• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Whats New in OSSIM v2.2?
 

Whats New in OSSIM v2.2?

on

  • 13,411 views

OSSIM 2.2 ...

OSSIM 2.2
=====================================
New Features and Enhancements
- New Installer
- Enhanced Usability
- New Vulnerability Management Interface
- ISO & PCI Compliance
- Unified Report Manager
- Asset Management, Search and Reporting
- SIEM Forensic Console Enhancements
- Full PCI Wireless Security compliance
- Netflow Analysis
- New data sources
- New menu organization
- Multiclient
- Logger
- Higher Performance and Increased Storage

http://www.alienvault.com || http://www.ossim.net

Statistics

Views

Total Views
13,411
Views on SlideShare
13,068
Embed Views
343

Actions

Likes
7
Downloads
0
Comments
0

7 Embeds 343

http://www.slideshare.net 335
http://www.mefeedia.com 2
http://translate.googleusercontent.com 2
http://static.slidesharecdn.com 1
https://twitter.com 1
http://www.linkedin.com 1
https://www.linkedin.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Whats New in OSSIM v2.2? Whats New in OSSIM v2.2? Presentation Transcript

    • What’s New in OSSIM 2.2?
      http://www.alienvault.com
      February 2009
      Juan Manuel Lorenzo (jmlorenzo@alienvault.com)
    • New Features and Enhancements
      OSSIM 2.2
    • Index
      New Features and Enhancements
      New Installer
      Enhanced Usability
      New Vulnerability Management Interface
      ISO & PCI Compliance
      Unified Report Manager
      Asset Management, Search and Reporting
      SIEM Forensic Console Enhancements
      Full PCI Wireless Security compliance
      Netflow Analysis
      New data sources
      New menu organization
      Multiclient
      Logger
      Higher Performance and Increased Storage
      Upcoming Work
      3
    • New installer
      32-bit and 64-bit version
      Graphical installer
      Unattended installation
      VPN auto-setup
      Firewall auto-setup
      Update process improved
      Full Multi-profile
      Automatic configuration of OSSIM Components
      HTTPS enabled by default
      Software Upgraded
      Packet capture improved (Pfring 1.0 in 32-bit and 64- bit version)
      4
    • New Installer
      Upgraded Software
      Linux Kernel 2.6.31
      Support for newest devices
      MySQL 5.1
      Greater performance and partitioning support
      Pfring 4.0
      PF_RING can be used with vanilla kernels (no kernel patch required).
      OSSEC 2.3.1
      Real time file integrity monitoring on Windows systems
      Support for monitoring the commands output (process monitoring)
      Openvas 3.0
      WMI clients support
      New internal module architecture
      5
    • Enhanced Usability
      Easy access to a broad range of information about any host or network:
      Asset Report
      Alarms
      SIEM
      Logger
      Ticketing system
      Knowledge DB
      Vulnerabilities
      Network Monitor
      Availability Monitor
      Right-click on any IP address or Network to see the contextual menu
      6
    • Enhanced Usability
      Ease of use
      Analysis/Monitoring, reporting and configuration have been separated into different tabs.
      Advanced options and complex configurations have been separated from simple configuration options.
      Help
      Each panel has it's own link to the documentation/help
      7
    • Enhanced Usability
      User templates
      Simplifies permission assignment to users in OSSIM.
      Floating Windows
      New floating Windows are now being used to help navigation within the web interface.
      8
    • New Vulnerability Management Interface
      Schedule Scans
      Scanning profiles
      Scan summary
      Threats database
      Predefined Scanning Profiles
      Reporting in HTML, PDF and XLS
      Monitor Scan status in Real Time
      Vulnerability Scanner Web configuration
      9
    • New Vulnerability Management Interface
      Monitor Scan status in Real Time
      Schedule Scan
      10
    • New Vulnerability Management Interface
      Vulnerability Scanner Reports
      11
      EXCEL
      PDF
      HTML
    • ISO & PCI Compliance
      Automated PCI DSS and ISO 27001 Compliance reporting including:
      Threat overview
      Business real impact risks
      C.I.A Potential impact
      PCI-DSS
      Trends
      ISO27002 Potential impact
      ISO27001
      Directives mapped to compliance control objectives
       
      12
    • Unified Report Manager
      Report Management system built on JasperServer
      Reports in PDF, RTF, and HTML Format
      Reports can be sent via e-mail from the Web Interface
      Time frame selection when generating reports
      13
    • Unified Report Manager
      Access all reports from a single centralized location
      Available reports:
      Asset Report
      SIEM Events
      Logger
      Alarms
      Business & Compliance ISO PCI
      Metrics Report
      Geographic Report
      User activity
      14
    • Unified Report Manager
      Content selection for each report
      Customizable Reports
      15
    • Asset Management, Search and Reporting
      16
      Asset Search
      Find all Assets matching certain criteria
      Date frame Selection
      Save predefined searches
      Advanced searches
      Auto completion
    • Asset Management, Search and Reporting
      17
      Advanced Asset Search
      Use logical Operators to combine search criteria
      Predefined Search Criterias
      Advanced searches
      Multiple Options in each criteria
      Auto completion
    • Asset Management, Search and Reporting
      18
      Asset Report
      Shows all the information regarding a host or network that can be found in OSSIM
    • SIEM Forensic Console Enhancements
      SIEM Forensic Database redesigned
      Faster analysis
      Storage capacity increased
      Search Engine optimized
      Logical Search (Using AND & OR operators)
      Export query results in PDF Format
      New filters
      Filter by country
      Filter by local networks
      Time frame selection using a calendar
      Extended information using event references
      19
    • SIEM Forensic Console Enhancements
      Search using AND & OR (IP and Signature)
      Export query results in PDF Format
      20
    • SIEM Forensic Console Enhancements
      Event geo-localization statistics
      Time frame selection
      21
    • Full PCI Wireless Security compliance
      Implements the necessary controls for a full Wireless PCI Compliance.
      Reporting System and Wireless IDS (Kismet)
      Reports:
      Networks
      Cloaked Networks having uncloaked AP’s
      Encrypted Networks having unencrypted AP’s
      Networks using weak encryptions
      Suspicious clients
      22
    • Netflow Analysis
      Netflow monitoring and management
      Integration of Nfdump and Nfsen
      Netflow collection from network devices
      Fprobe auto-configured to collect logs in the OSSIM collectors.
      23
    • Netflow Analysis
      Easy configuration interface
      Complex Netflow Analysis and plugin support
      24
    • New data sources
      Cisco SDEE
      Application level communications protocol that is used to exchange events in Cisco Devices
      Snort Unified2
      Snort 3.0 and Suricata Engine supported
      WMI Agentless Collection
      Windows Management Instrumentation
      New supported devices and applications
      Astaro, Vyatta, Siteprotector, TippingPoint, Juniper VPN, RedBack, Netscreen IDP, Kismet, LucentBrick,...
      25
    • New Menu Organization
      Dashboards
      High level information: charts, graphs, and risk maps.
      Incidents
      Medium level information: Alarms, Ticketing system and Knowledge DB
      Analysis
      Low level information: SIEM Events (Data mining), Logger and vulnerabilities
      Reports
      Report Manager
      Assets
      Inventory, Asset Search and OSSIM Components
      26
    • New Menu Organization
      Intelligence
      Policy, actions, correlation rules and Compliance Mapping
      Monitors
      Information in real time: Network, Usage and availability
      Configuration
      Users, Collection configuration, and Database Upgrades
      Tools
      Backup, Tools Download, and Network Discovery system
      27
    • Multiclient
      Multi Company/Department management capabilities
      Multi-hierarchical deployments
      28
      Only available when using Alienvault professional SIEM
    • Logger
      New graphs and statistics
      Reports on the information stored in the Logger
      Logical operators in Logger Search
      Fastest access to the information stored in the Logger
      29
      Only available when using Alienvault professional SIEM
    • Logger
      Select the time frame easily clicking on graphs or using a calendar
      Digitally signed logs can be exported to be verified using an external application
      Improved search syntax
      30
      Only in Alienvault Professional SIEM
    • Higher Performance and Increased Storage
      Database redesigned to increase performance and storage capacity.
      Improved Multithread support in OSSIM Server
      Multi-insertion to reduce database queries
      Faster processing of events
      31
      Only available when using Alienvault professional SIEM
    • Upcoming Work
    • Upcoming work
      NAC ( Network Access Control)
      Asset auto-discovery
      HIDS Management console
      Collectors Management console
      New correlation capabilities
      DLP (Data Loss Prevention)
      Improve Nagios Integration
      33