#alienvault #ossim #siem

When you buy your license for an virtual Alienvault USM appliance, you get a download link for a VMware OVA image. If you don’t have a VMware environment, there is fortunately an easy way to convert the image to KVM:

First we unpack the .ova container format:

tar xvf VMWARE-AlienVault_USM_All-in-One*.ova

This will unpack a folder which you then have to enter and convert the image to KVM:

# cd VMWARE-* && qemu-img convert -O qcow2 VMWARE-AlienVault_USM_All-in-One*.vmdk Alienvault_USM.qcow2

You then just have to create a KVM instance with that qcow2 image.