Alienvault's community edition SIEM
OSSIM is Alienvault's community edition SIEM, a unified front end tool for dozens of point security solutions including Snort, OSSEC, OpenVAS.
Questions tagged [ossim]
11 questions
3
votes
2 answers
OSSIM - Snort/OSSEC/Nagios Logging Config Question
Quick n00b OSSIM question. I've looked around but haven't found exactly what I'm looking for. I currently have a Nagios, OSSEC, Nessus, and Snort server and I want to keep those servers active but just ship the logs to the OSSIM server and have it…
user15736
3
votes
1 answer
OSSIM In Production Environment
I am trying to get some real-world feedback on OSSIM.
Are you using OSSIM in production?
If so, what has your overall experiance been?
How many nodes are in your enviroment?
Finally, what kind of bandwidth are you monitoring?
Thanks!
Anapologetos
Josh Brower
- 1,659
- 3
- 18
- 29
2
votes
1 answer
OSSEC agent linked to OSSIM server
I installed OSSIM server on a VM and have tried to link a OSSEC agent to it. I have been able to link and install a HIDS on the client and have it communicate ok to the OSSIM server.
However, in the ENVIRONMENT -> DETECTION section, I cannot get…
user92592
- 125
- 5
2
votes
1 answer
How to send NAGIOS alerts to OSSIM server
I've installed an OSSIM server and I wanto to retrieve the alerts generated by a remote Nagios server in order to analyze them and perform correlation of security events.
Before putting hands on it, I would like to know what the right approach…
pAkY88
- 201
- 4
- 10
1
vote
1 answer
Ossim setup in AWS
I have setup OSSIM in my virtual box and its working fine.
I tried to setup OSSIM in AWS cloud, but Alienvault stopped AMI for new customers.
How you are doing this for PCI-DSS as we are SME prefer to go with opensource for log and file integrity…
Thinakaran Chelliah
- 11
- 4
1
vote
3 answers
How to configure sensor rules in OSSIM
we've recently moved our NIDS installation from StrataGuard to the new OSSIM 2.1 release to take advantage of the additional features (Nagios, ntop, Nessus/OpenVas, etc.) it provides in addition to just Snort. So far, I'm very impressed with OSSIM…
nedm
- 5,610
- 5
- 30
- 52
0
votes
1 answer
Error in My Hard Disk on Debian (OSSIM)
I have a Problem with my Debian (OSSIM), after a three days I can't create or edit any files, because of this issue:
root@ossim:~$ mkdir test
mkdir: cannot create directory `test': Read-only file system
so I boot the OS on live mode, using ubuntu,…
Seyed M
- 11
- 1
- 5
0
votes
1 answer
Alienvault OSSIM: What does "reliability" actually mean?
I know the "risk" calculation, but I don't understand what the variables in the calculation mean
The risk calculation is ((asset * priority * reliability)/25)
I don't quite understand what the individual variables in this equation are supposed to…
JDS
- 2,508
- 4
- 29
- 48
0
votes
1 answer
Logstash output to AlienVault (OSSIM)
I have the following topology:
rsyslog clients -> logstash server -> elasticsearch & another logstash & alienvault & local file
The problem is that alienvault wants just the raw message, without any json fields. How could i send only to alienvault…
Constantin Manea
- 1
- 3
0
votes
1 answer
How to filter errors 404 to show only those which are related to php files?
One of my web servers is getting flooded with requests to resources that do not exist anymore, generating the corresponding 404 error. As I'm using OSSEC and OSSIM, then these errors are sent to the OSSEC server (OSSIM), flooding it as well.
I want…
user149678
0
votes
1 answer
OSSIM Alarms for Snort rules
I'm new to OSSIM.
My requirement is to detect executable files (.exe) using snort. I have found a snort rule:
alert tcp any any -> any any (msg: "DLL Windows file download"; flow: established; content:"MZ";isdataat: 76,relative;content:"This…
user851157
- 1
- 3