OSSIM: Difference between revisions
m changing the website link to point to the OSSIM community page instead of the commercial AlienVault page |
m changed the in cident management tools link to point to an existing article instead |
||
Line 16: | Line 16: | ||
'''OSSIM''' (Open Source Security Information Management) by AlienVault is an open source '''Security Information and Event Management''' ([[SIEM]]), comprising a collection of tools designed to aid [[network administrator]]s in [[computer security]], [[intrusion detection]] and [[intrusion prevention|prevention]]. |
'''OSSIM''' (Open Source Security Information Management) by AlienVault is an open source '''Security Information and Event Management''' ([[SIEM]]), comprising a collection of tools designed to aid [[network administrator]]s in [[computer security]], [[intrusion detection]] and [[intrusion prevention|prevention]]. |
||
The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level [[visualization interface]]s as well as reporting and [[incident |
The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level [[visualization interface]]s as well as reporting and [[Computer_security_incident_management|incident management tools]]. The ability to act as an [[intrusion-prevention system]] based on correlated information from virtually any source results in a useful security tool. All this information can be filtered by network or sensor in order to provide just the information needed by specific users, allowing for a [[fine-grained]] multi-user security environment. |
||
== Components == |
== Components == |
Revision as of 18:09, 26 June 2013
screenshot = | |
Developer(s) | AlienVault |
---|---|
Stable release | 4.2.3
/ June 5, 2013 |
Operating system | Linux |
Type | Security / IDS |
License | GNU General Public License |
Website | communities.alienvault.com |
OSSIM (Open Source Security Information Management) by AlienVault is an open source Security Information and Event Management (SIEM), comprising a collection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level visualization interfaces as well as reporting and incident management tools. The ability to act as an intrusion-prevention system based on correlated information from virtually any source results in a useful security tool. All this information can be filtered by network or sensor in order to provide just the information needed by specific users, allowing for a fine-grained multi-user security environment.
Components
Ossim features the following software components:
- Arpwatch, used for MAC address anomaly detection.
- P0f, used for passive OS detection and OS change analysis.
- Pads, used for service anomaly detection.
- Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
- Snort, used as an Intrusion detection system (IDS), and also used for cross correlation with Nessus.
- Tcptrack, used for session data information which can grant useful information for attack correlation.
- Ntop, which builds an impressive network information database for aberrant behaviour anomaly detection.
- Nagios, used to monitor host and service availability information based on a host asset database.
- Osiris, a Host-based intrusion detection system (HIDS).
- Snare, a log collector for windows systems.
- OSSEC, a Host-based intrusion detection system (HIDS).
- OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.
See also
External links