integrated tools in alienvault unified security management platform
DESCRIPTION
Today more than 30 open-source security tools are built into this framework, making AlienVault the fastest way to start and the easiest way to manage a comprehensive security program.TRANSCRIPT
![Page 1: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/1.jpg)
TAKE YOUR OPEN SOURCE SECURITY STRATEGY TO THE NEXT LEVEL
The power of open source from a single, unified console
WWW.ALIENVAULT.COM/
![Page 2: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/2.jpg)
The World’s Most Widely Used SIEMMEET OSSIM
OSSIM is trusted by 195,000+ security professionals in 175 countries…and countingEstablished and launched by security engineers out of necessityUsers enjoy all of the features of a traditional SIEM – and more
![Page 3: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/3.jpg)
EXAMPLE OF HOW THE TOOLS WORK TOGETHER
![Page 4: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/4.jpg)
Tools ClassificationHOW IT WORKS
TOOLS integrated with AlienVault OSSIM are classified by behavior of the tool with the network
Active: they generate traffic in network being monitoredPassive: they analyze network traffic without generating any traffic
Passive tools require port mirroring (SPAN) configured in network equipment or virtual machines to analyze traffic
![Page 5: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/5.jpg)
ASSET DISCOVERY
![Page 6: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/6.jpg)
Detecting Network Assets in AlienVault OSSIM
PRADS
What is it?Signature-based detection engine used to passively detect network assets
OSSIM allows for distributed PrADS monitoring, to help simplify:Inventory managementVersion changes on servicesPolicy violationsInventory correlation
Passive Tool
Passive.sourceforge.net
![Page 7: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/7.jpg)
Identifying Network Hosts & Services in AlienVault OSSIM
NMAP (NETWORK MAPPER)
What is it?Security scanner to discover hosts & services on networkProduct includes interface for scheduling NMAP scans & inventory system to manage results
The OSSIM user interface makes it easy to schedule NMAP scans and manage results.
Quickly find: network assets, open ports, service versions, operating systems and product versions
Active Tool
nmap.org
![Page 8: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/8.jpg)
Inventorying IT Assets in AlienVault OSSIMOCS INVENTORY NG
What is it?Lightweight agent; provides full enumeration on installed softwareCollects information about hardware running OCS agent
OSSIM simplifies OCS inventory installation and management of:
Hardware and software inventoryVulnerabilitiesInformation on policy violations
Active Tool
ocsinventory.ng.org
![Page 9: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/9.jpg)
VULNERABILITY ASSESSMENT
![Page 10: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/10.jpg)
Vulnerability Assessment in AlienVault OSSIMOPENVAS
What is it?Provides both authenticated and unauthenticated vulnerability detectionActively scans network for known vulnerabilities per your specificationsDaily feed of network vulnerability tests (over 33,000)Allows for scanning aggressiveness fine-tuning
OSSIM gives users the ability to schedule OpenVAS scans and reporting in concert with vulnerability information.
Active Tool
openvas.org
![Page 11: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/11.jpg)
Web Vulnerability Scanning in AlienVault OSSIMNIKTO
What is it?Performs comprehensive tests against web servers
NIKTO in OSSIM scans web servers for problems including:Server and software misconfigurationsDefault files and programsInsecure files and programsOutdated software
Active Tool
cirt.net/nikto2
![Page 12: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/12.jpg)
THREAT DETECTION
![Page 13: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/13.jpg)
Host-based Intrusion Detection in AlienVault OSSIMOSSEC
What is it?Host-based intrusion detection system
How it works? OSSIM provides a web interface for OSSEC to simplify management of distributed deploymentsAlienVault Sensor collects events from OSSEC serverOSSIM can use Windows, UNIX and application logs, as well as registry and file integrity monitoring information
Active Tool
ossec.org
![Page 14: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/14.jpg)
Network Intrusion Detection in AlienVault OSSIM SNORT
What is it?Default IDS in virtual applianceGenerates security events for SIEM when analyzing network trafficCombines signature, protocol and anomaly-based inspection
OSSIM makes it easy to manage distributed SNORT installations. Manage IDS rules to monitor for malware signatures and policy violations (p2P, unauthorized IM, games, etc.)
Passive Tool
snort.org
![Page 15: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/15.jpg)
Intrusion Detection & Prevention in AlienVault OSSIM
SURICATA
What is it?Intrusion detection and intrusion prevention, based on threat signaturesSame IDS signatures as SNORTAdvanced processing of HTTP signaturesMulti-threaded processing
OSSIM makes it easy to manage distributed Suricata installations and manage IDS rules.
Passive Tool
Suricata.ids.org
![Page 16: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/16.jpg)
Wireless Intrusion Detection System in AlienVault OSSIM
KISMET
What is it?
OSSIM uses the Kismet package for wireless IDSWorks with any wireless card supporting raw monitoring (rfmon) modeWith appropriate hardware, like Raspberry Pi, can sniff 802.11b, 802.11a, 802.11g & 802.11n traffic
OSSIM provides an interface for easy distributed deployments of Kismet.
WIFI network security monitoringRogue Apps detectionPCI compliance help
Passive Tool
kismetwireless.org
![Page 17: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/17.jpg)
SECURITY INFORMATION & EVENT MANAGEMENT
![Page 18: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/18.jpg)
Security Event & Information ManagementALIENVAULT OSSIM
OSSIM, the open source SIEM, is the most widely used SIEM in the world.
What can you do with it?
Event collection, normalization and correlationLeverage suite of pre-integrated, best of breed security tools for incident response
Passive Tool
www.alienvault.com/open-threat-exchange/projects
![Page 19: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/19.jpg)
BEHAVIORAL ANALYSIS
![Page 20: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/20.jpg)
System & Network Monitoring in AlienVault OSSIMNAGIOS
What is it?Watches hosts & services and provides alertsConfigurable checking of assetsCan do checks with agent or remotely, without agentWide variety of plugins for monitoring apps and devices available
OSSIM provides web interface for Nagios, making distributed installations easy with:
Ongoing availability monitoringAvailability monitoring during logical correlation (by request)Visibility whether service ports are open or closed
Active Tool
nagios.org
![Page 21: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/21.jpg)
Network Traffic Capture in AlienVault OSSIM TCPDUMP
What is it?
TCPDUMP is a command-line packet analyzer and libpcapIt is also a portable C/C++ library
What does it do? Watches hosts and services and provides alertsConfigurable checking of assetsCan do checks with agent or remotely, without agentWide variety of plugins for monitoring apps and devices available
Active Tool
tcpdump.org
![Page 22: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/22.jpg)
Generating Netflow Data in AlienVault OSSIM FPROBE
What is it?Collects network traffic data and distributes it as netflow flows towards the specified collectorLibpcap-based tool
OSSIM provides an integrated console where you can view netflow information, from FPROBE, to assist with incident response
Passive Tool
fprobe.sourceforge.net/
![Page 23: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/23.jpg)
Netflow Collector in AlienVault OSSIM NFDUMP
What is it?Read netflow data from the files stored by NFCAPD NFSUMP syntax is similar to TCPDUMP
OSSIM makes it easy to quickly implement NFDUMP for netflow analysisProvides netflow data Creates customizable, top N statistics of flows, IP addresses, ports etc.Saves time by eliminating need for “How To” tutorial
Passive Tool
Nfdump.sourceforge.net
![Page 24: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/24.jpg)
Collecting IP Traffic in AlienVault OSSIM NFSEN
What is it?Web based front end for NFDUMPNFSEN is a network protocol developed by Cisco to run on iOS-enabled equipment and collect IP traffic informationIt is supported by other platforms, such as Juniper, Linux, FreeBSD and OpenBSD
OSSIM aggregates NFSEN data and allows you to:Display netflow dataProcess netflow data within specific time frameCreate historic and continuous profiles
Passive
nfsen.sourceforge.net
![Page 25: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/25.jpg)
Network Use Monitoring in AlienVault OSSIM
NTOP
What is it?Network probe providing real-time & historical network usageUses RRD Aberrant Behavior algorithm to draw predictions of future behavior**If prediction differs from real traffic, an event is generated in OSSIM
In OSSIM, NTOP provides:Network usage statisticsAsset informationTime & activity matricesReal-time session monitoringAnd network abuse information
Passive Tool
ntop.org
![Page 26: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/26.jpg)
Play, share, enjoy!START USING OSSIM TODAY
Download OSSIM
Join AlienVault OTX
Learn more about our commercial offering
Try AlienVault USM, free for 30 days
Join us for a LIVE Demo!
![Page 27: Integrated Tools in AlienVault Unified Security Management Platform](https://reader031.vdocument.in/reader031/viewer/2022020110/555a6ac5d8b42a972b8b4b30/html5/thumbnails/27.jpg)