Sample Telemetry File
Below is a sample of the anonymous information collected from USM v5.x users who have opted in for telemetry collection. For more about information usage, you view our Privacy Policy.
{ "_id": ObjectId("xxxxxx"), "timestamp": 1444525210, "system_id": BinData(3, "xxxxxx=="), "data": [ { "load": "0.27, 0.44, 0.56", "hostname": "Alien01lon", "last_updated": "Fri Oct 09 16:05:00 2015 BST", "results": [ { "result": true, "checks": [ { "name": "00250001", "description": "Verifies that the default hardware has not been modified", "detail": "", "summary": "The shipped hardware has not been modified", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0025 Default hardware", "description": "Checks the standard hardware." }, { "result": true, "checks": [ { "name": "00370001", "description": "Checks if the default network configuration based on the /etc/resolv.conf is correct", "detail": "", "summary": "The /etc/resolv.conf content is correctly configured", "strike_zone": true, "result": true, "severity": "Critical" } ], "strike_zone": true, "name": "0037 Network routing", "description": "Parses the /etc/resolv.conf file for inconsistencies" }, { "result": false, "checks": [ { "name": "00180003", "description": "Verifies there aren't any RX/TX errors", "detail": "Network errors have been found in eth0: RX packets errors(0) and dropped(4), TX packets errors(0) and dropped(0)", "summary": "Network RX/TX errors found", "strike_zone": true, "result": false, "severity": "Warning" }, { "name": "00180002", "description": "Verifies that all configured interfaces are up and running", "detail": "", "summary": "All configured interfaces are up and running", "strike_zone": true, "result": true, "severity": "Warning" }, { "name": "00180001", "description": "Verifies that the loopback interface is present", "detail": "", "summary": "Loopback interface is present", "strike_zone": true, "result": true, "severity": "Critical" }, { "name": "00180005", "description": "Checks if the MTU value has been modified", "detail": "", "summary": "MTU value has not been modified", "strike_zone": true, "result": true, "severity": "Warning" }, { "name": "00180004", "description": "Verifies that there isn't a significant number of network collisions", "detail": "", "summary": "There are no network collisions", "strike_zone": true, "result": true, "severity": "Error" } ], "strike_zone": true, "name": "0018 Current network configuration", "description": "Monitors the network configuration searching for network problems." }, { "result": true, "checks": [ { "name": "00190001", "description": "Checks if AlienVault license has been violated", "detail": "", "summary": "USM is in compliance with its activation license", "strike_zone": true, "result": true, "severity": "Alert" } ], "strike_zone": true, "name": "0019 Licensed Devices", "description": "Compares the number of current devices registered against the number of licensed devices" }, { "result": true, "checks": [ { "name": "00410001", "description": "Verify that the files provided within AlienVault packages have not been modified", "detail": "", "summary": "The files within the AlienVault packages have not been modified", "strike_zone": true, "result": true, "severity": "Error" } ], "strike_zone": true, "name": "0041 Package checksum", "description": "Searches for modified files that originally belonged to a package." }, { "result": true, "checks": [ { "name": "00260001", "description": "Verifies that there aren't unknown repository entries in the repository directory", "detail": "", "summary": "There is no unknown repository in this deployment", "strike_zone": true, "result": true, "severity": "Error" }, { "name": "00260003", "description": "Verifies that all repositories in OS mirror configuration are correct", "detail": "", "summary": "The OS mirror configuration is correct", "strike_zone": true, "result": true, "severity": "Error" }, { "name": "00260004", "description": "Verifies that all repositories within AlienVault mirror configuration are correct", "detail": "", "summary": "All repositories within AlienVault mirror configuration are correct", "strike_zone": true, "result": true, "severity": "Error" } ], "strike_zone": true, "name": "0026 Default repositories", "description": "Searches for the default repositories" }, { "result": true, "checks": [ { "name": "00270001", "description": "Checks if the installed packages match with the AlienVault provided ones", "detail": "", "summary": "The installed packages are default", "strike_zone": true, "result": true, "severity": "Warning" }, { "name": "00270003", "description": "Checks if the version of certain critical packages matches with the expected version", "detail": "", "summary": "The AlienVault critical packages have a correct version", "strike_zone": true, "result": true, "severity": "Error" }, { "name": "00270002", "description": "Checks if AlienVault packages version matches with the expected version", "detail": "", "summary": "The AlienVault packages version is correct", "strike_zone": true, "result": true, "severity": "Error" }, { "name": "00270004", "description": "Verifies that all the packages have been successfully installed", "detail": "", "summary": "The installation package status is correct", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0027 Default server packages", "description": "Searches for the default packages in a Server profile." }, { "result": true, "checks": [ { "name": "00470001", "description": "Verify that the schema version matches the appliance version", "detail": "", "summary": "The database schema version is correct", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0047 Database schema version", "description": "Looks for compatibility problems between the DB schema deployed and the packages installed." }, { "result": true, "checks": [ { "name": "00340001", "description": "Checks if the internal database has been modified manually", "detail": "", "summary": "The internal AlienVault database has not been modified", "strike_zone": true, "result": true, "severity": "Error" }, { "name": "00340002", "description": "Checks if the AlienVault database schema has been manually modified", "detail": "", "summary": "The AlienVault schema has not been modified", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0034 MySQL history", "description": "Searches for anomalies in the root .mysql_history file." }, { "result": true, "checks": [ { "name": "00050001", "description": "Verifies the existance of the plugin files for all AlienVault Agent enabled plugins", "detail": "", "summary": "No missing configuration files for AlienVault Agent enabled plugins", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0005 Agent Plugins", "description": "Looks for the plugin files enabled, and then checks its existance" }, { "result": true, "checks": [ { "name": "00290001", "description": "Checks if the disk size is the standard one", "detail": "", "summary": "The disk size in this installation is standard", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0029 Disk size", "description": "Checks the disk size" }, { "result": true, "checks": [ { "name": "00310001", "description": "Checks if the hostname and/or domain are the ones configured for the AlienVault system", "detail": "", "summary": "The hostname and domain values in /etc/hosts are correct", "strike_zone": true, "result": true, "severity": "Critical" }, { "name": "00310002", "description": "Verifies that the localhost is present in the /etc/hosts file", "detail": "", "summary": "There is a localhost entry in the /etc/hosts file", "strike_zone": true, "result": true, "severity": "Critical" }, { "name": "00310003", "description": "Verify that data.alienvault.com has not been redirected to a different location", "detail": "", "summary": "The AlienVault Data server is correctly configured", "strike_zone": true, "result": true, "severity": "Error" } ], "strike_zone": true, "name": "0031 Hosts configuration file", "description": "Parses the /etc/hosts file for inconsistencies" }, { "result": true, "checks": [ { "name": "00080001", "description": "Verifies the integrity of the AlienVault Agent rsyslog files", "detail": "", "summary": "The default AlienVault Agent rsyslog files have not been modified", "strike_zone": true, "result": true, "severity": "Warning" }, { "name": "00080002", "description": "Verifies that default AlienVault Agent rsyslog files have been properly installed", "detail": "", "summary": "The default AlienVault Agent rsyslog files have been properly installed", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0008 Agent rsyslog configuration files integrity", "description": "Check the integrity of the default Agent rsyslog configuration files." }, { "result": true, "checks": [ { "name": "00540001", "description": "Verifies that the current system is supported and does not come from a free OSSIM version installation.", "detail": "", "summary": "The current deployment is supported", "strike_zone": true, "result": true, "severity": "Critical" } ], "strike_zone": true, "name": "0054 Unsupported Installations", "description": "Searches for unsupported installations" }, { "result": true, "checks": [ { "name": "00060002", "description": "Verifies that default AlienVault Agent plugins have been properly installed", "detail": "", "summary": "The default AlienVault Agent plugins have been properly installed", "strike_zone": true, "result": true, "severity": "Warning" }, { "name": "00060001", "description": "Verifies that default AlienVault Agent plugins have not been modified", "detail": "", "summary": "The default AlienVault Agent plugins haven't been modified", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": true, "name": "0006 Agent plugins integrity", "description": "Verifies the integrity of the default Agent plugins." }, { "result": true, "checks": [ { "name": "00090001", "description": "Verifies that an AlienVault platform dummy package is installed", "detail": "", "summary": "There is an AlienVault platform dummy package installed", "strike_zone": true, "result": true, "severity": "Critical" } ], "strike_zone": true, "name": "0009 Dummy packages", "description": "Check the dummy packages" }, { "result": false, "checks": [ { "name": "00350001", "description": "Verifies that the link speed is normal", "detail": "Link speed could not be checked as interface information reported an empty value", "summary": "Link speed is too low", "strike_zone": false, "result": false, "severity": "Warning" }, { "name": "00350002", "description": "Verifies the link mode settings", "detail": "", "summary": "The link mode settings are correct", "strike_zone": true, "result": true, "severity": "Warning" } ], "strike_zone": false, "name": "0035 Network link status", "description": "Uses mii-tool to check the network link status" }, { "result": true, "checks": [ ], "strike_zone": true, "name": "/etc/ossim/doctor/plugins/0033_kernel_configuration.plg", "description": "" }, { "result": false, "checks": [ { "name": "00450001", "description": "Verifies that there are nameservers belonging to local network defined in /etc/resolv.conf", "detail": "None of the nameservers defined in /etc/resolv.conf belong to a local network", "summary": "No nameserver is defined in the local network", "strike_zone": true, "result": false, "severity": "Warning" }, { "name": "00450002", "description": "Verifies that AlienVault defined nameserver is present in /etc/resolv.conf", "detail": "", "summary": "The AlienVault nameservers are correctly configured", "strike_zone": true, "result": true, "severity": "Critical" } ], "strike_zone": true, "name": "0045 Domain nameservers configuration file", "description": "Parses the /etc/resolv.conf file to search for inconsistencies" }, { "result": true, "checks": [ { "name": "00130001", "description": "Checks if any Database configuration file has been modified or deleted", "detail": "", "summary": "AlienVault DB configuration files haven't been modified", "strike_zone": true, "result": true, "severity": "Info" }, { "name": "00130002", "description": "Verifies that no AlienVault Agent configuration file has been modified or deleted", "detail": "", "summary": "AlienVault Agent configuration files haven't been modified", "strike_zone": true, "result": true, "severity": "Info" }, { "name": "00130003", "description": "Verifies that the AlienVault firewall rules have not been changed", "detail": "", "summary": "The AlienVault firewall rules have not been modified", "strike_zone": true, "result": true, "severity": "Info" }, { "name": "00130004", "description": "Verifies that AlienVault installed packages have not been modified", "detail": "", "summary": "The AlienVault installed packages have not been modified", "strike_zone": true, "result": true, "severity": "Info" }, { "name": "00130005", "description": "Verify that configuration files have not been modified", "detail": "", "summary": "The AlienVault configuration files haven't been modified", "strike_zone": true, "result": true, "severity": "Info" }, { "name": "00130006", "description": "Verifies that there are no modified files in protected directories", "detail": "", "summary": "The AlienVault protected directories haven't been modified", "strike_zone": true, "result": true, "severity": "Info" }, { "name": "00130007", "description": "Verify that ossim_setup.conf has not been modified", "detail": "", "summary": "AlienVault's ossim-setup.conf file has not been modified", "strike_zone": true, "result": true, "severity": "Info" } ], "strike_zone": true, "name": "0013 Bash history", "description": "Searches for anomalies in the root .bash_history file." } ], "running_network_interfaces": "lo, eth0", "server_eps_weekly_median": "0", "installed_memory": "28.0GB", "uptime": "1 day(s), 09:32", "configured_network_interfaces": "eth1, eth0, lo", "monitored_assets": "59", "software_profile": "Server, Database, Framework, Sensor", "alienvault_version": "5.2.0-PRO", "admin_ip_address": "192.168.38.250", "architecture": "x86_64", "appliance_type": "physical", "connected_servers": "0", "registered_users": "1", "sensors": "1", "operating_system": "Linux", "license": "AV1501-xxxxxxxx", "number_of_cores": "16", "kernel_version": "3.16.0-4-amd64", "hardware_profile": "alienvault-hw-aio-6x1gb", "sensor_monitors": "nmap-monitor, ossim-monitor", "strike_zone": false, "cpu_type": "Intel(R) Xeon(R) CPU E5620 @ 2.40GHz Family 6 Model 44 Stepping 2", "sensor_detectors": "pam_unix, sudo, suricata, ossec-single-line, ssh" } ] }