This document summarizes the new features and enhancements in AlienVault 2.3, including a multi-tenant user architecture, enriched security taxonomy, improved reporting capabilities, vulnerability assessment upgrades, and network discovery enhancements. The professional version of AlienVault 2.3 adds multi-tenant support, entity-based user permissions, and remote network discovery execution. Compliance reports for standards like SOX, PCI DSS, and HIPAA are also now available.
AlienVault 2.3 overview of new features for SIEM, reporting, user management and more
1. What’s New in AlienVault 2.3 New Features and Enhancements June 2010 Juan Manuel Lorenzo (jmlorenzo@alienvault.com)
2. AlienVault 2.3Overview “The AlienVault Professional SIEM product combines the breadth and flexibility of Open Source software with the features and functionality present in any of AlienVault's competition.“ - Andrew Hay, Sr. Analyst, The 451 Group
3. Synopsis Two Releases: AlienVault’s Professional SIEM version 2.3 Open Source SIEM (OSSIM) version 2.3 Some Features Available Only With AlienVault Professional SIEM Major Upgrades Reporting User Management Common Taxonomy Multi-Tenant (i.e. MSSP Deployments) 3
4. New Feature Overview New Features and Enhancements Multi-Tenant User Architecture Enhanced User Management Enriched Security Taxonomy SIEM Console Reports Dashboards Vulnerabilities Distributed Network Discovery Installer Usability Improvements 4
5. AlienVault 2.3 Details "Just a few hours later our SIEM Practice Manager grabbed me by the arm with a big smile: “You gotta see this!" Remarkably, our network had been auto-discovered, a Vulnerability Assessment had been run, net-flows were being captured, we had real-time visibility to network traffic, a snort ids sensor with an appropriate signature set had been deployed, and basic network monitoring functionality was in place." - John Verry , Pivot Point Security
6. Entities Definition: Groups, Departments, Companies... Assign User Permissions to Entities Simplifies AlienVault Management Admin Users for Each Entity Multi-Tenant Architecture 6
8. Abstraction: Use your Entities and Forget About Networks and Hosts Multi-Tenant Architecture Only available when using AlienVault Professional SIEM 8
9. User Templates Simplifies user management Inherit permissions from an Entity User Management Only available when using AlienVault Professional SIEM 9
10. Enriched Security Taxonomy Categorizes All Events Only available when using AlienVault Professional SIEM 10
11. New Filters in SIEM Console Taxonomy-Based Reports Enriched Security Taxonomy 11
12. SIEM Console Custom Event Viewer Functionality Merged into SIEM Console Select the events you want to see Select the columns you want to display Save your custom view 12
13. Dashboards Enhanced Predefined Dashboard Capability Ability to revert to original default dashboards while maintaining custom ones Select the Default Panel 13
17. Vulnerability Assessment OpenVas 3 and Nessus 4.0.2 Support Import/Export Reports in NBE Format New Reporting Options Reports available to other users Reports available to entities (Only in professional version) 15
19. Report Wizard Select the the time range, layout and users that will have access to the report Reporting System Only available when using AlienVault Professional SIEM 17
20. Report Wizard Select the the time range, layout and users that will have access to the report Reporting System Only available when using AlienVault Professional SIEM 18
21. Report Wizard Configure the sub-reports and add comments Reporting System Only available when using AlienVault Professional SIEM 19
22. 1800+ Reporting Modules New Compliance Reports Taxonomy-Based Reports Automatically include events from different applications and devices Reporting System Only available when using AlienVault Professional SIEM 20
23. Compliance Reports SOX ISO 27001 PCI DSS HIPAA FISMA Reporting System Only available when using AlienVault Professional SIEM 21
24. Network Discovery Manage Remote Nmap Scans to do Network Discovery Network Discovery Can Now be Executed from the AlienVault Sensor 22
25. Web Interface Using https VPN Auto-Configured (Only in Professional Version) Secure communications between the different AlienVault components Installer 23