• Support
  • Forums
  • Blogs

AlienVault v5.6.5 Functional Release

SkylarTalleySkylarTalley

AlienVault Employee
+12
As of Tuesday, November 6 2018, AlienVault USM and OSSIM v5.6.5 are now generally available for all existing and new customers. Users can update their system(s) through the console or web UI (see upgrade instructions for more information). 

Please take a few minutes to carefully read these release notes before upgrading.

Feature releases will change the behavior of the system with new functionality. AlienVault encourages users to first apply the upgrade to a test system to understand and learn the new functionality before upgrading production systems. Carefully read the enhancement summary and change log below before upgrading your system.

Announcements

  • If you are on v5.5.x or earlier versions of USM Appliance - This release will patch vulnerabilities and update vulnerability scanning to resolve defects, and will not include the functional updates that were previously part of v5.6.
  • If you are on v5.6 of USM Appliance - This release will not materially change anything on the Appliance. You can skip this update entirely. We will release v5.6.6 during the week of November 12th. This release will patch vulnerabilities, update vulnerability scanning to resolve defects, and fix a bug that prevents email actions from working correctly. 

See the Security Advisory for USM and v5.6.5 for more information regarding vulnerabilities patched in this release.

tracy.dangerhitman

Share post:

Comments

  • I took the plunge and updated OSSIM 5.5.1 to 5.6.5. So far I haven't experienced any issues and, in particular, the payload data is working when viewing SIEM details. For other users sake, I'll report back if I encounter any issues.
    KyleKatmweiss
  • Rock solid, no issues yet
    tracy.dangerKyleKat
  • Is anyone experiencing these issues?

    https://www.alienvault.com/forums/discussion/18047/network-monitoring-stopping-after-some-time/p1

    Has anyone run a vulnerabiltiy scan yet? 
  • Network monitoring is still working, but I can't run a vulnerability scan. In the job details, under the Scanner Connection it shows "Unable to connect to vulnerability scanner. If the system has been updated recently the vulnerability scanner is rebuilding its database. Please wait a few minutes."

    It's been over 24 hours now.
    tracy.dangermweiss
  • No good. I'm seeing these corrupt DB warnings in the openvasmd.log:

    md   main:   INFO:2018-11-07 21h47.08 utc:56142: rebuild_nvt_cache_retry: Reloading NVT cache
    md   main:   INFO:2018-11-07 21h47.08 utc:56143: update_or_rebuild_nvt_cache: Rebuilding NVT cache
    md manage:WARNING:2018-11-07 21h47.09 utc:56143: sql_exec_internal: sqlite3_step failed: database disk image is malformed
    md manage:WARNING:2018-11-07 21h47.09 utc:56143: sql_x_internal: sql_exec_internal failed
    md   main:MESSAGE:2018-11-07 21h50.36 utc:61481:    OpenVAS Manager version 7.0.3 (DB revision 184)
    md manage:WARNING:2018-11-07 21h50.36 utc:61482: sql_exec_internal: sqlite3_step failed: database disk image is malformed
    md manage:WARNING:2018-11-07 21h50.36 utc:61482: sql_x_internal: sql_exec_internal failed
    tracy.dangermweiss
  • I was able to repair the OpenVAS database by performing the following:

    Go to the database folder and make a backup:
    cd /var/lib/openvas/mgr
    cp tasks.db tasks.db.bak

    Dump the data from the database and remove it:
    sqlite3 tasks.db
    sqlite> .output tasks.sql
    sqlite> .dump
    sqlite> .exit
    rm tasks.db

    Re-create the database:
    sqlite3 -init tasks.sql tasks.db

    Then rebuild the OpenVAS NVT cache:
    openvasmd --progress --rebuild -v

    After that I rebooted and waited for everything to come back up. I was able to create a vulnerability scan.
    tracy.dangermweiss
  • After this upgrade I noticed that all vulnerability scans have up to 1000 results. There seems to be some kind of limit now, that no more than 1000 results will be displayed. Before we had even 2000 and more results per scan. Do you know, how to change that? Cannot find any options or documentation
  • Since the update to 5.6.5 I noticed that our Nagios monitoring complains about the following error:

    connect to address localhost and port 9391: Connection refused

    anyone else noticed this? the openvas service seems to be running and I was also able to execute a Vuln Scan successfully.
    What could be the problem here?
  • no ideas here?!?!?
    seems like i need to create a case with AlienVault.
  • the way i see it is there was an upgrade of openvas from version 8 to 9, and now it's no longer compatible with the existing certificates.
    however you cannot just run "openvas-mkcert" and all the other commands that you were used to recently....they have now also introduced new commands that are no longer compatible with the previous versions.

    :(
Sign In or Register to comment.