Aanval Support Q&A: Aanval Installation Issue

Q: I downloaded and untarred Aanval according to the guide provided (http://wiki.aanval.com/wiki/Aanval:V7_Installation_Guide) and installed all prerequisites, but after I point my browser to the Aanval location and accept the EULA, I get an error noting that MySQL is missing. I show that MySQL is installed and running. Can you help? I’m using CentOS 6 on a VM.

A: That step is an Environmental Test in which all necessary PHP modules and directory structures and permissions are searched and tested. Your results show that not MySQL but the PHP MySQL module is missing. It’s a very simple fix.

First, install that module:

yum install php-mysql

Second, restart Apache:

apachectl restart

Third, while on the browser, click the Retest option at the bottom of the page showing the Environmental Test results (you can also completely restart the web-based portion of the install by directing a new browser window to the Aanval location). The test will now confirm that module is installed and you can continue to the next step of pointing Aanval to the location of the aanval database so that Aanval can automatically build its structure and tables, and then log in.

Aanval 8: Coming Soon!

Aanval 8 Sneak Peak
Aanval 8 is almost here, with a brand new look, and loaded with new and improved features and performance!

Nearly a year in the making, Aanval 8 boasts dozens of new features and a complete re-write of nearly the entire code-base to make it our most stable and advanced version of Aanval yet.

Featuring: HTML5, IPv6 Support, Direct Unified2 Support, Threat Levels Displays, Heat Maps, Syslog Updates, New Automation System, and more.

Aanval v8

Check out other screenshots and details at https://www.aanval.com/aanval8

Aanval 8 will be publicly released in the coming weeks, and will be a free upgrade to all current Aanval SMB, SAS, and SAS Enterprise customers.

Aanval’s Event and Host Summaries

IDS engines like Snort and network devices can and generally do log thousands to millions of events per day, which can make it difficult to gather a view as to what has happened and what is happening. 

Aanval provides numerous up-to-date and live views of your data to help you make sense of it, increase your situational awareness, and quickly determine potential threats. One of those views are Summaries.

Event and Host Summaries

Users can quickly select the event name from the dashboard or any Live display to visually see a Timeline browser displaying how often a given event is being generated, along with every host associated as a source and destination.

Event Summary

From there users can then select a given host to get a similar summary that would include a Timeline browser that further details risk level of generated events, Geo IP details, and a listing of events where that host has been associated as a source and destination. Host summaries can also be selected from the dashboard or any Live view by simply selecting the desired host or IP from the main event details.

Aanval’s Advanced, Scheduled, and Emailed Reports

Advanced Reporting

Aanval provides both on-demand and scheduled reports. They are available to view in a number of formats, including PDF, HTML, and XML, and can be emailed in PDF and Text formats.


Creating a Report

Users can generate a report from any search results. Users can also use the My Reports menu to create custom and scheduled reports and filter by sensor, risk level, and more.

Within the String / Text box, users can enter any of the keywords used by the Advanced Search tool to make their searches and reports extremely detailed, for example by returning all events from “lastweek:” Keywords can be combined as well and used alongside other factors already provided in drop-down boxes like Risk Level, and Source and Destination IP/Port.


Scheduled Reports

Users can create any number of scheduled reports and have them emailed to any number of addresses (comma separated).

Report Details

Aanval reports display exactly what the user searched or queried and when, and then proceeds to detail in an easy-to-read format and  with graphs all event values like Source and Destination IPs, Ports, sensors affected, where the events are stored, and more.

Learn More and Take Aanval for a Spin

* Aanval Reports

* Download Aanval

Aanval for the Managed Services Provider

Aanval has proven to be an invaluable tool for MSPs, and here’s why.

Flexibility and Growth Potential

As your customer base grows, so does Aanval. Our Aanval SAS Enterprise package allows you as an MSP to add and monitor an unlimited number of sensors and devices (Snort, Suricata, and syslog) without a cost increase. Additionally, there are no data caps; import as much traffic as possible. We encourage the idea of “Responsible Security,” to increase network visibility and situational awareness by monitoring every available network piece.

The Features You Need

On-Demand and Scheduled Reports

Create on-demand and scheduled reports for every customer. Aanval has search and reporting logic to make results extremely refined and detailed. 

Real-Time Actions and Alerts

Create custom actions to perform tasks and alerts with Action Management, from email alerts to tasks like tagging and executing shell commands.

Secured and Filtered

Import alerts and logs from multiple customers and locations. And while it’s being aggregated and managed on one console, it’s also secured and easily filtered to individual customers for viewing, alerts, and reporting.

Customer Logins

While many customers of MSPs like the hands-off approach, many like to see for themselves what’s happening. Easily create individual customer accounts that provide access to view only their sensors and data.


We understand that this may be a new venture for both the MSP and the customer. Not a problem. The Tactical FLEX team behind Aanval has years of experience and can help you get things running and optimized. From remotely installing a Snort sensor, to configuring a plug-and-play Aanval appliance, to writing custom regex for a syslog device, we’re here to get the job done quickly and correctly.


Whether you’re managing Aanval at your own data center, at individual customer locations, or a mix of both, you’re getting the biggest bang for your buck with Aanval SAS Enterprise. In addition to monitoring every customer and every sensor and device, you’ll receive 24/7 console support. Also included is console maintenance, allowing you access to every fix, feature, and even major release.

Oh yes, there’s more!

Want to take Aanval for a test drive? Want us to show you the ropes? Not a problem.

Create a free Aanval account and download the console now: https://www.aanval.com/account/request

Request a demo from our support department, where we can answer questions and showcase Aanval’s features for you live: https://www.aanval.com/demo

Learn more at https://www.aanval.com/aanval

Aanval Mini Appliance: FREE with License Purchase

FREE Aanval Mini Appliance Promotion in August

Now through the end of August, receive a FREE Aanval Mini appliance with the purchase of an Aanval SAS or Aanval SAS Enterprise  license package. Purchase an Aanval SMB package and receive 50% off an Aanval Mini appliance.

Aanval Appliance

What is an Appliance?

We have brought the industry’s leading Snort and Syslog intrusion detection and correlation console together with the world’s most stable and advanced operating system and hardware combination.

The Aanval Mini appliance is a Mac mini-based all-in-one IDS and SIEM solution. Preconfigured with Snort and Aanval, this box comes drop-in ready for complete monitoring and management. 

Screen Shot 2014 08 21 at 10 48 32 PM

Each appliance comes with one standard Ethernet interface designed for Snort monitoring. With a supplied Thunderbolt-to-Ethernet cable, a second management interface is added.

Already have an Aanval server?

Not a problem. The Mini appliance can be configured as a sensor-only device, designed to monitor and report to a local or remote Aanval server for logging, correlation, reporting, and management. 

Multiple Mini appliances can be deployed at remote sites. The Mini appliance is also rack mountable.

Aanval’s Enhanced Sensor and Appliance Management Features

Every appliance comes configured with Aanval’s Sensor Management Tools that allow the remote management of a sensor’s Snort signatures. Manually enable and disable signatures, and automatically receive daily signature updates on every active sensor.

Apple and Mac OS X

Elegant, reliable, and stable are just a few of the words that describe the world’s most advanced operating system combined with the industry’s highest quality hardware. Apple’s operating system and hardware were chosen for Aanval Appliances for its core Unix foundation and overall superior quality. Mac OS X is an Open Brand Unix 03 Registered Product.


Configured for Your Environment

All appliances may be custom configured with specific destination network details (IP, DNS, etc), ensuring the installation is as simple as plugging in and powering on the Appliance. Appliances may further be installed with a selection of security tools including tcpdump (packet sniffing), Nmap (port scanning), nessus (vulnerability scanning), and more.

Get Your FREE Appliance!

Purchases can be made securely online at https://www.aanval.com/purchase and through the friendly and knowledgable sales staff at Tactical FLEX!

Learn more about Aanval at https://www.aanval.com/aanval 

Aanval v7 Upgrades: That was easy!

Aanval v7 upgrades are easy and performed right inside the console. 

Console messages are displayed when updates are available and provide a direct link to the Version Management page. You can also navigate from the Console Configuration menu.

If you’re experiencing an issue with the current version, from that same Version Management menu, clicking Force Update will download and install the current version. 

Once a new version is downloaded, you’ll be shown the EULA and following its acceptance be guided through a brief re-installation which consists of version and module checking, ensuring the new version is good to go. 

The last prompt of an upgrade is to Stop and Start the BPUs (Background Processing Units). We strongly recommend performing this step. Updates to the console may contain changes or advancements to the BPUs, and failure to restart them when prompted may cause issues with the console’s operability and require further steps that may include manually downloading and installing the console again.

Check the following website to see details of a console upgrade: https://www.aanval.com/download/notes

Use Nmap to Increase Host Visibility Automatically with Aanval SAS

The biggest question you need to answer as a network security analyst is “What’s happening on my network?” Aanval helps deliver.

While knowing the specific events being generated by Snort are important, as well as keeping that signature recipe finely tuned and updated, we believe it’s more important to know who’s behind those events (just as it’s more important to know and capture the bank robber instead of spending too much time at the scene of the crime).

Aanval has amazing features that will detail the activity and behavior of not only those events but the hosts that either cause those events or act as the victim. With a single click, users can get a map of their host that includes a visually striking Timeline Browser readout of the host’s frequency in generating events and also their threat levels, so you immediately know how harmful a host may be. In addition to that, users get a full readout of what signatures that host has triggered, as both a host and possibly a victim. Quickly search those results for more details and create and email reports based on those results. All of those features are built-in and automatically work in the background and are available as you feed Aanval network alerts.

To get even more from your Aanval console, use Nmap to routinely scan the network or multiple networks for currently and newly connected hosts. All on an automated basis, Aanval will find those hosts and perform a scan to obtain their OS fingerprint or vendor, IP, and up/down status. But Aanval doesn’t stop there; it then imports those records to its Device Management readout, where users can then add more details about a given host (services, additional interfaces, etc.) and find its current state. Once those records are received, more Aanval features become automatically unlocked and fed, like Situational Awareness and Event Validation. 

With Situational Awareness, users can get an instant bird’s eye view of the connected hosts and their activity. Quickly determine harmful attackers and weak links. Views can be changed from a current view or even those in the past.

Event Validation allows users to quickly determine if generated events come from known hosts and if they may possibly be false positives, one of the top reasons for failed IDS deployments, as they can quickly choke a system and view.

Check out the links below to get these features up and running on your Aanval console, and increase your host visibility and situational awareness.

Nmap: Getting Started

Network Host Scanning

Situational Awareness

Event Validation

Aanval SAS FAQ

In the past few weeks, we’ve had people ask specific questions about our new trial offerings and the types of commercial licenses available. We decided to write a blog to answer those questions.

#1. What is the difference between a 30-day trial and 30-day unlimited trial?
#2. Free vs commercial? What does an annual subscription provide?
#3. What are the types of Aanval SAS licenses offered? How can I determine the right license package for my environment?

Aanval is available to download and evaluate for free. Without a commercial license, Aanval operates in a free single-sensor mode, allowing 1 Snort or 1 Suricata and 1 syslog device. Your download automatically includes most of the features in our latest release, Aanval SAS (Situational Awareness System), for 30 days and allows you to process up to 1 million events. After 30 days, you can purchase an annual commercial license and take advantage of all the powerful and automated features designed to provide organizations complete end-to-end network visibility and situational awareness. You also have the option to convert to an unlimited 30-day trial license. We’ve re-introduced trial licenses for organizations who need to test Aanval in their environments without limitations on sensor capacity or event processing. Installation assistance and full support will also be available during your trial period.

All versions of Aanval are available as a downloadable solution that can be installed on existing hardware and requires only a current variant of Linux, Unix, or Mac OS X.

Visit our Download Page https://www.aanval.com/download and get your 30-day trial or 30-day unlimited trial.

What does the Aanval SAS annual subscription offer you?

» An annual unlimited sensor-capacity license for Snort and/or Suricata, and Syslog
» Telephone and remote support
» Console maintenance: bug fixes, minor and major upgrades
» An enterprise-grade SIEM and IDS solution at a fraction of the cost of other providers

Aanval SAS annual package includes the following features and tools:

» Situational Awareness™
» Offensive Reconnaissance™ and Rogue Host Detection
» Network Host Scanning
» False Positive Protection
» Live GeoLocation Display
» Event Correlation
» Billions of Events
» Event Tagging, Syslog Mirroring, and More

Aanval is designed to specifically scale from small single-sensor installations to global enterprise deployments. Aanval’s primary functions are to correlate data from multiple sources, bring together billions of events, and present users with a holistic view of false positive free, network security situational awareness.

We offer three types of annual subscriptions:

Aanval SMB

Our most cost efficient solution, designed specifically for the small business market, Aanval SMB includes every base feature of Aanval SAS as well as a few select SAS-only options like our powerful Situational Awareness engine, Rogue Host Detection, and the ever critical False Positive Protection module.

View Aanval SMB Details: https://www.aanval.com/aanval

Aanval SAS

Our completely unlimited middle market offering, Aanval SAS (Situational Awareness System), developed and focused specifically for organizations up to 250 hosts in size. Aanval SAS includes all basic and advanced SAS features like Offensive Reconnaissance and Network Host Scanning.

View Aanval SAS Details: https://www.aanval.com/aanval

Aanval SAS Enterprise

Aanval SAS Enterprise scales beautifully to organizations of all sizes. Designed with large-scale network infrastructures in mind, SAS Enterprise provides superior functionality for networks that exceed 250 hosts and support services are readily available 24/7.

View Aanval Enterprise Details: https://www.aanval.com/aanval

Need assistance determining the right license package for your environment? Contact our Sales Dept. at 800-921-2584 or email sales.group @ tacticalflex.com

We invite you to also explore our Product License Comparison at https://www.aanval.com/aanval

View pricing or purchase Aanval products and services securely online https://www.aanval.com/purchase

See Why Customers Choose Aanval SAS (Situational Awareness System)

More than 6,000 customers worldwide including Fortune 500 and SMEs trust Aanval as their Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management solution. Read the latest customer success story from the retail industry to learn more about the business benefits of Aanval SAS.

Customer Snapshot: A Leading Online Retailer

Industry: A publicly-traded home improvement retailer with 201-500 employees. Company primarily conducts business through e-commerce. All security initiatives are managed in-house.

Customer Need: IT department was searching for a robust IDS utilizing Snort to manage and monitor their growing business and network infrastructure. Initially the company was using a standard Snort interface.

Customer Evaluation of Aanval SAS: Aanval was the primary product evaluated during the solution search process. The company’s Information Security Manager evaluated Aanval for the following security use cases:

1. Log Monitoring and Network Traffic Analysis
2. Packet Management
3. Anomaly Detection
4. PCI Compliance

Aanval SAS met all of the evaluation criteria and found Aanval easy to use, configure, and install. Company has purchased the Aanval SAS commercial license is now using Aanval as their stand alone IDS.

Aanval SAS Has Helped with the Following:

1. Improve Operational Efficiency. Helped streamline the IT process of monitoring activities, analyzing and correlating event data, delivering security alerts, and investigating security incidents.
2. Meet PCI Compliance Initiatives. The Payment Card Industry Data Security Standard (PCI DSS) requires that all retailers and e-commerce sites that process, store, or transmit credit card information maintain a secure environment.
3. Reduce False Positives
4. Provide Needed Situational Awareness
5. Improve Security by Accelerating Detection of Anomalies

The Top Business Benefits of Aanval SAS: 

1. Event Management/Collection
2. False Positive Protection
3. PCI Compliance
4. Affordable Pricing
5. Built-in Automated Offensive Tools That Utilize Nmap. Includes Network Host Scanning, Rogue Host Detection, and Offensive Reconnaissance