Category: AlienVault (Page 7 of 7)

AlienVault Setup 1: VMWare Esxi 5.1

AV1

We decided to get an old server we had lying around the office and turn it into our AV (AlienVault) machine using a trial license (30-day full spec).

We faced several issues, which I will put it down in this article and a few others to guide others in installing AV product in their network.

1) Installing VMWare Vsphere 6.0

AlienVault is actually quite easy to install. Getting VMWare ESXi or VSphere running in an old machine was a different story. So before we even get AV up and running, we had to coax our machine to run VM. The first issue was that there was no CD drive. This wasn’t so difficult, you have basically two choices:

a) Boot with a CD, with a VMWare ISO image

b) Boot from USB, if your BIOS supports it.

As it turns out, our BIOS was able to support USB boot. So we used the extremely useful Rufus (https://rufus.akeo.ie/) tool to burn the ISO image we downloaded from at  VMWare https://my.vmware.com/web/vmware/evalcenter?p=free-esxi6.

We set up the BIOS to boot from USB and immediately got into the installation portion for VM. So far so good.

2) Unsupported network adapter

Immediately we got hit with an unsupported network adapter and basicall VMWare refused to go on. At this point we have 3 options:

a) Hack the image and inject the drivers of our network adapter in (I believe it was Realtek 8168 GB Ethernet)

b) Purchase and set up an adapter that is in the compatibility list at http://www.vmware.com/resources/compatibility/search.php

c) Downgrade VMWare 6 to 5.1 or below

Fortunately we had an older version of VMWare a few years back in our network drive and we chose to take the path of C), since Realtek was supported by VMWare then. Why they removed the support, I have no idea.

We re-did the image to 5.1 and rebooted to USB – this time, we got through without any issue, and VMWare ESXi was installed!

d) Deploying AlienVault 

Once you had your VM server up, you just download the client and deploy the AV OVF using File -> Deploy OVF Template. Of course, you obviously have to download the Trial AV first. Head over to www.alienvault.com/free-trial.

Just use default settings BUT choose ‘Thin Provisioning’ as disk format to avoid having to pre-allocate the full amount of disk space. This will allocate a minimal footprint for your image and grow as you store logs.

e) Power On — Not.

We still had some minor issues, such as the error stating that the virtual CPU configured were more than the physical – in this case, it was simply right clicking the VM – Edit Settings -> CPUs and lowering the number of CPUs from 8 to 4. You might not face this, but remember we are using a low spec system.

f) Power On — NOT again.

This time it powers up but when we try to get into AV console, we get blanked. Check the event logs. It stated:

“The CPU has been disabled by the guest operating system. You will need to power off or reset the virtual machine at this point.”

We were a little stumped at this point and googling didn’t really revealed much. More information over at

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2000542

But again, that was still not so helpful.

I chanced upon a similar issue where I recall in the earlier VM installation that VMware was complaining about this system not being able to support Hardware Virtualisation and that to ensure this was enabled in BIOS. Tinkering around the BIOS, found the setting for Intel Technology Virtualisation to be ‘disabled’.

Enabled it and it worked like a charm.

Alien Vault is finally up and ready to go! Next article, we will look into the basic functions of Alien Vault.

P/s – make sure you have a different IP setting on the AV VM image and the actual host itself. Since VMware also has a WebUI, you won’t be able to access AV if you put the same IP address.

Avant Edge is now Alien Vault

alienvault-logo

PKF Avant Edge is now a channel partner for AlienVault in Malaysia.

Over the course of 5 years since we started in 2010, we have resisted the urge to go into becoming a partner for a particular vendor. We’ve had a number of security companies calling us, and asking us if we wanted to bring in their products, given our incision into the market, especially in BFSI. But most of these products were either heavily priced or just wasn’t right for the sort of customers we know we have.

We also did not want to compromise our audit and assessment integrity by carrying too many third party technologies, as we will end up giving recommendations that suit the margins we are getting on each box.

So from the onset, our vision is to give independent advisory, and if there is a great product that comes along, worth recommending, we would do that.

Well – we have been evaluating Alien Vault for a few months now, and about a month ago, we contacted the channel director in the region and asked if he was interested in getting together for a chat. Our philosophies meet. We need to get good products out there that suit our customers – not that suit our margins. Because Avant Edge’s main business is in compliance management and advisory, we don’t have too much stake in pushing Alien Vault down our customer’s collective throats. We are willing to give a demo, or a trial, and if it suits, it suits. If not, let’s move on. Unlike traditional SIs who build consultancy surrounding the technology products, we build products surrounding our consulting services. A slight difference is there.

So over the next few articles, aside from our usual foray into PCI and PDPA, expect a little more on our experience in AlienVault. We believe in hands on experience, so we’ve already set up a trial box in our labs and we are going to walk through the technical details in this blog.

Stay tuned! If you need more information, contact us at alienvault@pkfmalaysia.com. Yes. We started a new mail group for this!

Newer posts »

© 2024 PKF AvantEdge

Up ↑