OSSIM
 OSSIM Web Framework |
|
| Developer(s) | AlienVault |
|---|---|
| Stable release | 3.0.0 / September 6, 2011 |
| Operating system | Linux |
| Type | Security / IDS |
| License | GNU General Public License |
| Website | www.alienvault.com |
OSSIM, or the Open Source Security Information Management, is a collection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level visualization interfaces as well as reporting and incident managing tools. The ability to act as an intrusion-prevention system based on correlated information from virtually any source results in a useful security tool. All this information can be filtered by network or sensor in order to provide just the information needed by specific users, allowing for a fine grained multi-user security environment.
[edit] Components
Ossim features the following software components:
- Arpwatch, used for MAC address anomaly detection.
- P0f, used for passive OS detection and OS change analysis.
- Pads, used for service anomaly detection.
- Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
- Snort, used as a Intrusion detection system (IDS), and also used for cross correlation with Nessus.
- Tcptrack, used for session data information which can grant useful information for attack correlation.
- Ntop, which builds an impressive network information database for aberrant behaviour anomaly detection.
- Nagios, used to monitor host and service availability information based on a host asset database.
- Osiris, a Host-based intrusion detection system (HIDS).
- Snare, a log collector for windows systems.
- OSSEC, a host based IDS.
- OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.
[edit] See also
[edit] External links
 |
This software article is a stub. You can help Wikipedia by expanding it. |
