AL I E N V A U LT ® USM ™ T R I A L

DE P L O Y M E N T CH E C K L I ST

Background
Thank you for your interest in AlienVault. This checklist will help to ensure a quick and easy deployment of your USM Free Trial.
Please have all of the below steps completed before your scheduled setup call. Please notify your AlienVault sales representative if
you are unable to complete these steps prior to the scheduled call.

Scope
For trials we leverage our USM All-In-One (AIO) virtual appliance, which is our entry-level appliance. The scope, therefore, needs to
be limited as we do not want to overload the AIO. This is especially important when deploying into larger environments. Ideally we
will limit the Events Per Second (EPS) to no more than 600 for a trial and limit the mirror / SPAN port traffic to no more than 100 Mbps.
Overloading the AIO will cause performance issues and will impact your ability to properly evaluate the appliance.

Pre-Deployment Checklist for AlienVault USM Trials

1. VMware Host1 with the following resources available for USM:
a. At least 8 cores
b. 16GB RAM
c. 1TB disk space OR select “thin provision” when deploying the OVA template (5GB)
d. Spare NIC for mirror or SPAN port configuration (Networks IDS)
2. AlienVault USM OVA deployed with the management interface configured. Please stop at the Getting Started Wizard (do not
begin the wizard).
a. Register for a Free Trial. Please note that your email address is your license
b. Download the OVA template
c. Deploy the OVA template. Please select “thin provisioning” if you do not have 1TB of disk space available
d. Power on the VM and configure the management interface (eth0) with an IP, subnet mask, gateway and DNS. Stop at the
login, below:

e. Activate the trial license using your email address (access the USM IP via a browser to complete the activation)

f. Once activated, please create the administrator account, login and then wait at the USM Getting Started Wizard. We will
begin here during the scheduled setup call
1 AlienVault USM trials are only supported on VMware environments (4.x and higher).

www.alienvault.com
 AL I E N V A U L T U S M T RIAL DE P L O YM E N T C H E C K L I S T

3. Sign up for the Open Threat Exchange (OTX)™. Leverage Pulses from the AlienVault Labs Team from day one.

a. Click on the signup link

b. When the registration process is complete, please note your OTX Key under Settings (e.g.
96b626f6d62d1938530cc6fba30349e7101f9dfae8f6e11d...)
4. Forward syslog to the USM IP from one of your firewalls2.

a. Setup USM as a syslog server on your firewall

b. Use port 514, UDP (typically the default)
c. Use “Informational” level of syslog (or equivalent)
5. Configure a mirror or SPAN port for NIDS, typically the inside interface on the firewall, ingress
and egress traffic.

a. This is where we will leverage the spare NIC on the VMware host. The goal at
this point is to have the traffic available to the USM VM via the VMware Host
6. Identify the networks that contain the assets you are interested in monitoring (CIDR
notation, e.g. 192.168.1.0/24). Typically, we will want to limit the networks to around 3
subnets, depending on the environment. We will be entering these networks as part of the
USM configuration

7. Please install the full-feature GoToMeeting desktop software onto your laptop or other computer that will be used during the
scheduled calls. This will allow us to leverage shared keyboard/mouse control.

a. Download the GoToMeeting desktop software here and install prior to our setup call
8. Be prepared to deploy a lightweight Host IDS (HIDS) agent to your domain controller and other critical servers. We will need:

a. IP addresses of the domain controller(s) and other critical servers

b. Domain credentials for the remote install (we do not store the credentials)
9. Be prepared to run an authenticated vulnerability scan against at least one asset. For the trial setup, this is usually your own
laptop or other device.

a. IP address of target machine

10. Think about success criteria for proving out USM in your environment. Ideally we would like to show a “tech win” within 3 calls
involving an AlienVault Sales Engineer.

a. For example, custom reporting on account lockouts; File Integrity Monitoring (FIM); Alarm notification (or other event
notification), etc.

We appreciate your time and effort and look forward to a successful evaluation of USM!

FAQ
1. Can I deploy the USM Trial to hypervisor environments other than VMware, like Hyper-V?
a. Unfortunately, no. Only VMware is supported at this time
2. Where can I find AlienVault USM documentation?

a. For setup specific documentation, use the following link

b. Please access general USM documentation here

2 Please keep in mind that large enterprise firewalls will produce substantial EPS and
select accordingly (per the Scope section above).

8/26/2016 www.alienvault.com