Professional Documents
Culture Documents
CONTENTS
1. INTRODUCTION .................................................................................................... 4
1. INTRODUCTION
This document explains how to add a connection to external AlienVault databases and how
to view the events related to those databases.
This procedure only works with AlienVault databases, which must use the
same version as that is used by the framework.
A successful connection to an external AlienVault database has to follow the below points
and in this specific order:
To configure the AV firewall to allow an external connection to the database (the firewall
is blocking this by default)
In case of not following these pre-requisites, AlienVault USM will display the below
warning screen:
1. Connect by ssh, using the admin IP address, to the AlienVault appliance where the
external DB is located. The AlienVault Setup main menu appears.
2. On the computer keyboard, press the arrow keys to move to the option Jailbreak
System. Then, press Enter to accept the selection (<OK>).
ossim_reconfig
2. On the computer keyboard, press the arrow keys to move to the option Jailbreak
System. Then, press Enter to accept the selection (<OK>).
ossim-db
Where:
<user> refers to the user that will be entered in the web form when an external
database is added.
<framework_ip> refers to the platform IP where the external database is going to be
added.
<user_pass> refers to the associated/entered password in the web form when an
external database is added.
quit;
ossim_reconfig
2. Choose Analysis > Security event (SIEM) > External Databases and click on NEW.
4. If the window below appears, follow the instructions given in Section 2 PRE-
REQUISITE: ALLOW AN EXTERNAL CONNECTION TO THE ALIENVAULT
DATABASE.