AlienVault USM

New! Getting Certified as an AlienVault USM Certified Security Engineer (AVSE) I’m very pleased to announce that we have expanded the AlienVault® certification program. Our newest certification—AlienVault USM Certified Security Engineer (AVSE)—is now available for those who want to validate their skills with the AlienVault USM Anywhere products. Earning this certification demonstrates to the InfoSec community that you are skilled in the latest threat detection and incident response technology.You may be familiar with our AlienVault Certified Security Engineer (ACSE) certification. ACSE is entirely focused on AlienVault USM Appliance and remains fully available. We’re pleased to extend our family of certifications to now include AVSE to validate skills with AlienVault USM Anywhere, our SaaS-delivered USM platform. We introduced this new certification so that our customers, partners and employees who work with AlienVault USM Anywhere can challenge themselves and work toward proving their ability to deploy, configure and manage the product.The AVSE exam is designed to validate candidates’ knowledge of what they learned during the AlienVault USM Anywhere training courses: AlienVault® USM Anywhere™: Deploy, Configure, Manage (ANYDC) and AlienVault® USM Anywhere™: Security Analysis (ANYSA). The AVSE exam covers the skills and knowledge candidates learn in these two courses. While the training is not required to sit for the exam, we highly recommend taking the training as a way to prepare.Why Certify on AlienVault USM Anywhere?AlienVault USM Anywhere is a powerful product with numerous capabilities. When you take the AlienVault USM Anywhere training courses, you will learn things like how to differentiate between various types of attacks and how to fine tune and reduce irrelevant information in your environment. This will prepare you for the AVSE exam which focuses on the lessons we teach in class. Earning this certification proves to the community that you are skilled in the latest threat detection and incident response technology.Each training course (ANYDC and ANYSA) includes one voucher for the AVSE exam.When you pass the AVSE exam, you receive a personalized certificate and an AlienVault USM Anywhere logo that you can use on your resume, CV, and social media profiles such as LinkedIn.What’s new with exam registration and proctoring?Our newest exam follows the lead of our other certification exams. It proctored by our exam delivery partner, Kryterion. You can choose to take an online proctored exam, in which you use your own webcam and take the test at your location. Or, you can choose to take the exam at a Kryterion testing center.As an additional feature, if you choose to take the exam online proctored, you can register using a concierge service through Kryterion. This concierge service provides you with a smoother process for exam registration and testing your web cam prior to exam start.If you’re familiar

Applies to Product: USM Appliance™ LevelBlue OSSIM® USM Appliance provides over 4,500 built-in directives and adds more every week through the LevelBlue Labs™ Threat Intelligence Update. The directives are grouped into different categories. USM Appliance correlation directive categories Category Name Explanation Example User Contributed A placeholder for user created and/or modified directives. By default, this category is empty. AlienVault Attacks Directives to detect various attacks against vulnerable services and applications. AV Attacks, Successful OpenSSL HeartBeat attack AlienVault BruteForce Directives to detect brute force attacks on services that require authentication. AV Bruteforce attack, SSH authentication attack against DST_IP (destination IP) AlienVault DoS Directives that detect Denial of Service (DoS) attacks on different applications and services. AV Service attack, successful denial of service against IIS web server on DST_IP (MS07-041) AlienVault Malware Directives to detect malware. AV Malware, botnet Koobface activity detected on SRC_IP (source IP) AlienVault Misc Directives to detect activities that do not fall into any other category. AV Misc, suspicious executable download from a dynamic domain on SRC_IP AlienVault Network Directives detect network related anomalies and attacks. AV Network attack, too many dropped inbound packets from DST_IP AlienVault Policy Directives to detect policy violations. AV Policy violation, vulnerable Java version detected on SRC_IP AlienVault Scada Directives to detect attacks on industrial supervisory control and data acquisition (SCADA) systems. AV SCADA attack, Modbus scanning or fingerprinting against DST_IP AlienVault Scan Directives to detect scanning activities. AV Network scan, Nmap scan against DST_IP USM Appliance provides a web interface, Configuration > Threat Intelligence > Directives, for you to examine, modify, or create new correlation directives. Threat Intelligence > Directives" alt="Directives page for managing correlation directives."> To display a directive Click the black triangle to the left of the category name. Click the black triangle to the left of the directive. Each directive consists of the following Global properties One or more rule(s) Directive Info (Optional) Knowledge Base article(s) AlienVault OSSIM Limitations: ">AlienVault OSSIM Limitations: USM Appliance includes a faster and more robust correlation section with more complex correlation directives. LevelBlue OSSIM has a smaller number of correlation directives, but you are allowed to customize and build your own directives based on your needs. AlienVault OSSIM Limitations: ">AlienVault OSSIM Limitations: In the LevelBlue OSSIM environment, the following directives are inactive AlienVault DoS AlienVault Network Alienvault Scada

With the ACSE you know that exam is approximately 70-77 questions in length. The AVSE exam is a bit shorter, containing between 40 and 60 questions to be answered in 90 minutes.How does Recertification work for the AVSE?Much like the ACSE, the AVSE certification expires after 3 years. AlienVault USM Anywhere is a powerful product with a wide variety of capabilities that continue to expand and evolve. By recertifying every 3 years, AVSE certificate holders will continue to prove their skills and verify they are current with the latest features of the technology. To help candidates prepare for the recertification exam, AlienVault is happy to provide a copy of the latest training materials from the AlienVault® USM Anywhere™: Deploy, Configure, Manage (ANYDC) course and the AlienVault® USM Anywhere™: Security Analysis (ANYSA) course. These training materials will be provided at no additional cost. This is only available to candidates who have already been certified for AVSE.It’s a very exciting time at AlienVault! I wish everyone success with AlienVault USM Anywhere and on the AVSE exam. If you have questions about exams or certifications, please reach us at [email protected].Get started with your AlienVault certification today!

AlienVault UnifiedSecurity ManagementNow known as AT&T Cybersecurity, AlienVault® Unified Security Management® (USM) delivers powerful threat detection, incident response, and compliance management across cloud, on-premises, and hybrid environments. Simplicity joined forces with AlienVault to provide robust security monitoring and compliance as an approved MSSP (or managed services solutions provider). AlienVault combines multiple security capabilities into one platform: asset discovery, vulnerability assessment, intrusion detection, incident response, SIEM, and log management. The result is a single dashboard providing a holistic view into your entire security environment, allowing you to have more robust threat detection, quicker incident response, and deeper compliance management capabilities for all of your critical environments. Asset DiscoveryIdentify all of your network assets and get more visibility into them with automated asset discovery and scanning.Intrusion DetectionDetect threats in environments with built-in cloud IDS, network IDS, and host-based IDS.Security AutomationAutomated incident response and orchestration allows IT teams and security operations to work more effectively.SIEM & Log ManagementCollect and analyze SIEM information with robust log management, all in one place.Endpoint Detection & ResponseGet centralized and automated threat hunting on endpoints across cloud and on-premises environments.Threat DetectionAdvanced detection that evolves as threats evolve, allowing your organization to rapidly detect and respond to attacks.Threat IntelligenceSecurity analysts continuously research emerging threats and incorporate the latest intelligence into the platform.Vulnerability AssessmentScan and monitor your environments at whichever level you need, from the assets themselves, to asset groups, and even entire networks.

Perfect score in terms of availability.Verified UserAnonymousRead full reviewPerformanceAT&T CybersecurityWith the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.Verified UserAnonymousRead full reviewIBMI would rate IBM Security QRadar SOAR's performance as 8 out of 10. Pages generally load quickly, and reports complete in a reasonable time frame, even for complex data. While integration with other systems is smooth, there can be occasional slowdowns when handling very large datasets or during peak usage, which affects the perfect score.Verified UserAnonymousRead full reviewSupport RatingAT&T CybersecurityThe support we received from alienvault was excellent. They went above and beyond in making sure everything was working as it needed to be. They REALLY want their product implementation to be a success and our security goals be achieved. They are like a member of our security team.Verified UserAnonymousRead full reviewIBMI would rate IBM Security QRadar SOAR's support an 8 out of 10. The support team is knowledgeable, responsive, and generally provides helpful solutions. However, there can be occasional delays when addressing more complex issues, which prevents it from being a perfect score. Overall, the support experience has been positive.Verified UserAnonymousRead full reviewIn-Person TrainingAT&T CybersecurityI did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEMVerified UserAnonymousRead full reviewIBMOnline TrainingAT&T CybersecurityIt was very well organized and helpful in using the product to the fullest extent. The instructor allowed time for folks who were involved with managed services to receive tuning tips in order to better support their customers. In addition, the course materials were automatically updated when the new version came out.Verified UserAnonymousRead full reviewIBMImplementation RatingAT&T CybersecurityAlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely