OSSIM Open Source Security Information Management is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security , intrusion detection and prevention. The project has approximately 7. Information about this release and past versions can be found here As a SIEM system, OSSIM is intended to give security analysts and administrators a more complete view of all the security-related aspects of their system, by combining log management which can be extended with plugins and asset management and discovery with information from dedicated information security controls and detection systems. This information is then correlated together to create contexts to the information not visible from one piece alone. Alarm and availability views along with reporting capabilities are provided to enhance the capabilities of the tool and its utility to the security and systems engineers. OSSIM performs these functions using other well-known  open-source software security components, unifying them under a single browser-based user interface.
|Published (Last):||24 August 2010|
|PDF File Size:||4.25 Mb|
|ePub File Size:||4.70 Mb|
|Price:||Free* [*Free Regsitration Required]|
It comes enriched with features like event collection, normalization and correlation. What crosses your mind when we talk about event collection, normalization and correlation? Let us put this in black and white: Event collection: AlienVault has the ability to collect logs from various sources in your environment, host servers and systems, applications running on servers, network devices, such as firewalls and routers, name them endpoints in your environment.
Event normalization: The attributes of the collected logs are extracted and stored in the common data fields hat define an event such as IP addresses, hostnames, usernames, interfac- names, ports, programs etc. This allows analysts to run queries across collected events for better and quicker analysis.
Event correlation: This involves analyzing relationships between the collected events to identify the pattern of events. It also leverages the power of the AlienVault Open Threat Exchange OTX , the open threat intelligence community delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source.
In our environment, we will be installing our siem on VirtualBox. Assign a memory of 8GB 3. Assign a storage of 30GB and click create button to create a VM 4. Launch the installation. On the next steps, choose the appropriate language, location and keyboard settings. On configure Network, select the first interface as the primary network interface the NATed interface. On the sub-sequent configurations, assign appropriate IPv4 address, the netmask, the gateway, and the DNS.
In this case, assign the default NAT network details as Once the network is set up, configure users and passwords.
If the Installation is successful, you should be able to see a screen similar to the one shown below. To do this, login to the SIEM as root with the password set previously. Once you login, AlienVault Setup Menu welcomes you. Once the changes are applied, we need to configure the NAT IP address on first interface so we can be able to get to external network from AV.
Create an admin account on the Welcome page by filling in all the fields. Click Start Using AlienVault. This takes you to login screen as shown below.
How to install and configure AlienVault OSSIM 5.5 on VirtualBox
Affordable pricing to fit every budget