Quick Support: “None of my sensor’s events are showing in Aanval.”

After getting Aanval installed, set up, and sensors connected, users sometimes ask: “Why aren’t I seeing any events?”

Not a problem. Aanval 8 is loaded with new security and analytical tools. If you aren’t seeing your sensor’s events, first go to the Configuration Menu and select the proper import module (Unified2 Module, MySQL Module, Syslog Module). Under each module you’ll find Sensor Configuration.

SensorPermissions1

After going to Sensor Configuration, choose the sensor in question. At the bottom of the menu you’ll see Sensor Permissions. These options allow admins to securely limit access to active sensors. When a box is unchecked for a given user, that user will not be able to view or manage event data for that sensor.

SensorPermissions2

Make sure the chosen sensor’s Sensor Permissions are enabled for the desired user.

Aanval 8 further allows users to quickly filter sensor data on any menu, so that, for example, when viewing Frequent Offenders on the Charts menu, users can disable the view of certain sensors to focus on particular areas of the network, while sensor importing and functionality remains active in the background, just out of view.

Once Sensor Permissions are enabled, hover over the name of the logged-in user to view the drop-down menu and select Change Sensors View.

ChangeSensor2View1

Once selected, all sensors that are both active and have the Sensor Permissions enabled for that logged-in user will be displayed. Check the box of each sensor for which you want to view and manage event data.

ChangeSensorsView2

Once sensors are checked, event data will be immediately displayed. If after taking these steps you still do not see event data, start with making sure your sensors are active, properly logging in the Unified2 or syslog formats, depending on which sensor you’re troubleshooting, and that sensors are properly connected to Aanval.

Upcoming Webinar on June 15th: Tactical FLEX, Inc. Debuts Aanval 8

Date

Wed, Jun 15, 2016 7:00 AM – 7:30 AM PDT

Come join us and discover the excitement of Aanval 8 and find how to monitor every aspect of your network environment without breaking the bank! This upcoming webinar will provide an overview of Aanval 8 and cover a few selected features and enhancements including an all-new HTML5 look and feel, direct Unified2 IDS event importing, threat level displays and global heat maps, automation and reporting systems, and syslog enhancement. Learn why Aanval 8 is the complete end-to-end security solution for your IDS and syslog data.

Register Here

Screen Shot 2016 06 09 at 1 21 04 PM

Aanval Support Q&A: Expired Console and I Can’t Log In

Q: I tried opening Aanval on my browser, but I received a message saying the license has expired and my console is locked. I know the license is still valid. What’s happening?

A: If you’re having this or any login issue, the root of it generally stems from the connection to MySQL, since Aanval retrieves login and license information from the Aanval MySQL database.

Remedy: Make sure MySQL is up and running and the connection is solid. What we sometimes see is that MySQL is down because the disk is full. You may try connecting via another host or method to ensure MySQL is accessible. 

Once MySQL is back online, navigate to Aanval as you normally would and log in.

If you’re still receiving an Expired message, enter the address to Aanval in the browser and add the following to the end of the URL:

/?op=pub_login

This will take you directly to the login screen. In some cases the license really has expired. If that is the case, not a problem; all the data is intact and the console simply needs an updated license key. This login method will allow you to log in and navigate to License Management and update the license. If you’re still having issues, there may be further issues with the disk or database or login credentials. For further questions or issues, check out our Troubleshooting Guide at our Aanval Wiki, or contact Support. 

Aanval Support Q&A: Aanval Installation Issue: Can’t Connect to MySQL?

Q: During the web-based portion of the Aanval installation, I get to a menu where I enter the location of the aanvaldb and the credentials to access it, but upon submitting them I get a few errors and I can’t proceed. I can connect to MySQL on the command line and confirm it’s running and the credentials are correct. What’s going on?

Install Error

A: Aanval connects to MySQL with the default port of 3306. If these errors display, it is because the MySQL instance is started and accessible only by port 3307 (used in SSL connections).

There are two methods to remedy the error. The first is to locate and edit the script or plist that starts MySQL and update the line which would read something similar to <string>–port=3307</string> to read <string>–port=3306</string> and then restart MySQL.

The other method would be to return to the configuration menu on the browser and when entering the location of the Aanval database enter also the specific port. So in the example of a local installation, you’d enter 127.0.0.1:3307.

Aanval Support Q&A: Aanval Installation Issue: Missing Modules?

Q: I downloaded and untarred Aanval according to the guide provided (http://wiki.aanval.com/wiki/Aanval:V7_Installation_Guide) and installed all prerequisites, but after I point my browser to the Aanval location and accept the EULA, I get an error noting that MySQL is missing. I show that MySQL is installed and running. Can you help? I’m using CentOS 6 on a VM.

A: That step is an Environmental Test in which all necessary PHP modules and directory structures and permissions are searched and tested. Your results show that not MySQL but the PHP MySQL module is missing. It’s a very simple fix.

First, install that module:

yum install php-mysql

Second, restart Apache:

apachectl restart

Third, while on the browser, click the Retest option at the bottom of the page showing the Environmental Test results (you can also completely restart the web-based portion of the install by directing a new browser window to the Aanval location). The test will now confirm that module is installed and you can continue to the next step of pointing Aanval to the location of the aanval database so that Aanval can automatically build its structure and tables, and then log in.

Aanval 8: Coming Soon!

Aanval 8 Sneak Peak
Aanval 8 is almost here, with a brand new look, and loaded with new and improved features and performance!

Nearly a year in the making, Aanval 8 boasts dozens of new features and a complete re-write of nearly the entire code-base to make it our most stable and advanced version of Aanval yet.

Featuring: HTML5, IPv6 Support, Direct Unified2 Support, Threat Levels Displays, Heat Maps, Syslog Updates, New Automation System, and more.

Aanval v8

Check out other screenshots and details at https://www.aanval.com/aanval8

Aanval 8 will be publicly released in the coming weeks, and will be a free upgrade to all current Aanval SMB, SAS, and SAS Enterprise customers.

Aanval’s Event and Host Summaries

IDS engines like Snort and network devices can and generally do log thousands to millions of events per day, which can make it difficult to gather a view as to what has happened and what is happening. 

Aanval provides numerous up-to-date and live views of your data to help you make sense of it, increase your situational awareness, and quickly determine potential threats. One of those views are Summaries.

Event and Host Summaries

Users can quickly select the event name from the dashboard or any Live display to visually see a Timeline browser displaying how often a given event is being generated, along with every host associated as a source and destination.

Event Summary

From there users can then select a given host to get a similar summary that would include a Timeline browser that further details risk level of generated events, Geo IP details, and a listing of events where that host has been associated as a source and destination. Host summaries can also be selected from the dashboard or any Live view by simply selecting the desired host or IP from the main event details.

Aanval’s Advanced, Scheduled, and Emailed Reports

Advanced Reporting

Aanval provides both on-demand and scheduled reports. They are available to view in a number of formats, including PDF, HTML, and XML, and can be emailed in PDF and Text formats.

HtmlReport

Creating a Report

Users can generate a report from any search results. Users can also use the My Reports menu to create custom and scheduled reports and filter by sensor, risk level, and more.

Within the String / Text box, users can enter any of the keywords used by the Advanced Search tool to make their searches and reports extremely detailed, for example by returning all events from “lastweek:” Keywords can be combined as well and used alongside other factors already provided in drop-down boxes like Risk Level, and Source and Destination IP/Port.

CreateReport

Scheduled Reports

Users can create any number of scheduled reports and have them emailed to any number of addresses (comma separated).

Report Details

Aanval reports display exactly what the user searched or queried and when, and then proceeds to detail in an easy-to-read format and  with graphs all event values like Source and Destination IPs, Ports, sensors affected, where the events are stored, and more.

Learn More and Take Aanval for a Spin

* Aanval Reports

* Download Aanval

Aanval for the Managed Services Provider

Aanval has proven to be an invaluable tool for MSPs, and here’s why.

Flexibility and Growth Potential

As your customer base grows, so does Aanval. Our Aanval SAS Enterprise package allows you as an MSP to add and monitor an unlimited number of sensors and devices (Snort, Suricata, and syslog) without a cost increase. Additionally, there are no data caps; import as much traffic as possible. We encourage the idea of “Responsible Security,” to increase network visibility and situational awareness by monitoring every available network piece.

The Features You Need

On-Demand and Scheduled Reports

Create on-demand and scheduled reports for every customer. Aanval has search and reporting logic to make results extremely refined and detailed. 

Real-Time Actions and Alerts

Create custom actions to perform tasks and alerts with Action Management, from email alerts to tasks like tagging and executing shell commands.

Secured and Filtered

Import alerts and logs from multiple customers and locations. And while it’s being aggregated and managed on one console, it’s also secured and easily filtered to individual customers for viewing, alerts, and reporting.

Customer Logins

While many customers of MSPs like the hands-off approach, many like to see for themselves what’s happening. Easily create individual customer accounts that provide access to view only their sensors and data.

Support

We understand that this may be a new venture for both the MSP and the customer. Not a problem. The Tactical FLEX team behind Aanval has years of experience and can help you get things running and optimized. From remotely installing a Snort sensor, to configuring a plug-and-play Aanval appliance, to writing custom regex for a syslog device, we’re here to get the job done quickly and correctly.

Cost

Whether you’re managing Aanval at your own data center, at individual customer locations, or a mix of both, you’re getting the biggest bang for your buck with Aanval SAS Enterprise. In addition to monitoring every customer and every sensor and device, you’ll receive 24/7 console support. Also included is console maintenance, allowing you access to every fix, feature, and even major release.

Oh yes, there’s more!

Want to take Aanval for a test drive? Want us to show you the ropes? Not a problem.

Create a free Aanval account and download the console now: https://www.aanval.com/account/request

Request a demo from our support department, where we can answer questions and showcase Aanval’s features for you live: https://www.aanval.com/demo

Learn more at https://www.aanval.com/aanval

Aanval Mini Appliance: FREE with License Purchase

FREE Aanval Mini Appliance Promotion in August

Now through the end of August, receive a FREE Aanval Mini appliance with the purchase of an Aanval SAS or Aanval SAS Enterprise  license package. Purchase an Aanval SMB package and receive 50% off an Aanval Mini appliance.

Aanval Appliance

What is an Appliance?

We have brought the industry’s leading Snort and Syslog intrusion detection and correlation console together with the world’s most stable and advanced operating system and hardware combination.

The Aanval Mini appliance is a Mac mini-based all-in-one IDS and SIEM solution. Preconfigured with Snort and Aanval, this box comes drop-in ready for complete monitoring and management. 

Screen Shot 2014 08 21 at 10 48 32 PM

Each appliance comes with one standard Ethernet interface designed for Snort monitoring. With a supplied Thunderbolt-to-Ethernet cable, a second management interface is added.

Already have an Aanval server?

Not a problem. The Mini appliance can be configured as a sensor-only device, designed to monitor and report to a local or remote Aanval server for logging, correlation, reporting, and management. 

Multiple Mini appliances can be deployed at remote sites. The Mini appliance is also rack mountable.

Aanval’s Enhanced Sensor and Appliance Management Features

Every appliance comes configured with Aanval’s Sensor Management Tools that allow the remote management of a sensor’s Snort signatures. Manually enable and disable signatures, and automatically receive daily signature updates on every active sensor.

Apple and Mac OS X

Elegant, reliable, and stable are just a few of the words that describe the world’s most advanced operating system combined with the industry’s highest quality hardware. Apple’s operating system and hardware were chosen for Aanval Appliances for its core Unix foundation and overall superior quality. Mac OS X is an Open Brand Unix 03 Registered Product.

AanvalOnSensorAndDisplayx350

Configured for Your Environment

All appliances may be custom configured with specific destination network details (IP, DNS, etc), ensuring the installation is as simple as plugging in and powering on the Appliance. Appliances may further be installed with a selection of security tools including tcpdump (packet sniffing), Nmap (port scanning), nessus (vulnerability scanning), and more.

Get Your FREE Appliance!

Purchases can be made securely online at https://www.aanval.com/purchase and through the friendly and knowledgable sales staff at Tactical FLEX!

Learn more about Aanval at https://www.aanval.com/aanval