Security Information and Event Management

OPEN SOURCE SECURITY INFORMATION MANAGER

OSSIM What is OSSIM

 OSSIM is an open source security system.  OSSIM integrates more than 30 open source tools.  OSSIM gathers events from any device or application.  OSSIM includes a powerful correlation system.  OSSIM can be integrated with any already deployed device or application in the network.  OSSIM generates a wide number of metrics and reports.  OSSIM is easily adaptable (Use what you need)  OSSIM can be integrated with proprietary and open source products. What is not OSSIM

 OSSIM is neither a firewall nor a content proxy  OSSIM is not a Security Linux Distribution (Backtrack, WifiSlax)  OSSIM is not a product for home use  OSSIM is not a simple software package (exe, rpm, deb...) which can be easily installed on any Operative System. Advantages

 Freeware-no doubt about backdoors.  customizable according to requirement.  2300+ data source plugins.  Highly Scalable.  High Redundancy/Availability.  Provide security at every level. (IDS/IPS ,firewall, antivirus servers, proxy, Domain controller, VPN servers, web servers, OS ).  Correlation (Cross correlation & Logical Correlation).  Correlation Directives (200+)  Risk calculation  Reporting System Requirements

 RAM:4GB RAM  Processor:64 bit processor  LAN Card: e1000 network card OSSIM in Real World Architecture

Typically OSSIM consists of four elements;  Sensors(Detector + Collector)  Detector Generates events.  Collector Collects and analyzes data using predefined RegEx.  Management Server  The main Server tasks as Normalizing, Prioritizing, Collecting, Risk Assessment and Correlating engines  The maintenance and external tasks, as backups, scheduled backups, online inventory or scanning launching  Database  Front end Web Interface How OSSIM Works

 Devices and/or applications generate security events(Detectors).  Events are gathered by OSSIM collector.  The collectors send normalized events to the OSSIM Server.  The OSSIM Server does a risk calculation for every event.  The events are correlated in the OSSIM Server.  Events are stored in database.  The Web Console offers access to all the information collected and generated by OSSIM. How OSSIM Works OSSIM Operation OSSIM Operations OSSIM Web Interface Integrated Tools Snort Ntop OCS Nfdump and NFSen NetFlow Nagios OpenVAS OSVDB OSSEC NMAP POf Pads ARPWatch TCPtrack Nepenthes Sample Deployment The End

Thanks…