AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), is an open source SIEM solution to collect, normalize and correlate security events. Open Source SIEM (AlienVault OSSIM) addresses this reality by providing one unified platform with many of the essential security capabilities such as:
- Asset discovery
- Vulnerability assessment
- Intrusion detection
- Behavioral monitoring
- SIEM event correlation
AlienVault OSSIM leverages the power of the AlienVault® Open Threat Exchange® (OTX™) by allowing users to both contribute and receive real-time information about malicious hosts.
AlienVault provides another commercial software with more advanced functionality, AlienVault USM Anywhereâ„¢, which provides unified essential security controls and continuous threat intelligence to IT security teams with limited resources. AlienVault USM Anywhere offers:
- Centralized threat detection and incident response across cloud environments, on-premises infrastructure, and cloud apps
- Log management for continuous compliance and forensics investigations
- Advanced threat detection with real-time, prioritized alarms and minimal false positives
- Continuous threat intelligence updates from AlienVault Labs Security Research team so you always stay up to date with emerging threats
- Pre-built compliance reports for PCI DSS, HIPAA, NIST CSF, and more
In this post, the procedures for downloading, installing, and configuration OSSIM have been recorded and listed below:
Download
Download URL:Â https://cybersecurity.att.com/products/ossim/downloadOr direct download URL:Â https://dlcdn.alienvault.com/AlienVault_OSSIM_64bits.iso
It is about 728 MB file.Â
Installation
It can be installed into Hyper-V or VMWare environment. Both are working well. It needs at least 4G RAM to run it well. If you have more, that would be better. If you would like to monitor network traffic using stap or SPAN port, you will need to add one more network interface.ÂAfter you set up network static ip configuration, network mask, gateway, name server, system will install all basic core components and software. It will take 30 minutes to an hour to get it completed depends on how fast is your system.
Configuration
Dashboard:
YouTube Videos
Basic Configuration for Alien Vault OSSIM Integrating with Sophos UTM
No comments:
Post a Comment