Here’s How AlienVault Works In Simple Terms

AlienVault itself as a company focuses on creating commercial and open source technologies and solutions to manage cyberattacks. The platform that is paid is USM which combines multiple aspects of security management to include threat detection, compliance and incident response. AlienVault also runs the OSSIM project which is the Open Source Security Information Management.

The solution is three different components, the sensor receives data from network traffic, logs and whatever else it can pull across the network and system. The sensor turns that information into events. The Sensor then sends this information to the Server, so now the server has the events. Each event is then compared to the written policies to see if the event matches up to a policy. Clearly Policies are the most important components here. The policies are what can start actions, trigger events etc. You can set-up a policy that triggers an e-mail, runs a command or even automatically opens a ticket. Those decisions, then lead to deciding on whether or not to do a Risk Assessment, Correlation or simply store the event for records. Policies also help decrease the amount of time spent on false positive incidents.

Understanding policies within the system, will go a long way toward using it at its best for the purpose of managing security and cyberattacks. Another thing to note is that it collects a lot of information, therefore it is key to set-up policies that are clear as to what priority or level different incidents are and what action should be triggered.

The feature image has been taking from Alien Vault's website, and to refer to more detailed information and learn more go to www.alienvault.com