Whats New in OSSIM 2.2?

What’s New in OSSIM 2.2?
http://www.alienvault.com
February 2009
Juan Manuel Lorenzo (jmlorenzo@alienvault.com)

New Features and Enhancements
OSSIM 2.2

Index
New Features and Enhancements
New Installer
Enhanced Usability
New Vulnerability Management Interface
ISO & PCI Compliance
Unified Report Manager
Asset Management, Search and Reporting
SIEM Forensic Console Enhancements
Full PCI Wireless Security compliance
Netflow Analysis
New data sources
New menu organization
Multiclient
Logger
Higher Performance and Increased Storage
Upcoming Work
3

New installer
32-bit and 64-bit version
Graphical installer
Unattended installation
VPN auto-setup
Firewall auto-setup
Update process improved
Full Multi-profile
Automatic configuration of OSSIM Components
HTTPS enabled by default
Software Upgraded
Packet capture improved (Pfring 1.0 in 32-bit and 64- bit version)
4

New Installer
Upgraded Software
Linux Kernel 2.6.31
Support for newest devices
MySQL 5.1
Greater performance and partitioning support
Pfring 4.0
PF_RING can be used with vanilla kernels (no kernel patch required).
OSSEC 2.3.1
Real time file integrity monitoring on Windows systems
Support for monitoring the commands output (process monitoring)
Openvas 3.0
WMI clients support
New internal module architecture
5

Enhanced Usability
Easy access to a broad range of information about any host or network:
Asset Report
Alarms
SIEM
Logger
Ticketing system
Knowledge DB
Vulnerabilities
Network Monitor
Availability Monitor
Right-click on any IP address or Network to see the contextual menu
6

Enhanced Usability
Ease of use
Analysis/Monitoring, reporting and configuration have been separated into different tabs.
Advanced options and complex configurations have been separated from simple configuration options.
Help
Each panel has it's own link to the documentation/help
7

Enhanced Usability
User templates
Simplifies permission assignment to users in OSSIM.
Floating Windows
New floating Windows are now being used to help navigation within the web interface.
8

Schedule Scans
Scanning profiles
Scan summary
Threats database
Predefined Scanning Profiles
Reporting in HTML, PDF and XLS
Monitor Scan status in Real Time
Vulnerability Scanner Web configuration
9

Monitor Scan status in Real Time
Schedule Scan
10

Vulnerability Scanner Reports
11
EXCEL
PDF
HTML

ISO & PCI Compliance
Automated PCI DSS and ISO 27001 Compliance reporting including:
Threat overview
Business real impact risks
C.I.A Potential impact
PCI-DSS
Trends
ISO27002 Potential impact
ISO27001
Directives mapped to compliance control objectives

12

Report Management system built on JasperServer
Reports in PDF, RTF, and HTML Format
Reports can be sent via e-mail from the Web Interface
Time frame selection when generating reports
13

Access all reports from a single centralized location
Available reports:
Asset Report
SIEM Events
Logger
Alarms
Business & Compliance ISO PCI
Metrics Report
Geographic Report
User activity
14

Content selection for each report
Customizable Reports
15

16
Asset Search
Find all Assets matching certain criteria
Date frame Selection
Save predefined searches
Advanced searches
Auto completion

17
Advanced Asset Search
Use logical Operators to combine search criteria
Predefined Search Criterias
Advanced searches
Multiple Options in each criteria
Auto completion

18
Asset Report
Shows all the information regarding a host or network that can be found in OSSIM

SIEM Forensic Database redesigned
Faster analysis
Storage capacity increased
Search Engine optimized
Logical Search (Using AND & OR operators)
Export query results in PDF Format
New filters
Filter by country
Filter by local networks
Time frame selection using a calendar
Extended information using event references
19

Search using AND & OR (IP and Signature)
Export query results in PDF Format
20

Event geo-localization statistics
Time frame selection
21

Full PCI Wireless Security compliance
Implements the necessary controls for a full Wireless PCI Compliance.
Reporting System and Wireless IDS (Kismet)
Reports:
Networks
Cloaked Networks having uncloaked AP’s
Encrypted Networks having unencrypted AP’s
Networks using weak encryptions
Suspicious clients
22

Netflow Analysis
Netflow monitoring and management
Integration of Nfdump and Nfsen
Netflow collection from network devices
Fprobe auto-configured to collect logs in the OSSIM collectors.
23

Netflow Analysis
Easy configuration interface
Complex Netflow Analysis and plugin support
24

New data sources
Cisco SDEE
Application level communications protocol that is used to exchange events in Cisco Devices
Snort Unified2
Snort 3.0 and Suricata Engine supported
WMI Agentless Collection
Windows Management Instrumentation
New supported devices and applications
Astaro, Vyatta, Siteprotector, TippingPoint, Juniper VPN, RedBack, Netscreen IDP, Kismet, LucentBrick,...
25

New Menu Organization
Dashboards
High level information: charts, graphs, and risk maps.
Incidents
Medium level information: Alarms, Ticketing system and Knowledge DB
Analysis
Low level information: SIEM Events (Data mining), Logger and vulnerabilities
Reports
Report Manager
Assets
Inventory, Asset Search and OSSIM Components
26

New Menu Organization
Intelligence
Policy, actions, correlation rules and Compliance Mapping
Monitors
Information in real time: Network, Usage and availability
Configuration
Users, Collection configuration, and Database Upgrades
Tools
Backup, Tools Download, and Network Discovery system
27

Multiclient
Multi Company/Department management capabilities
Multi-hierarchical deployments
28
Only available when using Alienvault professional SIEM

Logger
New graphs and statistics
Reports on the information stored in the Logger
Logical operators in Logger Search
Fastest access to the information stored in the Logger
29

Logger
Select the time frame easily clicking on graphs or using a calendar
Digitally signed logs can be exported to be verified using an external application
Improved search syntax
30
Only in Alienvault Professional SIEM

Higher Performance and Increased Storage
Database redesigned to increase performance and storage capacity.
Improved Multithread support in OSSIM Server
Multi-insertion to reduce database queries
Faster processing of events
31

Upcoming Work

Upcoming work
NAC ( Network Access Control)
Asset auto-discovery
HIDS Management console
Collectors Management console
New correlation capabilities
DLP (Data Loss Prevention)
Improve Nagios Integration
33

http://www.slideshare.net	335
http://www.mefeedia.com	2
http://translate.googleusercontent.com	2
http://static.slidesharecdn.com	1
https://twitter.com	1

Whats New in OSSIM 2.2?

by Alienvault on Feb 09, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

5 Embeds 341

Statistics

Whats New in OSSIM 2.2? — Presentation Transcript