Shulou(Shulou.com)06/01 Report--

Latest-Open Source Visual Security Management platform Ossim5.0 uses Preview

Are you still worrying about installing a log analysis system? Do you still try all kinds of traffic monitoring systems? Are you still spending a lot of money on a vulnerability scanning system? Is your leader still urging you to ask for all kinds of monitoring and analysis reports? When you really use the OSSIM platform, you find that after years of efforts, these systems are nothing more than security islands, passing through the blink of an eye, and the data can not be shared automatically, let alone association analysis. Here are some highlights of open source OSSIM.

Ossim5.0 system, released by Alienvault on April 20, 2015, has been honed for more than a decade since its birth in 2003. it is now a mature open source SIEM product. The following is a screenshot of OSSIM playing a role in intranet monitoring (click on each screenshot to enlarge).

Security situation analysis: the visualization of data is very convenient to show you the data itself and its connotation in a simple and clear graphical way. Ossim gives as many data attributes as possible in a relatively centralized interface.

The essence of network * * visual analysis and * visualization is to make security visible to everyone.

Use Nagios to monitor, set up the process, and get it done with one click.

A quick preview of your assets

Combine with OTX

Vulnerability scanning completed with one click

Keep abreast of global IP reputation through OTX technology, because Alienvault has established a global distributed reputation assessment organization, and the evaluation information comes from:

Reporting mechanism

Regulatory mechanisms (abnormal behavior detection, compliance assessment)

System integrity check

IDS/IPS, honeypot and other systems

Results of active search + content analysis

This shows that the reputation evaluation system he provides is not an isolated system, but a dynamic ecosystem of different partners, which is a task that most enterprises cannot accomplish.

What is demonstrated here is actually a geographical distribution map of the network. Through this map, users can clearly see the IP situation in my brother's area. This method is of great significance for macroscopically grasping the epidemic situation. We can also locate the IP on the map according to the traditional method, mainly from the IP or email attribution of the reporter, carry on the classification and statistics, and then map to the geographic information system to form an active map. OTX is adopted in OSSIM, and the data is more accurate.

Detailed display of asset details (vulnerabilities, alarms, events, availability, services, groups), the purpose of asset management is to identify all types of network equipment, host services and operating systems, application systems, etc., within the information system.

Only with baseline indicators can we analyze the abnormal behavior of the network (this function is unmatched by other monitoring tools).

Visually display network * * categories

The data acquisition and standardization of multi-source heterogeneous equipment is a technical difficulty for most operation and maintenance personnel. However, it is very convenient to implement it through OSSIM Agent, and it is possible to display security events graphically in the monitoring center without user programming. The book "Unix/Linux Network Log Analysis and Traffic Monitoring" mainly designs and implements the flow and field standards of data collection in this module and tests its results.

Alert aggregation-you don't need to learn to focus on a large number of events. OSSIM helps you identify cyber threats.

Through the feature detection technology based on protocol analysis in OSSIM, the discovery of * behavior, whether it is vulnerability exploitation or brute force cracking, will make them have nothing to hide. The core of this detection technology is to establish and maintain a KDB (knowledge base).

Ossec Agent remote deployment is convenient and fast (I want to see the installation video)

Visualization of Netflow to assist network abnormal traffic analysis

Global control of the number of vulnerabilities

Traffic monitoring (note that the Ntop service has been removed in OSSIM versions later than 5.0.4)

Log collection to easily retrieve the log volume of 30+million

Intelligent event analysis

Timely message reminder

Even if you are not DBA, you can complete the system backup with one click!

To generate these screenshots, there is no need for administrators to manually compile, install, configure tedious files, let alone programming, the most important problem is-FREE. Interested friends can consider installing it immediately.

Ossim 5.1upgrade complete video download under command line WebUI upgrade video download

OSSIM 5.0system download address: http://pan.baidu.com/s/1mgEDRKW

Select mixed installation mode, the first item on the menu is Alienvautl OSSIM

Software download:

Download OSSIM 5.2.0 OSSIM 5.1.0 ISO network disk

Improvements to OSSIM 5.1.0

1) added remote system authentication (using device configuration SSH public key and certificate connection AlienVault system root password)

2) × × configure the environment

3) enhanced OTX integration

4) improve host-level visibility of critical assets

5) the extended function of the data source plug-in is further enhanced.

Collect multiple log types from a single asset, such as Syslog and application log. Once the data source plug-in is enabled, search and filter the asset list through the plug-in to ensure that logs are collected for key assets, and quickly identify any asset monitoring gaps.

6) some outdated plug-ins have been deleted

The following plug-ins have been removed from AlienVault USM and OSSIM V5.1. This means that these plug-ins have been removed from the product and will no longer be included in the plug-in update.

Iphone

Forensics-db-1

Malwaredomainlist-monitor

Motion

Nessus-monitor

Ntop-monitor

Snortunified

Osiris

7) updates for custom plug-ins

8) Open source tool references

The OSSIM V5.1 product can better reflect the name update of each open source tool that provides built-in functionality. The following names have been changed in USM and performance.

Nagios to Availability Monitoring

Ossec to AlienVault HIDS

Nmap to Asset Discovery Scan

OpenVAS to Vulnerability Assessment

Suricata to AlienVault NIDS

Kismet to Wireless IDS

Nfsen to Netflow

OCS to Software Inventory

More OSSIM5.1 revelations will be released later.

OK, after reading the above introduction, do you think OSSIM is very powerful, and these high-end icons are dazzling? can you solve the security problems faced by enterprises? Just a bunch of statistical charts can not be regarded as the real sense that SIEM,OSSIM should be used by the enterprise's own security team. This is an automated processing center that integrates resources and processes. Before deploying OSSIM, there is a security team, a certain amount of asset information, a set of information security management process and security event handling process. OSSIM system is not like the firewall, IDS, bought can directly play a specific role.

Video tutorial for getting started with OSSIM: http://edu.51cto.com/course/course_id-1186.html

For the introduction to the basics of OSSIM, you can refer to my new work in 2015.

Attachment: http://down.51cto.com/data/2366384

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.