Quick Support: “None of my sensor’s events are showing in Aanval.”

After getting Aanval installed, set up, and sensors connected, users sometimes ask: “Why aren’t I seeing any events?”

Not a problem. Aanval 8 is loaded with new security and analytical tools. If you aren’t seeing your sensor’s events, first go to the Configuration Menu and select the proper import module (Unified2 Module, MySQL Module, Syslog Module). Under each module you’ll find Sensor Configuration.

SensorPermissions1

After going to Sensor Configuration, choose the sensor in question. At the bottom of the menu you’ll see Sensor Permissions. These options allow admins to securely limit access to active sensors. When a box is unchecked for a given user, that user will not be able to view or manage event data for that sensor.

SensorPermissions2

Make sure the chosen sensor’s Sensor Permissions are enabled for the desired user.

Aanval 8 further allows users to quickly filter sensor data on any menu, so that, for example, when viewing Frequent Offenders on the Charts menu, users can disable the view of certain sensors to focus on particular areas of the network, while sensor importing and functionality remains active in the background, just out of view.

Once Sensor Permissions are enabled, hover over the name of the logged-in user to view the drop-down menu and select Change Sensors View.

ChangeSensor2View1

Once selected, all sensors that are both active and have the Sensor Permissions enabled for that logged-in user will be displayed. Check the box of each sensor for which you want to view and manage event data.

ChangeSensorsView2

Once sensors are checked, event data will be immediately displayed. If after taking these steps you still do not see event data, start with making sure your sensors are active, properly logging in the Unified2 or syslog formats, depending on which sensor you’re troubleshooting, and that sensors are properly connected to Aanval.

Sensor Filtering with Aanval 8

Aanval 8 Sensor Filtering

New to Aanval 8 is an all-new system for quickly filtering data based on sensors. For example, while viewing Frequent Events, a user can filter the view to focus on a single sensor or group of sensors by quickly disabling the view of other active sensors. While event importing and processing for disabled/filtered sensors continues in the background, event and analytical tools calculate and display data from only selected/unfiltered sensors. As filtered sensors are again checked or enabled, displays quickly and automatically update to account for the additional sensors and data.

How to Filter a Sensor

Hover over the name of the logged-in user in the upper right-hand corner, and a listing of options will show in a drop-down box.

Screen Shot 2016 06 28 at 3 57 17 PM

Select Change Sensors View and a box will be displayed of sensors that have been set up and enabled on their respective Sensor Configuration pages. Check or uncheck sensors to change the data view on any menu. And because the Change Sensors View is part of the menu bar, it’s available to access on any page, allowing you to quickly make changes and get the focus and data you need.

Screen Shot 2016 06 28 at 3 57 21 PM

Troubleshooting

Checking the Change Sensors View is the first menu to check when users setting new sensors question why they aren’t seeing events or sensors after just setting them up. Sensors do not automatically enable in this menu after being added to Aanval in a Sensor Configuration menu.

If the Change Sensors View is blank after adding new sensors, go back to the proper Sensor Configuration menu and check the User Permissions at the bottom of the page to ensure each user has intended access to each sensor. Once updated, refresh the page and select the Change Sensors View menu again and the new sensors will be available to check.

Upcoming Webinar on June 15th: Tactical FLEX, Inc. Debuts Aanval 8

Date

Wed, Jun 15, 2016 7:00 AM – 7:30 AM PDT

Come join us and discover the excitement of Aanval 8 and find how to monitor every aspect of your network environment without breaking the bank! This upcoming webinar will provide an overview of Aanval 8 and cover a few selected features and enhancements including an all-new HTML5 look and feel, direct Unified2 IDS event importing, threat level displays and global heat maps, automation and reporting systems, and syslog enhancement. Learn why Aanval 8 is the complete end-to-end security solution for your IDS and syslog data.

Register Here

Screen Shot 2016 06 09 at 1 21 04 PM

Tactical FLEX, Inc. Advances Best Performing IDS with Debut of Aanval 8

An Unparalleled End-to-End SIEM-Based Snort, Suricata, and Syslog IDS Solution

Seattle, May 31, 2016 /PRNewswire/ – Tactical FLEX, Inc., a global leader of information security, vulnerability, and risk management software solutions, today announced the debut of Aanval 8, the latest version of its market-leading IDS and SIEM platform. Tactical FLEX, Inc. continues to set a new bar and advances Aanval 8 with performance upgrades, enhanced threat detection, and a host of new features designed to deliver complete security visibility, real-time monitoring, and situational awareness.

Budget constraints are one of the main obstacles that challenge information security operations. Tactical FLEX, Inc. understands that all organizations need a comprehensive, scalable, and affordable real-time threat management solution that gives IT departments the technological power and operational efficiency to accelerate the accurate detection of security threats as well as pinpoint security risks in order to safeguard critical assets while maintaining regulatory compliance. Aanval 8 is designed and priced to deliver affordable enterprise-class security for all business sizes.

A few selected features and enhancements in Aanval 8:

* All-New HTML5 Look and Feel: A complete re-write of nearly the entire code-base to make it our most stable and advanced version of Aanval yet.

* Direct Unified2 IDS Event Importing: Getting Barnyard2 working with IDS engines has been a major headache in the IDS community, along with its lack of IPv6 support. With Aanval 8, users can import and manage IDS event data, including IPv6 addresses, directly from Snort or Suricata by way of Aanval’s new and advanced Sensor Management Tools (SMTs). Alternate use importing with Barnyard2 and a MySQL database are still supported but not required.

* Threat Level Displays and Global Heat Maps: Visual Heat Maps technology, along with improved GeoLocation and brilliant customizable dashboards, are aimed to help users pinpoint and translate security issues and risks for upper management with contextual views replacing pointless charts and manual spreadsheets.

* Automation and Reporting Systems: Many security departments consist of one or two admins trying to stay on top of security threats and manage logs and reports. Aanval 8 delivers the necessary automation and operational efficiency for security pros. Quickly and easily create or modify any number of automated tasks for alerts and event management. Custom on-demand and scheduled reports provide clear results with helpful graphs and displays.

* Syslog Enhancements: Aanval 8 adds increased speed and capacity for retrieving and filtering large amounts of syslog data sent by various network devices. Also included is a new regex testing tool designed specifically for Aanval’s advanced syslog filtering logic.

Details of Aanval 8 are available at https://www.aanval.com/aanval. Aanval software, hardware, support, and training services may be purchased at https://www.aanval.com/purchase. Aanval may be downloaded for testing and evaluation. Follow Aanval on Twitter @Aanval.

About Tactical FLEX, Inc.

Tactical FLEX, Inc. is a privately owned software development firm based in Washington state, specializing in information security research, engineering, technology design, and production. For over a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world including government security, defense organizations, financial services, energy companies, educational institutions, healthcare organizations, and many others. As a trusted security vendor, there are over 6,000 customers worldwide that rely upon Aanval as part of their security infrastructure. Please visit https://www.aanval.com for more information.

Aanval 8 Is Here!

Aanval 8 is a major update and it’s packed with new and upgraded features:

AanvalHome

  • An all-new HTML5 look and feel. Responsive. Faster.
  • Directly import Unified2 logs from Snort and Suricata. Barnyard2 is not required but still supported.
  • IPv6 support
  • Global Heat Maps and Improved GeoLocation
  • Improved syslog importing and new regex testing
  • Improved reports
  • Much more!
AanvalReports
AanvalGeoLocation

Check out Aanval.com for full details and other valuable documents:

We’re very excited about this release and want to make sure everyone has a chance to use Aanval 8. Download now at aanval.com/download. It comes with a license to test with a single IDS sensor and a single syslog sensor.

We have an Aanval solution for every environment. Each package includes an unlimited sensor-monitoring license, support, and console maintenance, so you’ll always have access to the latest features, fixes, and major version releases. From Aanval Small Business and Standard, to Enterprise, we have you covered.