": false,
"name": "0035 Network link status",
"description": "Uses mii-tool to check the network link status"
},
{
"result": true,
"checks": [
],
"strike_zone": true,
"name": "/etc/ossim/doctor/plugins/0033_kernel_configuration.plg",
"description": ""
},
{
"result": false,
"checks": [
{
"name": "00450001",
"description": "Verifies that there are nameservers belonging to local network defined in /etc/resolv.conf",
"detail": "None of the nameservers defined in /etc/resolv.conf belong to a local network",
"summary": "No nameserver is defined in the local network",
"strike_zone": true,
"result": false,
"severity": "Warning"
},
{
"name": "00450002",
"description": "Verifies that AlienVault defined nameserver is present in /etc/resolv.conf",
"detail": "",
"summary": "The AlienVault nameservers are correctly configured",
"strike_zone": true,
"result": true,
"severity": "Critical"
}
],
"strike_zone": true,
"name": "0045 Domain nameservers configuration file",
"description": "Parses the /etc/resolv.conf file to search for inconsistencies"
},
{
"result": true,
"checks": [
{
"name": "00130001",
"description": "Checks if any Database configuration file has been modified or deleted",
"detail": "",
"summary": "AlienVault DB configuration files haven't been modified",
"strike_zone": true,
"result": true,
"severity": "Info"
},
{
"name": "00130002",
"description": "Verifies that no AlienVault Agent configuration file has been modified or deleted",
"detail": "",
"summary": "AlienVault Agent configuration files haven't been modified",
"strike_zone": true,
"result": true,
"severity": "Info"
},
{
"name": "00130003",
"description": "Verifies that the AlienVault firewall rules have not been changed",
"detail": "",
"summary": "The AlienVault firewall rules have not been modified",
"strike_zone": true,
"result": true,
"severity": "Info"
},
{
"name": "00130004",
"description": "Verifies that AlienVault installed packages have not been modified",
"detail": "",
"summary": "The AlienVault installed packages have not been modified",
"strike_zone": true,
"result": true,
"severity": "Info"
},
{
"name": "00130005",
"description": "Verify that configuration files have not been modified",
"detail": "",
"summary": "The AlienVault configuration files haven't been modified",
"strike_zone": true,
"result": true,
"severity": "Info"
},
{
"name": "00130006",
"description": "Verifies that there are no modified files in protected directories",
"detail": "",
"summary": "The AlienVault protected directories haven't been modified",
"strike_zone": true,
"result": true,
"severity": "Info"
},
{
"name": "00130007",
"description": "Verify that ossim_setup.conf has not been modified",
"detail": "",
"summary": "AlienVault's ossim-setup.conf file has not been modified",
"strike_zone": true,
"result": true,
"severity": "Info"
}
],
"strike_zone": true,
"name": "0013 Bash history",
"description": "Searches for anomalies in the root .bash_history file."
}
],
"running_network_interfaces": "lo, eth0",
"server_eps_weekly_median": "0",
"installed_memory": "28.0GB",
"uptime": "1 day(s), 09:32",
"configured_network_interfaces": "eth1, eth0, lo",
"monitored_assets": "59",
"software_profile": "Server, Database, Framework, Sensor",
"alienvault_version": "5.2.0-PRO",
"admin_ip_address": "192.168.38.250",
"architecture": "x86_64",
"appliance_type": "physical",
"connected_servers": "0",
"registered_users": "1",
"sensors": "1",
"operating_system": "Linux",
"license": "AV1501-xxxxxxxx",
"number_of_cores": "16",
"kernel_version": "3.16.0-4-amd64",
"hardware_profile": "alienvault-hw-aio-6x1gb",
"sensor_monitors": "nmap-monitor, ossim-monitor",
"strike_zone": false,
"cpu_type": "Intel(R) Xeon(R) CPU E5620 @ 2.40GHz Family 6 Model 44 Stepping 2",
"sensor_detectors": "pam_unix, sudo, suricata, ossec-single-line, ssh"
}
]
}