Professional Documents
Culture Documents
COMMUNICATE
TCP/IP Connections Between
OSSIM/USM Components
CORE ALIENVAULT COMPONENTS
SERVER HOST SENSOR HOST
• Server • Agent
• Web Framework • Vulnerability Scanner
• Database • Log Collection
• Identity Management
• Vulnerability Management
REFERENCE: OPEN SERVER PORTS
An AlienVault Server will have the following ports listening for incoming connections
TCP/22 – SSH – Secure Shell Management Service
TCP/443 – HTTPS – Web UI
TCP/40001 – alienvault-server - the core server process
TCP/40002 - alienvault-idm –identity management process
TCP/40003 - alienvault-frameworkd – web UI process
TCP/40004 – forwarder – log forwarding (server to server)
TCP/40005 – machete – AlienVault Smart Event Collection service (USM Only)
TCP/40006 – mixterd – AlienVault Smart Event Collection service (USM Only)
TCP/40007 - alienvault-center – Server and Sensor status monitoring
TCP/40008 - alienvault-idm – identify management process
UDP/514 – rsyslog – syslog collection service
UDP/1514 – ossec – OSSEC agent management service
REFERENCE: OPEN SENSOR PORTS
An AlienVault Sensor will have the following ports listening for incoming connections
NETWORK VISIBILITY
AlienVault Sensors require visibility to network traffic for monitoring
functions . Usually via a SPAN port on a network switch.
Active scanning for asset and vulnerability detection will require
uninhibited network access from the Sensor to achieve accurate
results.
NETFLOW COLLECTION
Netflow Collection – from AlienVault Sensors or third party devices – will require an additional
UDP port on the AlienVault Server.
This port is configured when activating NetFlow on the Sensor (or when creating a dummy
sensor to collect netflow data from a third party source.
Each device will be configured to transmit on a different port, and thus each device will
require a separate UDP port listening on the Server.
By default, these ports are assigned from UDP Port 12000 and upwards.