• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

AlienVault v5.6.6 Functional Release

SkylarTalleySkylarTalley

AlienVault Employee
+12
As of Tuesday, November 13, 2018, AlienVault USM Appliance and OSSIM v5.6.6 are now generally available for all users on v5.6. Users can update their system(s) through the console or web UI (see upgrade instructions for more information).

Please take a few minutes to carefully read these release notes before upgrading.

If you are on v5.5.x or earlier versions of USM Appliance - v5.6.6 is a forked release and does not apply to you. No v5.6.6 update will be available in the web UI or console of your USM Appliance. On November 6th, AlienVault released v5.6.5 (see release notes here) for all customers on v5.5.x or earlier versions of USM Appliance. In December, we will release v5.7 to all customers.

If you are on v5.6 of USM Appliance - This release will patch vulnerabilities, update vulnerability scanning to resolve defects, and fix a bug that prevents email actions from working correctly. If you would like to update your system at this time, please see below for an overview of the options available to you.


Option 1 (Recommended): Open a case with AlienVault Technical Support so that a Technical Support Engineer can assist you with performing a configuration backup and restore process to update your USM Appliance to v5.6.5 instead of updating to v5.6.6. Please note, this process will require Technical Support’s supervision as it is materially different than a normal configuration backup and restore.
Implications: This process will patch vulnerabilities, update vulnerability scanning to resolve defects, fix a bug that prevents email actions from working correctly, and revert the changes to the AlienVault SIEM databases as part of the v5.6 update. All raw logs, system profile, network configuration, inventory data, policies, plugins, correlation directives, and other basic settings will be migrated to a fresh install of v5.6.5. Event and alarm data will not be migrated from your v5.6 USM Appliance.

Option 2: Update your USM Appliance to v5.6.6 and, at a later date, open a case with AlienVault Technical Support so that a Technical Support Engineer can assist you with performing a configuration backup and restore process to migrate your USM Appliance from v5.6.6 to v5.6.5. Please note, this process will require Technical Support’s supervision as it is materially different than a normal configuration backup and restore.
Implications: The v5.6.6 update will patch vulnerabilities, update vulnerability scanning to resolve defects, and fix a bug that prevents email actions from working correctly. The configuration backup and restore process will revert the changes made to the AlienVault SIEM databases as part of the v5.6 update. All raw logs, system profile, network configuration, inventory data, policies, plugins, correlation directives, and other basic settings will be migrated to a fresh install of v5.6.5. Event and alarm data will not be migrated from your v5.6.6 USM Appliance. 

Option 3: Update your USM Appliance to v5.6.6 and then update to v5.7 when it becomes generally available in December.
Implications: The v5.6.6 update will patch vulnerabilities, update vulnerability scanning to resolve defects, and fix a bug that prevents email actions from working correctly. The v5.7 update will include a reversal of the changes to the AlienVault SIEM databases made as part of the v5.6 update. In addition, you will have an option to migrate security event data from v5.6.6 to v5.7 after the update is complete. Please be advised that based on the v5.6 update experience and internal testing, we believe some customers may experience significant downtime as a result of the aforementioned database changes and event migration taking many hours to complete.

Additional information on the options available for affected customers will be sent in the coming weeks as we finalize the v5.7 release schedule. If you need any help with the upgrade or have any questions or concerns, please contact us at https://success.AlienVault.com

Please see the Security Advisory for USM Appliance and OSSIM v5.6.6 for detailed information regarding vulnerabilities patched in this release.


Share post:

Comments

  • Hi All,

    I tried to update my AV AIO from version 5.6.0 to 5.6.6 using WebUI, but unfortunately the update ended with the following errors:

    E: Problem renaming the file /var/cache/apt/pkgcache.bin.X1ztBR to /var/cache/apt/pkgcache.bin - rename (2: No such file or directory)
    W: You may want to run apt-get update to correct these problems 
    + for package in ""${apache_packages [@]}" 
    + dpkg -s libapache2-mod-per12 + apt-mark auto libapache2-mod-per12 libapache2-mod-per12 was already set to automatically installed. 
    + apt-get autoremove -V -Y --assume-yes 
    E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) 
    E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? 
    + return 31 
    ##### Procedure mark_autopurge exited with code: 31 #####
  • I'm not really happy with any of these options.

    Are we able to just wait and upgrade from 5.6.0 straight to 5.7 when it is released or do we have to go to 5.6.5 or 5.6.6 first?

    If a remote sensor (ie doesn't hold the SIEM) on it is on 5.6.0, do we have to go through all of the backup processes?
    Daniil
  • I am currently on 5.5.1, and was about ready to upgrade to 5.6.5.  However, this morning, I noticed that Patch 5.6.6 is what is waiting to be installed.  Is this okay to install it as I am on 5.5.1 currently?  The release notes say that  5.6.6 does not apply, but I no longer have 5.6.5.  What do I do in this situation? 

    Thanks,
    Dan
    craig33
  • So, the database fix that brings back event details will be available with v5.7 in December? 
    Will there be any migration instructions for OSSIM users? We do have both OSSIM and USM and I don't want to trigger issues in USM to fix my OSSIM instance. 


  • I was on v5.6, after update the ossim to v5.6.6 , the vulnerability  scannning just stopped. i tried to restart "openvas-manager" but it's not worked. What kind of database problem is?
     
    informing the following:

    "Unable to connect to vulnerability scanner. If the system has been updated recently the vulnerability scanner is rebuilding its database. Please wait a few minutes."
  • Im on 5.5.1 and I am also being prompted to install 5.6.6 in the web UI.

    Is there a thread somewhere where issues with these upgrades are being tracked and commented on? I couldnt find any new threads in the forums.
  • After update my scans are now limited to max 1000 results, if there are more findings, they are not displayed. This might be some openvas-alienvault integration issue. Do other have the same issue and is there a configuration option to tune?
  • For those who might have similar issue, running this command on scanner helped me: 







    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px 'Andale Mono'; color: #00fe3d; background-color: #000000; background-color: rgba(0, 0, 0, 0.9)}
    span.s1 {font-variant-ligatures: no-common-ligatures}

    openvasmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b --value 2500


    This sets openvas manager max rows per page from default 1000 to 2500. Didn't see any configuration option for this on alienvault side, maybe it will be fixed with future release. 
  • Hi AV team!
    I've already updated my OSSIM to 5.7.1 but can't find any release notes for it. Are you going to post it on the forum?
    micsnare
Sign In or Register to comment.