Questions tagged [ossim]
Alienvault's community edition SIEM
11
questions
3
votes
2
answers
3k
views
OSSIM - Snort/OSSEC/Nagios Logging Config Question
Quick n00b OSSIM question. I've looked around but haven't found exactly what I'm looking for. I currently have a Nagios, OSSEC, Nessus, and Snort server and I want to keep those servers active but ...
user15736
3
votes
1
answer
740
views
OSSIM In Production Environment
I am trying to get some real-world feedback on OSSIM.
Are you using OSSIM in production?
If so, what has your overall experiance been?
How many nodes are in your enviroment?
Finally, what kind ...
- 1,669
2
votes
1
answer
3k
views
How to send NAGIOS alerts to OSSIM server
I've installed an OSSIM server and I wanto to retrieve the alerts generated by a remote Nagios server in order to analyze them and perform correlation of security events.
Before putting hands on it, ...
- 201
2
votes
1
answer
2k
views
OSSEC agent linked to OSSIM server
I installed OSSIM server on a VM and have tried to link a OSSEC agent to it. I have been able to link and install a HIDS on the client and have it communicate ok to the OSSIM server.
However, in the ...
- 125
1
vote
3
answers
10k
views
How to configure sensor rules in OSSIM
we've recently moved our NIDS installation from StrataGuard to the new OSSIM 2.1 release to take advantage of the additional features (Nagios, ntop, Nessus/OpenVas, etc.) it provides in addition to ...
- 5,680
1
vote
1
answer
1k
views
Ossim setup in AWS
I have setup OSSIM in my virtual box and its working fine.
I tried to setup OSSIM in AWS cloud, but Alienvault stopped AMI for new customers.
How you are doing this for PCI-DSS as we are SME prefer ...
0
votes
1
answer
1k
views
Alienvault OSSIM: What does "reliability" actually mean?
I know the "risk" calculation, but I don't understand what the variables in the calculation mean
The risk calculation is ((asset * priority * reliability)/25)
I don't quite understand what the ...
- 2,638
0
votes
1
answer
2k
views
Error in My Hard Disk on Debian (OSSIM)
I have a Problem with my Debian (OSSIM), after a three days I can't create or edit any files, because of this issue:
root@ossim:~$ mkdir test
mkdir: cannot create directory `test': Read-only file ...
- 11
0
votes
1
answer
2k
views
Logstash output to AlienVault (OSSIM)
I have the following topology:
rsyslog clients -> logstash server -> elasticsearch & another logstash & alienvault & local file
The problem is that alienvault wants just the raw message, ...
0
votes
1
answer
53
views
How to filter errors 404 to show only those which are related to php files?
One of my web servers is getting flooded with requests to resources that do not exist anymore, generating the corresponding 404 error. As I'm using OSSEC and OSSIM, then these errors are sent to the ...
user149678
0
votes
1
answer
2k
views
OSSIM Alarms for Snort rules
I'm new to OSSIM.
My requirement is to detect executable files (.exe) using snort. I have found a snort rule:
alert tcp any any -> any any (msg: "DLL Windows file download"; flow: established; ...
