Two NICs (You can have multiple NICs for Management, Network Monitoring or Log Collection and Scanning).Since this is just a demonstration, the minimum system requirements are: In our environment, we will be installing our siem on VirtualBox. Without much theory, let’s get to installation of OSSIM. It also leverages the power of the AlienVault Open Threat Exchange (OTX), the open threat intelligence community delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OSSIM provides a unified platform that bundles together security capabilities such as Asset discovery, Host Intrusion Detection, Network Intrusion Detection, Behavioral monitoring, Asset Discovery, Vulnerability Assessment, Log management. Event correlation: This involves analyzing relationships between the collected events to identify the pattern of events.This allows analysts to run queries across collected events for better and quicker analysis. Event normalization: The attributes of the collected logs are extracted and stored in the common data fields hat define an event such as IP addresses, hostnames, usernames, interfac- names, ports, programs etc.Event collection: AlienVault has the ability to collect logs from various sources in your environment, host servers and systems, applications running on servers, network devices, such as firewalls and routers, name them endpoints in your environment.What crosses your mind when we talk about event collection, normalization and correlation? Let us put this in black and white: It comes enriched with features like event collection, normalization and correlation.
AlienVault OSSIM is the open source version of AlienVault SIEM. Well, AlienVault is one of the leading SIEM solutions. If you are a Blue Team security analyst, in one way or another you must have heard of or interact with not one, not two SIEM (Security Information and Event Management) solutions. In this tutorial, we are going to learn how to install and set up AlienVault OSSIM 5.5 SIEM on VirtualBox.
0 kommentar(er)
