Your SlideShare is downloading. ×
0
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Whats New in OSSIM v2.3?

12,304

Published on

This video demonstrates major features in AlienVault OSSIM.

This video demonstrates major features in AlienVault OSSIM.

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
12,304
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. What’s New in AlienVault 2.3<br />New Features and Enhancements<br />June 2010<br />Juan Manuel Lorenzo (jmlorenzo@alienvault.com)<br />
  • 2. AlienVault 2.3Overview<br />“The AlienVault Professional SIEM product combines the breadth and flexibility of Open Source software with the features and functionality present in any of AlienVault&apos;s competition.“<br /> - Andrew Hay, Sr. Analyst, The 451 Group<br />
  • 3. Synopsis<br />Two Releases:<br />AlienVault’s Professional SIEM version 2.3<br />Open Source SIEM (OSSIM) version 2.3<br />Some Features Available Only With AlienVault Professional SIEM<br />Major Upgrades<br />Reporting<br />User Management<br />Common Taxonomy <br />Multi-Tenant (i.e. MSSP Deployments)<br />3<br />
  • 4. New Feature Overview<br />New Features and Enhancements <br />Multi-Tenant User Architecture<br />Enhanced User Management<br />Enriched Security Taxonomy<br />SIEM Console<br />Reports<br />Dashboards<br />Vulnerabilities<br />Distributed Network Discovery<br />Installer<br />Usability Improvements<br />4<br />
  • 5. AlienVault 2.3 Details<br />&quot;Just a few hours later our SIEM Practice Manager grabbed me by the arm with a big smile: “You gotta see this!&quot; Remarkably, our network had been auto-discovered, a Vulnerability Assessment had been run, net-flows were being captured, we had real-time visibility to network traffic, a snort ids sensor with an appropriate signature set had been deployed, and basic network monitoring functionality was in place.&quot; <br /> - John Verry , Pivot Point Security<br />
  • 6. Entities Definition: Groups, Departments, Companies...<br />Assign User Permissions to Entities<br />Simplifies AlienVault Management<br />Admin Users for Each Entity<br />Multi-Tenant Architecture<br />6<br />
  • 7. Multi-Tenant Architecture<br />Only available when using AlienVault Professional SIEM<br />PROFESSIONAL VERSION<br />OPEN <br />SOURCE<br />7<br />
  • 8. Abstraction: Use your Entities and Forget About Networks and Hosts<br />Multi-Tenant Architecture<br />Only available when using AlienVault Professional SIEM<br />8<br />
  • 9. User Templates<br />Simplifies user management<br />Inherit permissions from an Entity<br />User Management<br />Only available when using AlienVault Professional SIEM<br />9<br />
  • 10. Enriched Security Taxonomy<br />Categorizes All Events<br />Only available when using AlienVault Professional SIEM<br />10<br />
  • 11. New Filters in SIEM Console<br />Taxonomy-Based Reports<br />Enriched Security Taxonomy<br />11<br />
  • 12. SIEM Console<br />Custom Event Viewer Functionality Merged into SIEM Console<br />Select the events you want to see<br />Select the columns you want to display<br />Save your custom view<br />12<br />
  • 13. Dashboards<br />Enhanced Predefined Dashboard Capability<br />Ability to revert to original default dashboards while maintaining custom ones<br />Select the Default Panel<br />13<br />
  • 14. New Scanning Options <br />Cancel current scan<br />Scanning Speed-Up <br />Scan only active hosts<br />Openvas plugins tuned<br />Vulnerability Assessment<br /><ul><li>Simulate Scans
  • 15. Check permissions before scanning
  • 16. Check network access before scanning</li></ul>14<br />
  • 17. Vulnerability Assessment<br />OpenVas 3 and Nessus 4.0.2 Support<br />Import/Export Reports in NBE Format<br />New Reporting Options<br />Reports available to other users<br />Reports available to entities (Only in professional version)<br />15<br />
  • 18. Report Wizard<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />16<br />
  • 19. Report Wizard<br />Select the the time range, layout and users that will have access to the report<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />17<br />
  • 20. Report Wizard<br />Select the the time range, layout and users that will have access to the report<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />18<br />
  • 21. Report Wizard<br />Configure the sub-reports and add comments <br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />19<br />
  • 22. 1800+ Reporting Modules<br />New Compliance Reports<br />Taxonomy-Based Reports<br />Automatically include events from different applications and devices<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />20<br />
  • 23. Compliance Reports<br />SOX<br />ISO 27001<br />PCI DSS<br />HIPAA<br />FISMA<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />21<br />
  • 24. Network Discovery<br />Manage Remote Nmap Scans to do Network Discovery<br />Network Discovery Can Now be Executed from the AlienVault Sensor<br />22<br />
  • 25. Web Interface Using https <br />VPN Auto-Configured (Only in Professional Version)<br />Secure communications between the different AlienVault components<br />Installer<br />23<br />
  • 26. Thank you!<br />

×