Agents: Agents need to be deployed individually as a unique encryption string is generated per PC.
Environment, Detection, Agents Tab, Agent Control, Add Agent
search or choose from list
if a pc is not present add its subnet to scans
Agent name does NOT need to be DNS name
etc etc ok
Actions column, choose Automatic Agent Deployment for Windows
Enter an administrator User\/pw
click Deploy<\/p>\n\n\n\n
Plugins:
Environment, Assets,
find the asset and click the magnifying glass on right, Plugins tab, edit Plugins, Fortinet, FortiGate etc<\/p>\n\n\n\n
Scans:
Environment, Vulnerabilities, Scan Jobs<\/p>\n\n\n\n
Email setup: Alerts from Alarms: Now we use the Policy Menu to add this action as a policy.<\/p>\n\n\n\n Enable Syslogs from Ubiquiti Alternate: DeepBlueCli<\/p>\n","protected":false},"excerpt":{"rendered":" Agents: Agents need to be deployed individually as a unique encryption string is generated per PC.Environment, Detection, Agents Tab, Agent Control, Add Agentsearch or choose from listif a pc is…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[112],"class_list":["post-821","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-siem"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=821"}],"version-history":[{"count":9,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/821\/revisions"}],"predecessor-version":[{"id":900,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/821\/revisions\/900"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Configuration, Deployment, click the Magnifying Glass icon, General Configuration, Mail Relay = Yes.
smtp relay = smtp<\/strong>.office365<\/strong>.com
user = steve@company.com
pw = whatever
tcp port = 587<\/p>\n\n\n\n
Config, Threat Intel, Actions, New
Name = Email Alert (or Something descriptive)
Description = name, date, description of change
Type = Send an Email message
From = must be a valid user
To = probably should be a valid user
Subject = AlienVault Alert
Body = https:\/\/lisiem.company.com, click some fields from top of page
Append Event fields = Yes<\/p>\n\n\n\n
Settings Gear bottom left, Network Settings, Advanced,
Remote Logging, Enable Syslog = Yes
Syslog Server = DNS name of SIEM server<\/p>\n\n\n\n