Sensor Filtering with Aanval 8

Aanval 8 Sensor Filtering

New to Aanval 8 is an all-new system for quickly filtering data based on sensors. For example, while viewing Frequent Events, a user can filter the view to focus on a single sensor or group of sensors by quickly disabling the view of other active sensors. While event importing and processing for disabled/filtered sensors continues in the background, event and analytical tools calculate and display data from only selected/unfiltered sensors. As filtered sensors are again checked or enabled, displays quickly and automatically update to account for the additional sensors and data.

How to Filter a Sensor

Hover over the name of the logged-in user in the upper right-hand corner, and a listing of options will show in a drop-down box.

Screen Shot 2016 06 28 at 3 57 17 PM

Select Change Sensors View and a box will be displayed of sensors that have been set up and enabled on their respective Sensor Configuration pages. Check or uncheck sensors to change the data view on any menu. And because the Change Sensors View is part of the menu bar, it’s available to access on any page, allowing you to quickly make changes and get the focus and data you need.

Screen Shot 2016 06 28 at 3 57 21 PM

Troubleshooting

Checking the Change Sensors View is the first menu to check when users setting new sensors question why they aren’t seeing events or sensors after just setting them up. Sensors do not automatically enable in this menu after being added to Aanval in a Sensor Configuration menu.

If the Change Sensors View is blank after adding new sensors, go back to the proper Sensor Configuration menu and check the User Permissions at the bottom of the page to ensure each user has intended access to each sensor. Once updated, refresh the page and select the Change Sensors View menu again and the new sensors will be available to check.

Tactical FLEX, Inc. Advances Best Performing IDS with Debut of Aanval 8

An Unparalleled End-to-End SIEM-Based Snort, Suricata, and Syslog IDS Solution

Seattle, May 31, 2016 /PRNewswire/ – Tactical FLEX, Inc., a global leader of information security, vulnerability, and risk management software solutions, today announced the debut of Aanval 8, the latest version of its market-leading IDS and SIEM platform. Tactical FLEX, Inc. continues to set a new bar and advances Aanval 8 with performance upgrades, enhanced threat detection, and a host of new features designed to deliver complete security visibility, real-time monitoring, and situational awareness.

Budget constraints are one of the main obstacles that challenge information security operations. Tactical FLEX, Inc. understands that all organizations need a comprehensive, scalable, and affordable real-time threat management solution that gives IT departments the technological power and operational efficiency to accelerate the accurate detection of security threats as well as pinpoint security risks in order to safeguard critical assets while maintaining regulatory compliance. Aanval 8 is designed and priced to deliver affordable enterprise-class security for all business sizes.

A few selected features and enhancements in Aanval 8:

* All-New HTML5 Look and Feel: A complete re-write of nearly the entire code-base to make it our most stable and advanced version of Aanval yet.

* Direct Unified2 IDS Event Importing: Getting Barnyard2 working with IDS engines has been a major headache in the IDS community, along with its lack of IPv6 support. With Aanval 8, users can import and manage IDS event data, including IPv6 addresses, directly from Snort or Suricata by way of Aanval’s new and advanced Sensor Management Tools (SMTs). Alternate use importing with Barnyard2 and a MySQL database are still supported but not required.

* Threat Level Displays and Global Heat Maps: Visual Heat Maps technology, along with improved GeoLocation and brilliant customizable dashboards, are aimed to help users pinpoint and translate security issues and risks for upper management with contextual views replacing pointless charts and manual spreadsheets.

* Automation and Reporting Systems: Many security departments consist of one or two admins trying to stay on top of security threats and manage logs and reports. Aanval 8 delivers the necessary automation and operational efficiency for security pros. Quickly and easily create or modify any number of automated tasks for alerts and event management. Custom on-demand and scheduled reports provide clear results with helpful graphs and displays.

* Syslog Enhancements: Aanval 8 adds increased speed and capacity for retrieving and filtering large amounts of syslog data sent by various network devices. Also included is a new regex testing tool designed specifically for Aanval’s advanced syslog filtering logic.

Details of Aanval 8 are available at https://www.aanval.com/aanval. Aanval software, hardware, support, and training services may be purchased at https://www.aanval.com/purchase. Aanval may be downloaded for testing and evaluation. Follow Aanval on Twitter @Aanval.

About Tactical FLEX, Inc.

Tactical FLEX, Inc. is a privately owned software development firm based in Washington state, specializing in information security research, engineering, technology design, and production. For over a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world including government security, defense organizations, financial services, energy companies, educational institutions, healthcare organizations, and many others. As a trusted security vendor, there are over 6,000 customers worldwide that rely upon Aanval as part of their security infrastructure. Please visit https://www.aanval.com for more information.

Aanval 8 Is Here!

Aanval 8 is a major update and it’s packed with new and upgraded features:

AanvalHome

  • An all-new HTML5 look and feel. Responsive. Faster.
  • Directly import Unified2 logs from Snort and Suricata. Barnyard2 is not required but still supported.
  • IPv6 support
  • Global Heat Maps and Improved GeoLocation
  • Improved syslog importing and new regex testing
  • Improved reports
  • Much more!
AanvalReports
AanvalGeoLocation

Check out Aanval.com for full details and other valuable documents:

We’re very excited about this release and want to make sure everyone has a chance to use Aanval 8. Download now at aanval.com/download. It comes with a license to test with a single IDS sensor and a single syslog sensor.

We have an Aanval solution for every environment. Each package includes an unlimited sensor-monitoring license, support, and console maintenance, so you’ll always have access to the latest features, fixes, and major version releases. From Aanval Small Business and Standard, to Enterprise, we have you covered.

Aanval Support Q&A: Expired Console and I Can’t Log In

Q: I tried opening Aanval on my browser, but I received a message saying the license has expired and my console is locked. I know the license is still valid. What’s happening?

A: If you’re having this or any login issue, the root of it generally stems from the connection to MySQL, since Aanval retrieves login and license information from the Aanval MySQL database.

Remedy: Make sure MySQL is up and running and the connection is solid. What we sometimes see is that MySQL is down because the disk is full. You may try connecting via another host or method to ensure MySQL is accessible. 

Once MySQL is back online, navigate to Aanval as you normally would and log in.

If you’re still receiving an Expired message, enter the address to Aanval in the browser and add the following to the end of the URL:

/?op=pub_login

This will take you directly to the login screen. In some cases the license really has expired. If that is the case, not a problem; all the data is intact and the console simply needs an updated license key. This login method will allow you to log in and navigate to License Management and update the license. If you’re still having issues, there may be further issues with the disk or database or login credentials. For further questions or issues, check out our Troubleshooting Guide at our Aanval Wiki, or contact Support. 

Aanval Support Q&A: Aanval Installation Issue: Can’t Connect to MySQL?

Q: During the web-based portion of the Aanval installation, I get to a menu where I enter the location of the aanvaldb and the credentials to access it, but upon submitting them I get a few errors and I can’t proceed. I can connect to MySQL on the command line and confirm it’s running and the credentials are correct. What’s going on?

Install Error

A: Aanval connects to MySQL with the default port of 3306. If these errors display, it is because the MySQL instance is started and accessible only by port 3307 (used in SSL connections).

There are two methods to remedy the error. The first is to locate and edit the script or plist that starts MySQL and update the line which would read something similar to <string>–port=3307</string> to read <string>–port=3306</string> and then restart MySQL.

The other method would be to return to the configuration menu on the browser and when entering the location of the Aanval database enter also the specific port. So in the example of a local installation, you’d enter 127.0.0.1:3307.

Aanval Support Q&A: Aanval Installation Issue: Missing Modules?

Q: I downloaded and untarred Aanval according to the guide provided (http://wiki.aanval.com/wiki/Aanval:V7_Installation_Guide) and installed all prerequisites, but after I point my browser to the Aanval location and accept the EULA, I get an error noting that MySQL is missing. I show that MySQL is installed and running. Can you help? I’m using CentOS 6 on a VM.

A: That step is an Environmental Test in which all necessary PHP modules and directory structures and permissions are searched and tested. Your results show that not MySQL but the PHP MySQL module is missing. It’s a very simple fix.

First, install that module:

yum install php-mysql

Second, restart Apache:

apachectl restart

Third, while on the browser, click the Retest option at the bottom of the page showing the Environmental Test results (you can also completely restart the web-based portion of the install by directing a new browser window to the Aanval location). The test will now confirm that module is installed and you can continue to the next step of pointing Aanval to the location of the aanval database so that Aanval can automatically build its structure and tables, and then log in.

Aanval 8: Coming Soon!

Aanval 8 Sneak Peak
Aanval 8 is almost here, with a brand new look, and loaded with new and improved features and performance!

Nearly a year in the making, Aanval 8 boasts dozens of new features and a complete re-write of nearly the entire code-base to make it our most stable and advanced version of Aanval yet.

Featuring: HTML5, IPv6 Support, Direct Unified2 Support, Threat Levels Displays, Heat Maps, Syslog Updates, New Automation System, and more.

Aanval v8

Check out other screenshots and details at https://www.aanval.com/aanval8

Aanval 8 will be publicly released in the coming weeks, and will be a free upgrade to all current Aanval SMB, SAS, and SAS Enterprise customers.

Aanval’s Event and Host Summaries

IDS engines like Snort and network devices can and generally do log thousands to millions of events per day, which can make it difficult to gather a view as to what has happened and what is happening. 

Aanval provides numerous up-to-date and live views of your data to help you make sense of it, increase your situational awareness, and quickly determine potential threats. One of those views are Summaries.

Event and Host Summaries

Users can quickly select the event name from the dashboard or any Live display to visually see a Timeline browser displaying how often a given event is being generated, along with every host associated as a source and destination.

Event Summary

From there users can then select a given host to get a similar summary that would include a Timeline browser that further details risk level of generated events, Geo IP details, and a listing of events where that host has been associated as a source and destination. Host summaries can also be selected from the dashboard or any Live view by simply selecting the desired host or IP from the main event details.

Aanval’s Advanced, Scheduled, and Emailed Reports

Advanced Reporting

Aanval provides both on-demand and scheduled reports. They are available to view in a number of formats, including PDF, HTML, and XML, and can be emailed in PDF and Text formats.

HtmlReport

Creating a Report

Users can generate a report from any search results. Users can also use the My Reports menu to create custom and scheduled reports and filter by sensor, risk level, and more.

Within the String / Text box, users can enter any of the keywords used by the Advanced Search tool to make their searches and reports extremely detailed, for example by returning all events from “lastweek:” Keywords can be combined as well and used alongside other factors already provided in drop-down boxes like Risk Level, and Source and Destination IP/Port.

CreateReport

Scheduled Reports

Users can create any number of scheduled reports and have them emailed to any number of addresses (comma separated).

Report Details

Aanval reports display exactly what the user searched or queried and when, and then proceeds to detail in an easy-to-read format and  with graphs all event values like Source and Destination IPs, Ports, sensors affected, where the events are stored, and more.

Learn More and Take Aanval for a Spin

* Aanval Reports

* Download Aanval

Aanval for the Managed Services Provider

Aanval has proven to be an invaluable tool for MSPs, and here’s why.

Flexibility and Growth Potential

As your customer base grows, so does Aanval. Our Aanval SAS Enterprise package allows you as an MSP to add and monitor an unlimited number of sensors and devices (Snort, Suricata, and syslog) without a cost increase. Additionally, there are no data caps; import as much traffic as possible. We encourage the idea of “Responsible Security,” to increase network visibility and situational awareness by monitoring every available network piece.

The Features You Need

On-Demand and Scheduled Reports

Create on-demand and scheduled reports for every customer. Aanval has search and reporting logic to make results extremely refined and detailed. 

Real-Time Actions and Alerts

Create custom actions to perform tasks and alerts with Action Management, from email alerts to tasks like tagging and executing shell commands.

Secured and Filtered

Import alerts and logs from multiple customers and locations. And while it’s being aggregated and managed on one console, it’s also secured and easily filtered to individual customers for viewing, alerts, and reporting.

Customer Logins

While many customers of MSPs like the hands-off approach, many like to see for themselves what’s happening. Easily create individual customer accounts that provide access to view only their sensors and data.

Support

We understand that this may be a new venture for both the MSP and the customer. Not a problem. The Tactical FLEX team behind Aanval has years of experience and can help you get things running and optimized. From remotely installing a Snort sensor, to configuring a plug-and-play Aanval appliance, to writing custom regex for a syslog device, we’re here to get the job done quickly and correctly.

Cost

Whether you’re managing Aanval at your own data center, at individual customer locations, or a mix of both, you’re getting the biggest bang for your buck with Aanval SAS Enterprise. In addition to monitoring every customer and every sensor and device, you’ll receive 24/7 console support. Also included is console maintenance, allowing you access to every fix, feature, and even major release.

Oh yes, there’s more!

Want to take Aanval for a test drive? Want us to show you the ropes? Not a problem.

Create a free Aanval account and download the console now: https://www.aanval.com/account/request

Request a demo from our support department, where we can answer questions and showcase Aanval’s features for you live: https://www.aanval.com/demo

Learn more at https://www.aanval.com/aanval