Professional Documents
Culture Documents
In this exercise you will manage assets that were discovered by AlienVault USM.
You will first search for an asset, then you will examine details about the asset, and
finally you will edit the asset by changing the asset name, description, value, and
device type. You will also add a property to the asset’s inventory.
Lab Exercise Procedure
Complete these steps:
Step 1 Return to the USM web UI. Log in using admin as a username and
password as a password.
Step 2 Navigate to ENVIRONMENT > ASSETS & GROUPS > ASSETS.
Examine the asset list.
You should see three assets from the 172.20.71.0/26 network. Use the
IP Addressing section of this document and identify the device type by
completing the following table:
USM Hostname IP Address Device Type
Host-172-20-71-9 172.20.71.9
Host-172-20-71-10 172.20.71.10
Host-172-20-71-12 172.20.71.12
Step 3 Explore how the search functionality works. Search for the
Windows Server asset by entering the IP address of the asset
into the Search input field in the left upper side:
Step 9 Edit the asset by selecting EDIT under the ACTIONS menu. Edit
the name, asset value, description, and device type of the asset as
shown in the figure and the table below. In the Device Types field,
you will need to remove the General Purpose line as well as add
the newer device types.
Name Server2012
Asset value 2
Description This is a Windows Server 2012 in the lab environment
Device Types Server:HTTP Server
Server:file Server
Step 10 Click the PROPERTIES tab. Click on Add New Properties, select
the property, and add the following properties to the asset:
Step 12 Return to the list of assets. Examine the details about the asset
at
Host-<IP USM>. This is the USM All-in-One server.
Step 13 Edit the asset by selecting EDIT under the ACTIONS menu. Edit
the name, asset value and device types of the asset as shown in
the figure. SAVE the changes.
Step 14 Return to the list of assets. Check the USM and Server 2012 assets
checkboxes and click the label icon.
Step 15 Click the Manage Labels link and create a label as displayed in the
figure. Provide the name, select a color, and SAVE the label.
Step 3 Scan Server 2012 asset using the following scan attributes:
Local sensor
Normal scan type
Aggressive timing template
Autodetect services and operating
system No reverse DNS resolution
Click START SCAN to begin the scanning process.
After clicking START SCAN, a window will pop up with a scan
progress bar.
Step 4 Scroll down to examine the scanning results at the bottom of the
screen.
Observe that the scanning job detected the MAC address, operating system,
and services on the machine. Save the scanning results into the database
by clicking UPDATE MANAGED ASSETS. Do not fill any other global
properties for the asset when asked, and click SAVE.
Ignore the message about overwriting the existing values and click OK.
You will get a notification that the asset information has been updated
successfully.
Step 5 Navigate to ENVIRONMENT > ASSETS & GROUPS > ASSETS.
Examine details about the Server 2012 asset. Examine the services
running on the server. You should see that additional services have
been discovered by the scan and entered into the asset database.
Do not scan the asset again. Close the ASSET SCAN window.
Step 7 Navigate to ENVIRONMENT > ASSETS & GROUPS >
SCHEDULE SCAN. You should see one scheduled scanning job
of the 172.20.71.0/26 network as the result of the Getting Started
Wizard.
Step 8 Edit the scanning job by selecting the job row and clicking EDIT.
Examine the settings of the scheduled scanning jobs.
Step 9 Change the scan type to Normal, change the timing template to
Normal, enable Autodetect services and Operating System,
uncheck enable reverse DNS resolution, and SAVE changes.
In this lab we have performed an overview of AlienVault assets, such as hosts and
networks, and shown how to perform asset discovery.
Exercise 3: Create an Asset Group
In this exercise, you will first search for and filter specific assets. Then you will
create two asset groups. The first will combine assets from the 172.20.71.0/26
network , while the second will group assets that were labeled as critical assets.
Lab Exercise Procedure
Complete these steps:
Step 1 Return to the USM web UI. Log in using admin as a username and
password as a password.
Step 2 Navigate to ENVIRONMENT > ASSETS & GROUPS > ASSETS.
Create a search filter that will be used to create a group. Click
MORE FILTERS. Examine available filters.
Create a filter that will include devices from 172.20.71.0/26 network and
HEADQUARTERS location. Click APPLY after selecting the filters.
Step 3 You will see devices as a result of the search filter. Select all
assets and create an asset group by clicking ACTIONS >
CREATE/ADD TO GROUP option. Use Headquarters Assets as
the name of the group. Click the plus (+) sign to create the group
and to add assets to the group.
Step 4 After creating the group, examine the details about the group.
Observe the options that are available in the asset group and
compare them to options when examining details about individual
assets.
Step 10 Observe that you can also add assets by clicking the ADD ASSETS
option in the Group Details pane. However, you cannot use the
filtering capability when adding assets from this window. Close the
ADD ASSETS TO GROUP window.
Exercise 4: Search for, Examine, and Edit Networks
In this exercise you will manage networks that are configured in AlienVault USM. You
will examine details about the network, and you will edit the network by changing the
network name and description.
Lab Exercise Procedure
Complete these steps:
Step 1 Return to the USM web UI. Log in using admin as a username and
password as a password.
Step 2 Navigate to ENVIRONMENT > ASSETS & GROUPS >
NETWORKS. You should see two networks that were detected
during the Getting Started Wizard. Examine details about the
172.20.71.0/26 network.
You will see that the options are similar to those available when examining
a single asset.
Step 3 Return to Networks and edit the network by selecting the edit icon
next to the 172.20.71.0/26 entry. Edit the name and description of
the network as shown in the figure. Click SAVE when done.
In this lab, you have learned how to manage assets, asset groups, and networks.
Exercise 5: Instalando Agentes OSSEC
NOTA: El instalador también se puede descargar del mismo Alienvault y facilitarlo para
su instalación en el servidor.
Introducimos entonces en el agente la IP del Alienvault con el key obtenido del equipo.
Este key es único por dispositivo.
Download ossec-hids-2.9.1.tar.gz
of https://ossec.github.io/downloads.html
wget https://github.com/ossec/ossec-hids/archive/2.9.1.tar.gz
# cd ossec-hids-*
# ./install.sh
NOTA: El refresco se ve más rápido vía CLI, vía GUI demora unos
minutos más el cambiar de estado.