Whats New in OSSIM v2.3?

12,826 views
12,505 views

Published on

This video demonstrates major features in AlienVault OSSIM.

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
12,826
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
0
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide

Whats New in OSSIM v2.3?

  1. 1. What’s New in AlienVault 2.3<br />New Features and Enhancements<br />June 2010<br />Juan Manuel Lorenzo (jmlorenzo@alienvault.com)<br />
  2. 2. AlienVault 2.3Overview<br />“The AlienVault Professional SIEM product combines the breadth and flexibility of Open Source software with the features and functionality present in any of AlienVault's competition.“<br /> - Andrew Hay, Sr. Analyst, The 451 Group<br />
  3. 3. Synopsis<br />Two Releases:<br />AlienVault’s Professional SIEM version 2.3<br />Open Source SIEM (OSSIM) version 2.3<br />Some Features Available Only With AlienVault Professional SIEM<br />Major Upgrades<br />Reporting<br />User Management<br />Common Taxonomy <br />Multi-Tenant (i.e. MSSP Deployments)<br />3<br />
  4. 4. New Feature Overview<br />New Features and Enhancements <br />Multi-Tenant User Architecture<br />Enhanced User Management<br />Enriched Security Taxonomy<br />SIEM Console<br />Reports<br />Dashboards<br />Vulnerabilities<br />Distributed Network Discovery<br />Installer<br />Usability Improvements<br />4<br />
  5. 5. AlienVault 2.3 Details<br />"Just a few hours later our SIEM Practice Manager grabbed me by the arm with a big smile: “You gotta see this!" Remarkably, our network had been auto-discovered, a Vulnerability Assessment had been run, net-flows were being captured, we had real-time visibility to network traffic, a snort ids sensor with an appropriate signature set had been deployed, and basic network monitoring functionality was in place." <br /> - John Verry , Pivot Point Security<br />
  6. 6. Entities Definition: Groups, Departments, Companies...<br />Assign User Permissions to Entities<br />Simplifies AlienVault Management<br />Admin Users for Each Entity<br />Multi-Tenant Architecture<br />6<br />
  7. 7. Multi-Tenant Architecture<br />Only available when using AlienVault Professional SIEM<br />PROFESSIONAL VERSION<br />OPEN <br />SOURCE<br />7<br />
  8. 8. Abstraction: Use your Entities and Forget About Networks and Hosts<br />Multi-Tenant Architecture<br />Only available when using AlienVault Professional SIEM<br />8<br />
  9. 9. User Templates<br />Simplifies user management<br />Inherit permissions from an Entity<br />User Management<br />Only available when using AlienVault Professional SIEM<br />9<br />
  10. 10. Enriched Security Taxonomy<br />Categorizes All Events<br />Only available when using AlienVault Professional SIEM<br />10<br />
  11. 11. New Filters in SIEM Console<br />Taxonomy-Based Reports<br />Enriched Security Taxonomy<br />11<br />
  12. 12. SIEM Console<br />Custom Event Viewer Functionality Merged into SIEM Console<br />Select the events you want to see<br />Select the columns you want to display<br />Save your custom view<br />12<br />
  13. 13. Dashboards<br />Enhanced Predefined Dashboard Capability<br />Ability to revert to original default dashboards while maintaining custom ones<br />Select the Default Panel<br />13<br />
  14. 14. New Scanning Options <br />Cancel current scan<br />Scanning Speed-Up <br />Scan only active hosts<br />Openvas plugins tuned<br />Vulnerability Assessment<br /><ul><li>Simulate Scans
  15. 15. Check permissions before scanning
  16. 16. Check network access before scanning</li></ul>14<br />
  17. 17. Vulnerability Assessment<br />OpenVas 3 and Nessus 4.0.2 Support<br />Import/Export Reports in NBE Format<br />New Reporting Options<br />Reports available to other users<br />Reports available to entities (Only in professional version)<br />15<br />
  18. 18. Report Wizard<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />16<br />
  19. 19. Report Wizard<br />Select the the time range, layout and users that will have access to the report<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />17<br />
  20. 20. Report Wizard<br />Select the the time range, layout and users that will have access to the report<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />18<br />
  21. 21. Report Wizard<br />Configure the sub-reports and add comments <br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />19<br />
  22. 22. 1800+ Reporting Modules<br />New Compliance Reports<br />Taxonomy-Based Reports<br />Automatically include events from different applications and devices<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />20<br />
  23. 23. Compliance Reports<br />SOX<br />ISO 27001<br />PCI DSS<br />HIPAA<br />FISMA<br />Reporting System<br />Only available when using AlienVault Professional SIEM<br />21<br />
  24. 24. Network Discovery<br />Manage Remote Nmap Scans to do Network Discovery<br />Network Discovery Can Now be Executed from the AlienVault Sensor<br />22<br />
  25. 25. Web Interface Using https <br />VPN Auto-Configured (Only in Professional Version)<br />Secure communications between the different AlienVault components<br />Installer<br />23<br />
  26. 26. Thank you!<br />

×