We’re proud to announce the immediate availability of the first phase of our threat exchange platform. You can check the marketing text on the AlienVault main site.

We’ll be releasing more detail on the inner workings as we go on, or if you can’t wait, just upgrade your OSSIM installation and have a look at the inner workings.

Basically the system, at this point, gathers information about IP addresses external to your network or setup and relates them to events in the database, (count). This information, after making sure none of the defined networks or hosts are going to be leaked, is submitted through a secure communication channel on an hourly basis to the AlienVault servers.
From that moment on the information is completely anonymous since no relation is stored on who submitted what.
Sanity checks are performed on the data and it gets added to the OS IP Reputation feed.

This is just one example as how this platform can be used. The information is and will remain free for all users that opt-in to share data to enrich the platform; that is my personal commitment to you. Customers who have paid for the SIEM feed will get this data too without having to opt-in to sharing.

Please find more information on how to activate this and details on the Activate AV-OTX page.

Kudos to the entire lab team that has worked on it and also our devel guys who got this out on time :-)

Enjoy!

We’re proud to present the new Alienvault Labs.

This portal should unify research and development efforts made around the Alienvault SIEM and other security areas.

For the launch we’ve reposted Jaime Blasco’s and DK’s complete blogs, along with some presentations and open source code. There’s more code to come and we’ve got some special plans for the upcoming OSSEC week.

Stay tuned for more news, new Labs people to be joining us very soon and new code being ready to be uploaded.

Enjoy!

Hey all,

we’d like to introduce you to our new little Alien mascot. You’ve seen him for about a month here on the Labs page but he’ll be much more predominant around Alienvault in the near future. No worries, he’ll never become annoying like “Clippy” (“I see you are trying to do a security analysis. Would you like for me to start a vuln scan for you too?” :P).

Anyway, as part of the launch and our upcoming 3.1 release (due on Monday, 2011-11-14), we want to hand out exclusively designed t-shirts of Bubba to people who’ve been active in the community for long (you know who you are), friends of the cause and of course customers (with an active SIEM/Logger suscription).
So, if you are in one of these categories please go ahead and fill in your data here:

T-shirt information form

We’ll let you know when the things ship, unfortunately they’ll arrive next week or the week after, we’d have loved to get them out as sort of a “surprise”.

So, without further delay, please meet Bubba :-)

(btw, the Xyzzy part comes from here: http://en.wikipedia.org/wiki/Xyzzy. Cheers Conrad ;-) )

Big news on the release front. Some features didn’t make it into 3.0 due to QA but now this has been solved and we wanted to roll out a minor release (which is not so minor if you look at the Changelog…) with this data, before heading towards 4.0 (IPv6 support, huge improvements on the multitenancy/multicustomer side and big performance related database structure changes).

So, without further delay, click below if you want to have a look at the 3.1 changelog. We’ll be updating the list (thanks Juanma, Pablo :-) ) as we get more things validated and tested and expect to release late next week. And futhermore, we’ve got a huge surprise hatching on the 11-11-11, I’ll keep you posted.

3.1 (preliminary) Changelog below:

(more…)

We just uploaded a snippet written earlier this year, it requires regexp.py and can automatically identify the log type a certain IP is sending via syslog.