AlienVault Installation and Configuration - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Wednesday, November 25, 2020

AlienVault Installation and Configuration

 AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), is an open source SIEM solution to collect, normalize and correlate security events. Open Source SIEM (AlienVault OSSIM) addresses this reality by providing one unified platform with many of the essential security capabilities such as:

  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • SIEM event correlation

AlienVault OSSIM leverages the power of the AlienVault® Open Threat Exchange® (OTX™) by allowing users to both contribute and receive real-time information about malicious hosts.

AlienVault provides another commercial software with more advanced functionality, AlienVault USM Anywhereâ„¢, which provides unified essential security controls and continuous threat intelligence to IT security teams with limited resources. AlienVault USM Anywhere offers:

  • Centralized threat detection and incident response across cloud environments, on-premises infrastructure, and cloud apps
  • Log management for continuous compliance and forensics investigations
  • Advanced threat detection with real-time, prioritized alarms and minimal false positives
  • Continuous threat intelligence updates from AlienVault Labs Security Research team so you always stay up to date with emerging threats
  • Pre-built compliance reports for PCI DSS, HIPAA, NIST CSF, and more

In this post, the procedures for downloading, installing, and configuration OSSIM have been recorded and listed below:



Download

Download URL: https://cybersecurity.att.com/products/ossim/download

Or direct download URL: https://dlcdn.alienvault.com/AlienVault_OSSIM_64bits.iso

It is about 728 MB file. 

Installation

It can be installed into Hyper-V or VMWare environment. Both are working well. It needs at least 4G RAM to run it well. If you have more, that would be better. If you would like to monitor network traffic using stap or SPAN port, you will need to add one more network interface. 







After you set up network static ip configuration, network mask, gateway, name server, system will install all basic core components and software. It will take 30 minutes to an hour to get it completed depends on how fast is your system.



Configuration


After installation completed, you will get a log in URL in console:



First time to access AlienVault, you will have to set up admin user information including password and email. After that, the password for admin will be used to log in web GUI. Same password for root will be used to log in from command line. 




It will prompt you a AlienVault OSSIM Getting Started Wizard from Web GUI once you used admin account logged in.

You can have multiple interfaces for different purposes such as management, Network Monitoring, Log Collection & Scanning. 






You can have an option to deploy HIDS to servers found from previous asset scans. It supports windows and linux.

If there is any network devices found in asset scanning, we can enable data source plugin for each device. 


Last step is to join OTX , Open Threat Exchange , the world's first truly open threat intelligence community. You will need a OTX key to sign in.


After registered a free account in https://otx.alienvault.com, you will get a free OTX key to connect your AlienVault OSSIM to OTX. 


Dashboard:






YouTube Videos

Install AT&T Alien Vault OSSIM in VMWare Workstation


Basic Configuration for Alien Vault OSSIM Integrating with Sophos UTM





References













No comments:

Post a Comment