{"id":576,"date":"2018-09-03T01:23:49","date_gmt":"2018-09-02T22:23:49","guid":{"rendered":"http:\/\/kifarunix.com\/?p=576"},"modified":"2024-03-11T19:47:03","modified_gmt":"2024-03-11T16:47:03","slug":"how-to-add-assets-to-alienvault-ossim-server-for-monitoring","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-add-assets-to-alienvault-ossim-server-for-monitoring\/","title":{"rendered":"Import Assets to AlienVault USM\/OSSIM using a CSV file"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1061\" height=\"590\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/import-assets-on-ossim-using-csv.png\" alt=\"\" class=\"wp-image-16597\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/import-assets-on-ossim-using-csv.png?v=1684009105 1061w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/05\/import-assets-on-ossim-using-csv-768x427.png?v=1684009105 768w\" sizes=\"(max-width: 1061px) 100vw, 1061px\" \/><\/figure>\n\n\n\n<p>In this article, we are going to learn how to import assets to AlienVault USM\/OSSIM using CSV file. The assets in this case refers to hosts, servers, routers, or any other device or endpoint you want to monitor for HIDs, NIDs, file integrity, vulnerability using AlienVault USM\/OSSIM server.<\/p>\n\n\n\n<p>In our previous article, we learned <a href=\"https:\/\/kifarunix.com\/how-to-install-and-configure-alienvault-ossim-5-5-on-virtualbox\/\" target=\"_blank\" rel=\"noopener\">how to install and set up AlienVault OSSIM on VirtualBox<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Importing Assets to AlienVault USM\/OSSIM using a CSV file<\/h2>\n\n\n\n<p>There are a number of ways in which assets can be imported to AlienVault server for monitoring. Some of the common ways include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using the Getting Started Wizard<\/li>\n\n\n\n<li>Scanning for new Assets<\/li>\n\n\n\n<li>Importing a CSV File<\/li>\n\n\n\n<li>Using SIEM Events<\/li>\n\n\n\n<li>Adding assets manually<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Create Asset CSV File<\/h3>\n\n\n\n<p>In this article, we are going to learn how to imports assets using a CSV file. To achieve this, you need to create a CSV file containing a list of assets to be imported into the SIEM in the following format.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><span class=\"hljs-string\">\"IPs\"<\/span>;<span class=\"hljs-string\">\"Hostname\"<\/span>;<span class=\"hljs-string\">\"FQDNs\"<\/span>;<span class=\"hljs-string\">\"Description\"<\/span>;<span class=\"hljs-string\">\"Asset Value\"<\/span>;<span class=\"hljs-string\">\"Operating System\"<\/span>;<span class=\"hljs-string\">\"Latitude\"<\/span>;<span class=\"hljs-string\">\"Longitude\"<\/span>;<span class=\"hljs-string\">\"Host ID\"<\/span>;<span class=\"hljs-string\">\"External Asset\"<\/span>;<span class=\"hljs-string\">\"Device Type\"<\/span><\/code><\/pre>\n\n\n\n<p>Where:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IP(s)<\/strong> is the IP of the host\/server. If an asset has multiple IPs, seperate them with comma(,) eg 192.169.34.12 or 192.168.34.13,192.168.33.13.<\/li>\n\n\n\n<li><strong>Hostname<\/strong> is the short hostname (without domain part) eg server1<\/li>\n\n\n\n<li><strong>FQDN<\/strong> is the fully qualified domain name of the asset eg server1.example.com<\/li>\n\n\n\n<li><strong>Operating System<\/strong> is the OS the system is running eg Windows, Linux, AIX, HP-UX<\/li>\n\n\n\n<li><strong>Asset Value<\/strong> defines the criticality of a system with the highrdt being 5 and lowest being 1. The default asset value is 2.<\/li>\n\n\n\n<li><strong>Latitude<\/strong> and <strong>Longitude<\/strong> defines the location of the asset<\/li>\n\n\n\n<li><strong>Asset ID<\/strong> defines the identity number of a device if it has one.<\/li>\n\n\n\n<li><strong>External Asset<\/strong> defines whether your asset resides outside your environment.<\/li>\n\n\n\n<li><strong>Device Type<\/strong> defines the type of the asset like a router, firewall, linux server, etc.<\/li>\n<\/ul>\n\n\n\n<p>Note the <strong>Delimiter<\/strong> is semi-colon(<strong>;<\/strong>)<\/p>\n\n\n\n<p>Create a csv file with containing details of your assets and save in a convenient directory. For example, in my case, <strong>myassets.csv<\/strong>.<\/p>\n\n\n\n<p>Based on the format above, <strong>myassets.csv<\/strong> file will look like;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n\"IPs\";\"Hostname\";\"FQDNs\";\"Description\";\"Asset Value\";\"Operating System\";\"Latitude\";\"Longitude\";\"Host ID\";\"External Asset\";\"Device Type\"\n\"172.16.30.5\";\"crsav01 \";\"crsav01.example.com \";\"McAfee\";\"5\";\"CentOS 7\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.78\";\"cheat01 \";\"cheat01.example.com \";\"HEAT\";\"3\";\"CentOS 7\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.7\";\"csrva01 \";\"csrva01.example.com \";\"Nexpose\";\"3\";\"CentOS 7\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.0.13\";\"drserver\";\"drserver.example.com\";\"\";\"3\";\"CentOS 7\";\"\";\"\";\"\";\"\";\"\"\n\"10.1.0.13\";\"Cisco WSA S190_1\";\"\";\"Web Security Appliance\";\"5\";\"Cisco IOS\";\"\";\"\";\"\";\"\";\"\"\n\"10.2.1.4\";\"Cisco ESA S190_1\";\"\";\"Email Security Appliance\";\"5\";\"Cisco IOS\";\"\";\"\";\"\";\"\";\"\"\n\"10.0.0.1\";\"Cisco ASA 5515\";\"\";\"Firewall \";\"5\";\"Cisco IOS\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.22\";\"cfcas01\";\"cfcas01.example.com\";\"PR APPS Server\";\"5\";\"HP-UNIX\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.42\";\"cfdc1\";\"cfdc1.example.com\";\"PR Dc Server\";\"5\";\"HP-UNIX\";\"\";\"\";\"\";\"\";\"\"\n\"192.168.57.22\";\"cfcas02\";\"cfcas02.example.com\";\"DR APPS Server\";\"5\";\"HP-UNIX\";\"\";\"\";\"\";\"\";\"\"\n\"192.168.57.23\";\"cfdc2\";\"cfdc2.example.com\";\"DR Dc Server\";\"5\";\"HP-UNIX\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.60\";\"crsrp01 \";\"crsrp01.example.com \";\"Printer Server\";\"3\";\"RedHat 7\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.66\";\"crsvc01 \";\"crsvc01.example.com \";\"File backups Server\";\"3\";\"RedHat 7\";\"\";\"\";\"\";\"\";\"\"\n\"192.168.56.112\";\"winsrv01\";\"winsrv01.example.com\";\"Windows Server 01\";\"3\";\"Windows 2008\";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.1\";\"caddc01 \";\"caddc01.example.com \";\"AD Domain Controller\";\"5\";\"Windows 2008 \";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.2\";\"caddc02 \";\"caddc02.example.com \";\"AD Domain Controller backup\";\"3\";\"Windows 2008 \";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.3\";\"cexms01 \";\"cexms01.example.com \";\"Exchange\";\"5\";\"Windows 2008 \";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.75\";\"crsst01 \";\"crsst01.example.com \";\"File Server\";\"5\";\"Windows 2008 \";\"\";\"\";\"\";\"\";\"\"\n\"172.16.30.67\";\"cotrs01 \";\"cotrs01.example.com \";\"Service Desk\";\"3\";\"Windows 2008 \";\"\";\"\";\"\";\"\";\"\"\n\"192.168.82.75\";\"crsst02 \";\"crsst02.example.com \";\"Backup Server\";\"3\";\"Windows 2008 \";\"\";\"\";\"\";\"\";\"\"\n<\/code><\/pre>\n\n\n\n<p>To easily make a CSV file in the above format, step through the following;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Put the assets on excel sheet in the format stated above. See the screen-shot below.<\/li>\n<\/ul>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/sample-assets.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1431\" height=\"446\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/sample-assets.png\" alt=\"Import Assets to AlienVault USM\/OSSIM using a CSV file\" class=\"wp-image-577\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/sample-assets.png 1431w, https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/sample-assets-768x239.png 768w\" sizes=\"(max-width: 1431px) 100vw, 1431px\" \/><\/figure><\/a><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save the file as CSV and before you save, at least on <strong>LibreOffice, <\/strong>click on &#8220;<strong>Edit filter settings<\/strong>&#8221; so that you can get an option to save the file as <strong>semi-colon<\/strong> delimited. This also gives us an option to quote all text cells but if the cell is empty, it won&#8217;t quote and thus to overcome this, we can employ the use of stream editor command to do some substitutions as shown below.<\/li>\n\n\n\n<li>Once you have saved the assets list, run the following command to quote each field and make necessary substitutions<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -e 's\/;\/\";\"\/g' -e 's\/^\\|$\/\"\/g' assets-list.csv &gt; myassets.csv<\/code><\/pre>\n\n\n\n<p>This generates the above asset-list. The procedure may not be efficient as such but at least it saved the day for me. If you know any automated way of generating such a csv file, feel free to educate me as well, thank you.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Importing Assets using a CSV file<\/h3>\n\n\n\n<p>Now that is done, it is time to import assets to AlienVault USM\/OSSIM using CSV file;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Navigate to <strong>OSSIM web dashboard &gt; Environment &gt; Assets &amp; Groups &gt; Assets<\/strong>.<\/li>\n\n\n\n<li>On the upper right-hand corner, click <strong>Add Assets &gt; Import CSV<\/strong>.<\/li>\n\n\n\n<li>Under <strong>Choose File<\/strong> click <em>Browse\u2026<\/em> to select your csv file. In case your hostnames contain special characters, you can ignore them by selecting the square box besides the line \u201c<strong>Ignore invalid characters (Hostnames)<\/strong>\u201d.<\/li>\n\n\n\n<li>Once you have selected you asset list csv file, click <strong>IMPORT<\/strong> to onboard your assets to OSSIM server.<\/li>\n\n\n\n<li>If the format used in the CSV is correct, import will be successful and you will see the number of errors and warnings that occurred during the import. The screen-shot below shows part of the output.<\/li>\n<\/ul>\n\n\n\n<div><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/import-assets.png\" class=\"td-modal-image\"><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1141\" height=\"664\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/import-assets.png\" alt=\"Import Assets to AlienVault USM\/OSSIM using a CSV file\" class=\"wp-image-581\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/import-assets.png 1141w, https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/09\/import-assets-768x447.png 768w\" sizes=\"(max-width: 1141px) 100vw, 1141px\" \/><\/figure><\/a><\/div>\n\n\n\n<p>Assests imported successfully.<\/p>\n\n\n\n<p>That is all about how to import assets to AlienVault USM\/OSSIM using CSV file. Feel free to explore the other methods stated above.<\/p>\n\n\n\n<p>In our next article, we will learn how to install and setup OSSEC agents <a href=\"http:\/\/kifarunix.com\/how-to-install-and-configure-ossec-agent-on-linux-host\/\">Linux<\/a> and <a href=\"http:\/\/kifarunix.com\/how-to-install-and-configure-alienvault-hids-agent-on-a-windows-host\/\" target=\"_blank\" rel=\"noopener\">Windows<\/a> Systems.<\/p>\n\n\n\n<p>Reference:<br><a href=\"https:\/\/www.alienvault.com\/documentation\/usm-appliance\/asset-management\/adding-assets.htm\" target=\"_blank\" rel=\"noopener\">Adding Assets in AlienVault USM Appliance<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article, we are going to learn how to import assets to AlienVault USM\/OSSIM using CSV file. The assets in this case refers to<\/p>\n","protected":false},"author":1,"featured_media":16597,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,103,121,72,42],"tags":[104,116,6673,6672,105,6671],"class_list":["post-576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-alienvault","category-howtos","category-monitoring","category-siem","tag-alienvault","tag-assets","tag-import-assets-to-alienvault-usm-ossim-using-a-csv-file","tag-imports-assets-using-csv-on-alienvault","tag-ossim","tag-ossim-imports-asset-using-csv","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/576"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=576"}],"version-history":[{"count":11,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/576\/revisions"}],"predecessor-version":[{"id":21002,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/576\/revisions\/21002"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/16597"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}