A Security Information Management system (SIM), is a toolset that fills in that gap by collecting eventlogs into a central repository for trend analysis from different tools. It centralizes log information, correlates logs to establish cause-effect relationship between events, prevents possible damage/flaws on the company’s resources etc.
OSSIM is a fully featured SIM solution that offers all the necessary functionality, ranging from the detection at low-level to high-level reporting.
Based on GNU/Linux Debian, kernel 2.6, OSSIM integrates a handy suite of security open source tools- Arpwatch, used for MAC address anomaly detection.
- P0f, used for passive OS detection and OS change analysis.
- Pads, used for service anomaly detection.
- Nessus, used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner).
- Snort, used as a Intrusion detection system (IDS), and also used for cross correlation with Nessus.
- Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
- Tcptrack, used for session data information which can grant useful information for attack correlation.
- Ntop, which builds an impressive network information database for aberrant behaviour anomaly detection.
- Nagios, used to monitor host and service availability information based on a host asset database.
- Osiris, a Host-based intrusion detection system (HIDS).
- Snare, a log collector for windows systems.
- OSSEC, a host based IDS.
- OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.
 | |
| Screenshot from AlienVault |
Posts
No comments:
Post a Comment