AlienVault ELK Integration

In the last couple of blog posts[1][2] we've been exploring how to use the ELK stack as a forensic logging platform. We also had a couple of posts on deploying some AlienVault features [3][4]. In this post we explore a quick and easy way to integrate between the two systems. Apart from the flexible querying … Continue reading AlienVault ELK Integration

AlienVault: Adding a logger to a distributed deployment

There has been some confusion about how exactly to add a dedicated logger appliance to an AlienVault distributed deployment, that is, a setup where server roles (SIEM server, database, loggers, sensors, etc) are hosted on separate servers. It's not very well documented so here goes (with many thanks to AlienVault Support for providing the information): The configuration … Continue reading AlienVault: Adding a logger to a distributed deployment