SlideShare a Scribd company logo

Best Practices for Configuring Your OSSIM Installation

Download as PPTX, PDF
AlienVault
AlienVault

Because every network environment is different, OSSIM offers flexibile configuration options to adapt to the needs of different environments. Whether you are just getting started with OSSIM, or have been using it for years, thinking through the configuration options availble will help you get the most out of your installation. Join us for this customer training webcast where our OSSIM experts will walk through: How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities

Technology
1 of 30
Title
Introductions Mark Allen Technical Sales Engineer Garrett Gross Sr. Technical PMM
Resources for OSSIM Users AlienVault Forums: https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group: https://www.linkedin.com/groupInvitation?gid=3793 USM & OSSIM On-Demand Training Archives: https://www.alienvault.com/product-training AlienVault Blog – Analysis from the AlienVault Labs research team, practical tips to secure your environment & industry trends
Agenda How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities
Lets get started!
Host IDS Configuration
OSSIM comes with OSSEC host-based IDS, which provides: • Log monitoring and collection • Rootkit detection • File integrity checking • Windows registry integrity checking • Active response OSSEC uses authenticated server/agent architecture. Host IDS OSSIM Sensor OSSEC Server Servers OSSEC Agent OSSIM Server UDP 1514 Normalized events
Deploying HIDS 1. Add an agent in OSSIM 2. Deploy HIDS agent to the target system. 3. Optionally change configuration file on the agent. 4. Verify HIDS operations.
Add an agent. Save agent. Specify name and IP address. Add Agent in OSSIM Required task for all operating systems Can also be added through the manage_agents script Environment > Detection > HIDS > Agents
Specify domain, username and password of the target system. Download preconfigured agent for Windows. Automatic deployment for Windows. Extract key. Deploy HIDS Agent to Target System Automated deployment for Windows machines Manual installation for other OS Key extraction is required for manual installation
Configuration file. Log file. Change Configuration File on Agent OSSEC configuration is controlled by a text file. Agent needs to be restarted after configuration changes. Log file is available for troubleshooting.
Agent status should be active. Verify HIDS Operations Displays overview of OSSEC events and agent information Environment > Detection > HIDS > Overview
OSSEC events. Verify HIDS Operations (Cont.) Verify if OSSEC events are displayed in the SIEM console. Utilize search filter to display only events from OSSEC data source. Analysis > Security Events (SIEM) > SIEM
Verify HIDS Operations (Cont.) Environment > Detection > HIDS > Agents > Agent Control Verify registry integrity. Verify presence of rootkits. Verify file integrity.
Syslog & Plugins
Syslog Forwarding Syslog configuration will vary based on source device/application but, usually, the necessary parameters are: • Destination IP • Source IP • Port (default is UDP 514)
Enabling Plugins Enable plugin at the asset level General > Plugins > Edit Plugins Green light under “Receiving Data” will confirm successful log collection
Vulnerability Assessment
Vulnerability Assessment Uses a built-in OpenVAS scanner Detects vulnerabilities in assets • Vulnerabilities are correlated with events‘ cross-correlation rules • Useful for compliance reports and auditing Managed from the central SIEM console: • Running and scheduling vulnerability scans • Examining reports • Updating vulnerability signatures
Advanced Options Vulnerability assessment can be: • Authenticated (SSH and SMB) • Unauthenticated Predefined profiles can be selected: • Non destructive full and slow scan • Non destructive full and fast scan • Full and fast scan including destructive tests Custom profiles can be created.
Vulnerability Assessment Config 1. (Optionally) tune global vulnerability assessment settings. 2. (Optionally) create a set of credentials. 3. (Optionally) create a scanning profile. 4. Create a vulnerability scan job. 5. Examine scanning results. 6. Optionally create a vulnerability or compliance report.
Update configuration. Select vulnerability ticket threshold. Tune Global Vulnerability Assessment Settings The vulnerability assessment system opens a ticket for found vulnerabilities. Start with a high threshold and fix important vulnerabilities first. Configuration > Administration > Main
Specify login username. Specify credential set name. Select authentication type. Click settings. Create Set of Credentials Used to log into a machine for authenticated scan Supports the DOMAIN/USER username Environment > Vulnerabilities > Overview
Examine 3 default profiles. Enable/disable plugin family. Create a new profle. Edit profiles. Create Scanning Profile Enable profiles that apply to assets you are scanning. Environment > Vulnerabilities > Overview
Create a new scan job. Import Nessus scan report. Select schedule method. Specify scan job name. Select profile. Select server. Select assets. Select credential set for authenticated scan. Save job. Create Vulnerability Scan Job Environment > Vulnerabilities > Scan Jobs
Examine vulnerability statistics. View vulnerability report for all assets. Examine reports for all scan jobs. Examine Vulnerabilities Results Environment > Vulnerabilities > Overview
OSSIM vs. USM
How is USM different? Correlation Directives: Over 2,000 built-in correlation directives developed by the AlienVault Labs Threat Research Team, and updated weekly Reporting: 150+ Customizable Reports, including compliance-specific reports Log Management: Robust Log Management, Log Search & Long-Term Log Retention Professional Support via phone & email as well as customer support portal And more…view comparison chart here: https://www.alienvault.com/products/compare-ossim-to-alienvault-usm “I started out with OSSIM and I didn’t fully realize how much value I would get out of USM until I started using it. The reporting is awesome, it’s been a big benefit for me. And, having a fully supported solution means I can get answers to my questions much more quickly than before.” – Matthew Frederickson, Director of Information Technology, Council Rock School District
USM + Free Installation Services http://www.alienvault.com/marketing/smb-bundles
888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now for some Q&A Resources for OSSIM Users OSSIM vs. USM Comparison Chart https://www.alienvault.com/products/compare-ossim-to-alienvault-usm AlienVault Forum https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group https://www.linkedin.com/groupInvitation?gid=3793 Subscribe to the AlienVault Blog https://www.alienvault.com/blogs Hands-on 5-day Training Classes, in-person or “Live on-line” https://www.alienvault.com/support/classroom-training

Recommended

OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Continuous monitoring with OSSIM
Continuous monitoring with OSSIMContinuous monitoring with OSSIM
Continuous monitoring with OSSIMEguardian Global Services
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 

Recommended

OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Continuous monitoring with OSSIM
Continuous monitoring with OSSIMContinuous monitoring with OSSIM
Continuous monitoring with OSSIMEguardian Global Services
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introductionn|u - The Open Security Community
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security PlatformPituphong Yavirach
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 
Wazuh Pre.pptx
Wazuh Pre.pptxWazuh Pre.pptx
Wazuh Pre.pptxemnabenamor3
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesFranck Franchin
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
security onion
security onionsecurity onion
security onionBoni Yeamin
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Creating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentCreating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentMongoDB
 
Webinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentWebinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentMongoDB
 

More Related Content

What's hot

DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh clevernetsystemsgeneva
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesFranck Franchin
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 

What's hot (20)

Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introduction
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
 
Wazuh Pre.pptx
Wazuh Pre.pptxWazuh Pre.pptx
Wazuh Pre.pptx
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures Critiques
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
security onion
security onionsecurity onion
security onion
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 

Similar to Best Practices for Configuring Your OSSIM Installation

Creating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentCreating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentMongoDB
 
Webinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentWebinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentMongoDB
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentMongoDB
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less workIevgenii Katsan
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingPCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingAlienVault
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsAlert Logic
 
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1Felipe Prado
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessKarl Ots
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANSJeffrey Reed
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...NoNameCon
 

Similar to Best Practices for Configuring Your OSSIM Installation (20)

Creating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your DeploymentCreating a Single View Part 3: Securing Your Deployment
Creating a Single View Part 3: Securing Your Deployment
 
Webinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your DeploymentWebinar: Creating a Single View: Securing Your Deployment
Webinar: Creating a Single View: Securing Your Deployment
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS ReportingPCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
PCI DSS Reporting Requirements for People Who Hate PCI DSS Reporting
 
Security testing
Security testingSecurity testing
Security testing
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
DEFCON 23 - Nir Valtman and Moshe Ferber - from zero to secure in 1
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = Awesomeness
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
 

More from AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 

More from AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Best Practices for Configuring Your OSSIM Installation

  • 2. Introductions Mark Allen Technical Sales Engineer Garrett Gross Sr. Technical PMM
  • 3. Resources for OSSIM Users AlienVault Forums: https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group: https://www.linkedin.com/groupInvitation?gid=3793 USM & OSSIM On-Demand Training Archives: https://www.alienvault.com/product-training AlienVault Blog – Analysis from the AlienVault Labs research team, practical tips to secure your environment & industry trends
  • 4. Agenda How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities
  • 7. OSSIM comes with OSSEC host-based IDS, which provides: • Log monitoring and collection • Rootkit detection • File integrity checking • Windows registry integrity checking • Active response OSSEC uses authenticated server/agent architecture. Host IDS OSSIM Sensor OSSEC Server Servers OSSEC Agent OSSIM Server UDP 1514 Normalized events
  • 8. Deploying HIDS 1. Add an agent in OSSIM 2. Deploy HIDS agent to the target system. 3. Optionally change configuration file on the agent. 4. Verify HIDS operations.
  • 9. Add an agent. Save agent. Specify name and IP address. Add Agent in OSSIM Required task for all operating systems Can also be added through the manage_agents script Environment > Detection > HIDS > Agents
  • 10. Specify domain, username and password of the target system. Download preconfigured agent for Windows. Automatic deployment for Windows. Extract key. Deploy HIDS Agent to Target System Automated deployment for Windows machines Manual installation for other OS Key extraction is required for manual installation
  • 11. Configuration file. Log file. Change Configuration File on Agent OSSEC configuration is controlled by a text file. Agent needs to be restarted after configuration changes. Log file is available for troubleshooting.
  • 12. Agent status should be active. Verify HIDS Operations Displays overview of OSSEC events and agent information Environment > Detection > HIDS > Overview
  • 13. OSSEC events. Verify HIDS Operations (Cont.) Verify if OSSEC events are displayed in the SIEM console. Utilize search filter to display only events from OSSEC data source. Analysis > Security Events (SIEM) > SIEM
  • 14. Verify HIDS Operations (Cont.) Environment > Detection > HIDS > Agents > Agent Control Verify registry integrity. Verify presence of rootkits. Verify file integrity.
  • 16. Syslog Forwarding Syslog configuration will vary based on source device/application but, usually, the necessary parameters are: • Destination IP • Source IP • Port (default is UDP 514)
  • 17. Enabling Plugins Enable plugin at the asset level General > Plugins > Edit Plugins Green light under “Receiving Data” will confirm successful log collection
  • 19. Vulnerability Assessment Uses a built-in OpenVAS scanner Detects vulnerabilities in assets • Vulnerabilities are correlated with events‘ cross-correlation rules • Useful for compliance reports and auditing Managed from the central SIEM console: • Running and scheduling vulnerability scans • Examining reports • Updating vulnerability signatures
  • 20. Advanced Options Vulnerability assessment can be: • Authenticated (SSH and SMB) • Unauthenticated Predefined profiles can be selected: • Non destructive full and slow scan • Non destructive full and fast scan • Full and fast scan including destructive tests Custom profiles can be created.
  • 21. Vulnerability Assessment Config 1. (Optionally) tune global vulnerability assessment settings. 2. (Optionally) create a set of credentials. 3. (Optionally) create a scanning profile. 4. Create a vulnerability scan job. 5. Examine scanning results. 6. Optionally create a vulnerability or compliance report.
  • 22. Update configuration. Select vulnerability ticket threshold. Tune Global Vulnerability Assessment Settings The vulnerability assessment system opens a ticket for found vulnerabilities. Start with a high threshold and fix important vulnerabilities first. Configuration > Administration > Main
  • 23. Specify login username. Specify credential set name. Select authentication type. Click settings. Create Set of Credentials Used to log into a machine for authenticated scan Supports the DOMAIN/USER username Environment > Vulnerabilities > Overview
  • 24. Examine 3 default profiles. Enable/disable plugin family. Create a new profle. Edit profiles. Create Scanning Profile Enable profiles that apply to assets you are scanning. Environment > Vulnerabilities > Overview
  • 25. Create a new scan job. Import Nessus scan report. Select schedule method. Specify scan job name. Select profile. Select server. Select assets. Select credential set for authenticated scan. Save job. Create Vulnerability Scan Job Environment > Vulnerabilities > Scan Jobs
  • 26. Examine vulnerability statistics. View vulnerability report for all assets. Examine reports for all scan jobs. Examine Vulnerabilities Results Environment > Vulnerabilities > Overview
  • 28. How is USM different? Correlation Directives: Over 2,000 built-in correlation directives developed by the AlienVault Labs Threat Research Team, and updated weekly Reporting: 150+ Customizable Reports, including compliance-specific reports Log Management: Robust Log Management, Log Search & Long-Term Log Retention Professional Support via phone & email as well as customer support portal And more…view comparison chart here: https://www.alienvault.com/products/compare-ossim-to-alienvault-usm “I started out with OSSIM and I didn’t fully realize how much value I would get out of USM until I started using it. The reporting is awesome, it’s been a big benefit for me. And, having a fully supported solution means I can get answers to my questions much more quickly than before.” – Matthew Frederickson, Director of Information Technology, Council Rock School District
  • 29. USM + Free Installation Services http://www.alienvault.com/marketing/smb-bundles
  • 30. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Now for some Q&A Resources for OSSIM Users OSSIM vs. USM Comparison Chart https://www.alienvault.com/products/compare-ossim-to-alienvault-usm AlienVault Forum https://www.alienvault.com/forums/discussions/tagged/ossim LinkedIn Group https://www.linkedin.com/groupInvitation?gid=3793 Subscribe to the AlienVault Blog https://www.alienvault.com/blogs Hands-on 5-day Training Classes, in-person or “Live on-line” https://www.alienvault.com/support/classroom-training