Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
What's New in AlienVault v3.0?
1. What´s new in AlienVault 3.0? Copyright AlienVault. 2011. Confidential
2. AlienVault Unified SIEM 3.0 AlienVault Professional SIEM changes its name to AlienVault Unified SIEM. AlienVault Unified SIEM 3.0 represents a sea change in information security management, increasing operational effectiveness and unifying global interface from HIDS to SIEM. AlienVault Unified SIEM 3.0 offers unique Unified Management, Reporting, Vulnerability Scanner, Situational Awareness…
9. SIEM and Logger Advancements General improved performance. A SIEM or a logger can send to multiple SIEM and loggers.
10. Logger New architecture: Index process improved Search among billions of events in 0,2 seconds. Support for remote loggers: unified interface, queries for multiple loggers.
14. New HIDS & NIDS interface Integrated OSSEC HIDS Management web interface. Manage the built-in wireless agents from web console: installation, configuration, real time monitoring …
15. New HIDS & NIDS interface Remote monitoring through ssh (Linux, Solaris and other network devices) Facilitates password interchange. HIDS rules configuration through web interface: IMAGEN
18. User management True Multitenancy in a single instance High abstraction in Asset categorization and user grouping
19. User management New user management options for PCI compliance requirements: ability to suspend users, impose complex passwords, expiring passwords…
20. User session Real time information about active users. Further information about sessions, ability to remove undesired users, etc.
22. Inventory Ability to include icons/logos in order to identify assets (networks, hosts…) in web interface:
23. Network Discovery Passive inventory from information taken with ntop. Auto inventory through Active Directory/nedi…
24. Traffic Capture New traffic capture feature with filtering options. Results in pcap files for their analysis and solve possible network problems (wireshark). 10 Gbps Sensor. Upgraded libpcap in order to increase amount of data to process.
29. Time zones management Upgraded support for collecting events from multiple time zones: every log is storage with original date and utc. Each user keeps their time zone in order to facilitate analysis. IMAGEN
31. System status Real time information about system status: hardware, software, processes, etc.
32. Sensor Upgrades New plugins. Ability to use aliases.local Unicode support. Plugins with ssh remote support. Ability to use: ssh.cfg.local to customize plugins and maintain the changes after updates. Keywords to match a rule in order to avoid processing with the regexp. Multiple output servers configuration. Improved plugins. Stored events in memory/harddisk when connectivity problems with SIEM/Logger arise.
34. Feed Improvement Empowered Feed subscription, including Emerging Threats private feeds. ET Pro feeds include, e.g., SCADA systems coverage and real up-to -date malware protection.