AlienVault

This document applies to Classic/Legacy Integrations. You may continue to use these integration configurations. While no active development is happening for these integrations, we continue to provide Classic/Legacy Integrations in the product. You do not have to move to MSI Integrations. If your support engineer or TSC recommends or you choose to move to MSI Integrations, you can take advantage of the latest features and functionality. For more information, see the MSI Integration documentation in the Integrations Overview.

This integration is not remote capable.

Update AlienVault

To update AlienVault

Insert the Validation Platform Director public key in the file home/avapi/.ssh/authorized_keys.

This allows the Director to run queries using the avapi user.

This generally requires the AlienVault root password.

Update the Validation Platform

Prerequisites

Information to gather before you start:

  • IP address used to access AlienVault.
  • Port for AlienVault-related SSH communications (default is 22).

Configuration

To add the AlienVault integration

  1. Go to Settings > Integrations.

  2. Click Add Integration > AlienVault.
  3. Enter the Host.
  4. If necessary, update the Port.

  5. Expand Advanced options.

  6. If necessary, adjust any additional fields (such as Query and Correlation query) that were pre-populated for you.

  7. Click Submit.

AlienVault Integration

Verify connectivity

To verify connectivity to AlienVault

Click Test to verify that the Director can:

  • Communicate with AlienVault IP address on the port specified.
  • SSH to the AlienVault host using the avapi user without providing a password (using RSA/DSA keys).
© Copyright Mandiant. All rights reserved
  • First Published: June 3, 2022
  • Last updated: October 23, 2023
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.