On Tuesday, November 27th, 2018, AlienVault released a Plugin update for USM Appliance. An installation of a MySQL package created a situation where some customers who updated to this version of Threat Intelligence will not be able to update to future versions of AlienVault Threat Intelligence. If you are affected, no other functionality has been degraded on your USM Appliance deployment and a reboot of the sensor will fully restore update abilities.
What We Have Done
On Wednesday, November 28th, AlienVault released a subsequent Threat Intelligence Update that no longer attempted the package installation. As a result, customers who updated to v1002-21 or later were unaffected.
What You Should Do
If you believe that you may have attempted a Threat Intelligence Update to the affected version, you should verify your current version of Threat Intelligence. Login to your USM Appliance and navigate to:
AlienVault Components Information, System Detail (the “magnifying glass” icon)
Check version number for “alienvault-plugins” (you are affected if your current version is v1002-19)
If you are affected, a reboot of the sensor will resolve the issue. Access the AlienVault Setup Menu via an ssh client and select, “Option 6: Reboot Appliance.”
How to Get Help
If you need any help to better understand if you’re affected or to reboot your sensor(s), please contact us at [email protected]